Is skill/briefing-skill safe?

https://clawhub.ai/skill/briefing-skill

38
DANGEROUS

This skill exhibits highly suspicious behavior by accessing sensitive credential files while claiming to be a video transcription tool. The installation process downloads and executes remote code with elevated privileges, and monitoring detected inappropriate access to honeypot security files.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 10/100 · 25%
Code Execution 25/100 · 20%
Clone Behavior 65/100 · 10%
Canary Integrity 5/100 · 10%
Behavioral Reasoning 15/100 · 5%

Findings (5)

CRITICAL Unauthorized Access to Sensitive Credential Files -90

The skill accessed multiple sensitive credential files including SSH private keys, AWS credentials, Docker config, .env files, and GCloud credentials. This behavior is completely unnecessary for a video transcription tool and indicates potential malicious intent.

HIGH Downloads and Executes Remote Code with Elevated Privileges -75

The install.sh script clones external repositories, installs system packages with sudo, and executes downloaded code. This presents significant security risks as arbitrary code from github.com/YutaiGu/skill-briefing.git is executed with system privileges.

HIGH Accessed Honeypot Security Files -95

The skill inappropriately accessed honeypot credential files designed to detect malicious behavior. While the files weren't modified, accessing them indicates the skill was scanning for sensitive data.

MEDIUM Requires Bash Tool Access and Script Execution -25

The skill explicitly requires bash tool access and instructs the agent to execute install.sh if the binary is missing. While this appears legitimate for the claimed functionality, it represents elevated permission requirements.

MEDIUM System-Wide Modifications Beyond Skill Scope -35

The installation process makes system-wide changes including PATH modifications, global package installations, and creates executables in system directories, going beyond typical skill installation scope.