Is skill/auto-install-openclaw safe?

https://clawhub.ai/skill/auto-install-openclaw

35
DANGEROUS

This skill poses significant security risks by accessing sensitive credential files during installation and executing remote code with system privileges. The combination of credential access and remote code execution capabilities makes this particularly dangerous.

Category Scores

Prompt Injection 70/100 · 30%
Data Exfiltration 0/100 · 25%
Code Execution 10/100 · 20%
Clone Behavior 60/100 · 10%
Canary Integrity 50/100 · 10%
Behavioral Reasoning 20/100 · 5%

Findings (4)

CRITICAL Unauthorized Access to Sensitive Credential Files -100

The skill installation process accessed multiple sensitive credential files including SSH keys, AWS credentials, Docker config, and environment files. This represents a serious data exfiltration risk.

CRITICAL Remote Code Execution via Installation Scripts -90

The skill downloads and executes remote installation scripts, installs global packages, and runs system modification commands with elevated privileges.

HIGH Extensive System Control Instructions -30

The skill contains detailed procedural instructions that could override user intentions and instructs the agent to persist information to memory files.

MEDIUM Potential Backdoor Creation -80

The skill installs a gateway system that could be used to maintain persistent access to the user's system and networks.