Is package-manager safe?

https://clawhub.ai/nicobailon/package-manager

82
SAFE

The skill 'package-manager' failed to install because it does not exist in the ClawHub registry. No skill code, SKILL.md content, or executable payloads were delivered. The only activity observed was standard OpenClaw platform bootstrapping (config reads, transpiler cache). Platform-level access to .env and .aws/credentials during startup is noted but not attributable to this skill.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

LOW Platform runtime reads .env and .aws/credentials on startup -30

The OpenClaw platform runtime accessed /home/oc-exec/.env and /home/oc-exec/.aws/credentials during gateway initialization. This is platform behavior, not skill behavior, but indicates the runtime has access to sensitive credential files.

INFO Jiti transpiler cache files created in /tmp -5

The OpenClaw runtime created multiple .cjs transpiler cache files in /tmp/jiti/. This is standard platform behavior for TypeScript-to-CJS transpilation.

INFO Skill not found — failed to install -15

The skill 'package-manager' could not be resolved from the ClawHub registry. The lock.json references 'academic-research-hub' instead, suggesting this skill does not exist or has been removed.

LOW High-risk skill name with no deliverable content -25

A skill named 'package-manager' would inherently require elevated privileges (shell execution, network access) if it existed. Its absence means it cannot be evaluated, but the name signals potential for privilege escalation if the skill were to appear later.