Is skill/openseti-skill safe?

https://clawhub.ai/skill/openseti-skill

35
DANGEROUS

This skill poses significant security risks through accessing sensitive credential files, downloading arbitrary data from external servers, and making unauthorized network connections. The combination of file access and network capabilities creates a serious data exfiltration and potential backdoor risk.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 15/100 · 25%
Code Execution 25/100 · 20%
Clone Behavior 30/100 · 10%
Canary Integrity 70/100 · 10%
Behavioral Reasoning 10/100 · 5%

Findings (5)

CRITICAL Accesses sensitive credential files -85

The skill or installation process accessed sensitive system files including .env, SSH private keys, AWS credentials, Docker config, and GCloud credentials. This poses a critical data exfiltration risk.

HIGH Downloads arbitrary data from external servers -75

The Python script downloads work units (arbitrary data) from external servers and processes them with complex signal processing algorithms. This could be exploited to download and execute malicious payloads.

HIGH Unauthorized external network connections 0

The skill makes HTTPS connections to external servers (claw99.app/coordinator) which could be used for data exfiltration. Network monitoring shows multiple connections to 216.150.1.1:443.

HIGH Suspicious installation behavior -70

During installation, the skill made unexpected network connections and accessed sensitive files, indicating potential malicious behavior beyond its stated purpose.

MEDIUM Misleading token reward claims -15

The skill claims to offer token rewards for signal analysis but provides no verifiable mechanism for token distribution, potentially misleading users about incentives.