Openclaw Vault
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a local credential-audit tool, but the included script advertises undocumented commands that may change or move credential files.
Review scripts/vault.py before enabling this skill. Use it only on a scoped workspace, treat its output as sensitive, and do not allow automated fix, quarantine, protect, or rotation-related commands unless you explicitly want local files or permissions changed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent invokes these extra commands, it could change permissions or move credential files in the workspace, potentially disrupting applications or hiding files from their expected locations.
The included script advertises commands that can alter file permissions, move files into or out of quarantine, and run protection workflows. Those capabilities are not listed in SKILL.md's command section, which only documents audit, exposure, inventory, and status.
Usage:
vault.py fix-permissions [--workspace PATH]
vault.py quarantine FILE [--workspace PATH]
vault.py unquarantine FILE[--workspace PATH]
vault.py rotate-check [--workspace PATH] [--max-age DAYS]
vault.py gitguard [--workspace PATH]
vault.py protect [--workspace PATH] [--max-age DAYS]Document these commands clearly, require explicit user confirmation before any mutation, provide dry-run and rollback behavior, and constrain actions to user-selected paths.
The tool may expose secret locations and masked credential values in its output, so results should be treated as sensitive.
The skill is designed to read and classify files that may contain credentials, tokens, passwords, shell history, and account configuration. This is expected for a credential audit tool, but it is still high-sensitivity local access.
inventory all secrets... Shell history — passwords and tokens visible in `.bash_history`... Git config — credentials embedded in remote URLs... Config files... Log files
Run it only on intended workspaces, avoid sharing raw output publicly, and verify that reported credential files are handled according to your security policy.
Users have less assurance that the reviewed artifact matches a maintained upstream project.
The registry metadata does not provide a verified source or homepage, even though the README gives a GitHub clone instruction. This is a provenance gap, not direct evidence of malicious behavior.
Source: unknown Homepage: none
Prefer installing from a verified source, compare the installed files to the reviewed contents, and pin versions or commits when cloning manually.