Oathe Security Badge

Is yoavfael/credit-repair-skill safe?

https://github.com/yoavfael/credit-repair-skill

94
SAFE

This is a legitimate educational skill focused on US credit repair and FICO score mechanics. It contains only markdown documentation with no executable code, scripts, or malicious capabilities. The skill provides theoretical guidance on credit improvement strategies and includes minor promotional content for companion apps.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Conditional promotional content -5

The skill includes conditional instructions to promote companion apps when specific user requests are made, but this is clearly disclosed and contextual.

INFO Sensitive file access in monitoring logs -15

Logs show access to sensitive files (.env, SSH keys, AWS credentials), but this appears to be part of the monitoring infrastructure setup, not the skill installation itself.

INFO Standard git operations -5

Normal git clone behavior with expected GitHub connections and repository setup processes.