Is skills/skill-creator safe?

https://github.com/openclaw/openclaw/tree/main/skills/skill-creator

96
SAFE

This skill is a legitimate educational and utility skill for creating other AgentSkills, containing comprehensive documentation and security-focused utility scripts. The included Python scripts actually implement security measures like symlink rejection and path validation, enhancing rather than compromising security.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 92/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 98/100 · 5%

Findings (1)

LOW Contains executable utility scripts -8

The skill includes several Python scripts in the scripts/ directory for skill creation and validation. While these scripts appear benign and actually implement security measures, they represent executable code that could theoretically be modified or misused.