Skillv0.1.7

ClawScan security

SocialVault · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 7:10 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: SocialVault's requested tools, files, and runtime behavior are consistent with a local credential vault for social accounts, but I could not fully verify the crypto/key-handling implementation and scheduled-decrypt behavior in the omitted code, so review those before trusting sensitive secrets.
Guidance: This skill is largely coherent with its stated purpose: it uses node/npx, local files under vault/, and the builtin browser tool to import and verify social-media credentials and schedules periodic health checks. Before installing: 1) Review the vault-crypto.ts implementation (key generation, key file permission setting, in-memory clearing) to confirm keys are created with strict permissions and plaintext is reliably zeroed/cleared. 2) Confirm the TRUSTED_DOMAINS list matches only the official domains you expect (adding new platforms requires code changes). 3) Understand that cron jobs will periodically decrypt credentials in memory and make network requests to platform endpoints—ensure you want automated checks. 4) Confirm vault/ will not be backed up or committed to version control and that vault-key is protected (600). If you can audit the missing/omitted files (especially vault-crypto.ts and any remaining scripts/tests) and verify no hidden outbound endpoints exist, my confidence would increase to high.

Review Dimensions

Purpose & Capability: okName/description (social account credential manager) align with requested resources and behavior: node/npx, the OpenClaw browser tool, local filesystem access to a vault/, adapter files, and outgoing requests to official platform endpoints declared in metadata. There are no unrelated credentials or external services required.
Instruction Scope: noteSKILL.md instructs the agent to create/initialize a local vault, parse user-provided cookies/tokens, use the platform browser tool for QR/login flows, and display QR screenshots in conversation. Those actions are within the described scope, but they mean the agent will (a) accept user-supplied credentials, (b) decrypt them in memory for verification, and (c) drive a browser that may capture screenshots—users should expect those operations.
Install Mechanism: okInstall is standard: npm install --production and an explicit setup.sh that runs the local tsx runtime and initializes the vault. No external URL downloads, URL shorteners, or arbitrary extracts were used in the visible install spec or package.json; dependency surface is minimal (tsx).
Credentials: okThe skill requests no environment variables or unrelated credentials. It only operates on user-supplied cookies/tokens and local vault files. The hardcoded TRUSTED_DOMAINS whitelist enforces domain constraints for outgoing verification requests (as implemented in session-verifier.ts).
Persistence & Privilege: noteCron entries are declared (periodic health checks and refresh tasks) that will decrypt credentials in memory and call platform endpoints. 'always' is false, and the skill does not appear to modify other skills or system-wide settings. Nonetheless, scheduled automatic access to credentials is a sensitive capability users should be aware of.