Oathe Security Badge

Is thesethrose/context7 safe?

https://clawhub.ai/thesethrose/context7

99
SAFE

Context7 is a legitimate documentation search tool that queries the Context7 API for library documentation and code examples. The skill contains standard TypeScript code for making HTTP API requests and shows no signs of malicious behavior, prompt injection, or data exfiltration.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 100/100 · 5%

Findings (1)

LOW Sensitive file access during monitoring -5

System monitoring detected access to sensitive canary files (.env, .ssh/id_rsa, .aws/credentials, etc.) during the audit period. However, analysis of the timeline and code suggests these accesses were from system monitoring processes rather than the skill itself. The skill code only attempts to read .env files in its own directory for API keys.