Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Private Secrets
v1.0.0Securely store, list, and retrieve your private information like API keys, passwords, and tokens in a local JSON file.
⭐ 0· 120·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the implementation: a local JSON-based secret store. However the shipped script relies on the node binary (node -e) while the skill metadata declares no required binaries. That missing dependency is an inconsistency that affects whether the skill will work and signals incomplete metadata.
Instruction Scope
SKILL.md and the script limit actions to creating/reading /workspace/skills/private-secrets-1.0.0/secrets.json and do not exfiltrate data. But secrets are stored unencrypted in workspace (explicitly noted). The script uses node -e with unescaped interpolation of the NAME and VALUE variables, creating a strong command/JS injection risk if a name or value contains quotes or crafted payloads.
Install Mechanism
There is no install spec (lower risk) and the skill is instruction-only plus a small shell script. The practical runtime requirement for node is not declared; that omission should be corrected. No external downloads or obscure URLs are used.
Credentials
The skill requests no environment variables or external credentials, which is appropriate for a local secret store. Be aware the storage location is inside the workspace and therefore accessible to anyone or any process with workspace access.
Persistence & Privilege
always is false and the skill does not request elevated privileges. It only reads/writes its own secrets.json file and does not modify other skills or global agent settings.
What to consider before installing
This skill is functionally coherent but has real safety issues you should consider before installing: it saves secrets in plaintext under /workspace (not safe for sensitive keys), the package metadata does not declare that 'node' is required, and the implementation uses node -e with direct string interpolation—this allows a malicious or accidental secret name/value to execute arbitrary JavaScript on your machine. If you plan to use it: (1) only run it in a trusted, isolated environment; (2) verify Node is the correct version and present; (3) do not store high-value secrets there—use an encrypted secret manager instead; (4) inspect and/or modify the script to remove node -e usage (use a small Node script file that reads process.argv and safely serializes inputs, or use jq to edit JSON), enforce allowed characters for names, and set strict filesystem permissions on secrets.json. If you are not comfortable auditing or fixing these issues, prefer a vetted secret-management tool rather than this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk9716bv4t5v6zka0c32wp59ban832nx1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.