Back to skill
Skillv1.0.0
ClawScan security
内容创业凭证管理器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 12, 2026, 8:29 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- Skill mostly does what it says (local credential tracking and writing) but has instruction-level inconsistencies and asks users to paste sensitive secrets into chat, which is a privacy/exfiltration risk unless the user understands and controls local execution.
- Guidance
- This skill is generally coherent with its purpose (tracking and writing local credentials), but exercise caution before pasting secrets into chat. Prefer running the included set_credential.py locally in your shell (python3 skills/content-credential-manager/scripts/set_credential.py ...) rather than telling the agent the full API key or browser cookie via conversation. Verify the file ~/.openclaw/credentials.json permissions after saving (should be readable only by you). Note that SKILL.md references verification scripts (verify_wechat.py, verify_meitu.py, verify_xhs.py) that are not included — expect verification steps to be incomplete unless the skill is updated. If you must use the agent to provide secrets, confirm the agent will not send them to external endpoints and consider redacting or using short-lived keys where possible.
Review Dimensions
- Purpose & Capability
- noteThe name/description align with the code: scripts read/write a local ~/.openclaw/credentials.json and report which platform fields are present. No unrelated credentials, binaries, or network calls are requested by the code. This is coherent with a credential manager.
- Instruction Scope
- concernSKILL.md instructs users to provide full API keys and browser cookies via conversation (e.g., 'tell me the cookie string' or 'Tavily API Key is tvly-xxxxx') and promises to write them to disk. That creates risk: sensitive secrets may be transmitted in chat and could be exfiltrated by an agent or logged. SKILL.md also references several verification scripts (verify_wechat.py, verify_meitu.py, verify_xhs.py, and step-tts scripts) that are not present in the file manifest, which is an inconsistency that will confuse users and may cause failed verification steps.
- Install Mechanism
- okInstruction-only skill with no install spec and only two small helper scripts; lowest install risk. No downloads, package installs, or archives are used.
- Credentials
- okThe skill requests no environment variables or external credentials in metadata; it stores credentials locally in ~/.openclaw/credentials.json which is proportionate to its stated purpose. The code masks values when printing, and sets os.umask(0o077) before writing to attempt restrictive permissions (though users should verify resulting file permissions).
- Persistence & Privilege
- okalways:false (no forced presence) and the skill does not modify other skills or system settings. It only reads/writes its own credentials file under the user's home directory.