Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Automation Runner
v1.0.0Executes approved shell commands, manages backups, and safely retrieves secrets from Bitwarden.
⭐ 0· 1.1k·6 current·6 all-time
byPaul Barnabas@barnyp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's purpose includes retrieving secrets from Bitwarden and executing shell commands, but the registry metadata lists no required environment variables, no primary credential, and no config paths. SKILL.md references tools ('bws', 'exec', 'process') and a Bitwarden workflow that would normally require authentication or a CLI binary; those requirements are missing from the manifest, which is inconsistent.
Instruction Scope
Runtime instructions tell the agent to run 'bws secret get', execute commands from a specific filesystem path (/home/intelad/.openclaw/workspace/scripts), wait for a human ('Paul') to type '/approve', and log outputs to memory/YYYY-MM-DD.md. The approval gate, the 'bws' wrapper behavior, and the 'memory' logging target are not defined in the manifest; the instructions ask the agent to access secrets and run arbitrary scripts without a declared, auditable approval mechanism.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes disk-installed attack surface. However, instruction-only does not eliminate runtime risk because it tells the agent to run system commands and call external tooling.
Credentials
The SKILL.md requires access to Bitwarden secrets but the skill requests no credentials (no API key, token, or config path). It also assumes write/read access under a hard-coded home directory (/home/intelad) and a 'memory' path, none of which are declared. Requesting access to secrets without declaring how they will be provided is disproportionate and unexplained.
Persistence & Privilege
always:false (no forced persistence) is appropriate. However, the skill's instructions enable execution of shell scripts and retrieval of secrets at runtime; if the agent invokes the skill autonomously (platform default), that capability could be powerful. This combination (ability to run shell commands + fetch secrets) increases risk if the approval gate is not enforced or is ambiguous.
What to consider before installing
Do not install this skill until the developer clarifies several gaps: 1) how the 'bws' Bitwarden wrapper is authenticated (what env vars or tokens are required and how they are stored), 2) what the 'exec-approvals' gate is and how it enforces/records human approvals (avoid vague 'wait for Paul' instructions), 3) whether the hard-coded path (/home/intelad/...) matches your environment or will be configurable, and 4) where logs ('memory/YYYY-MM-DD.md') are written and who can read them. Because the skill directs the agent to run shell commands and fetch secrets, verify provenance (source/homepage unknown) and prefer a version that declares required credentials and a machine-enforceable approval mechanism before granting access or allowing autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk97cpwaw0fv6vw1ftk1fw85e0x81qpe8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.