Back to skill
Skillv1.1.1
VirusTotal security
Passwordstore Broker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:09 AM
- Hash
- 5284f261e825c9395eae1e2bb95459f4bf2e9755efc1b3f4cc6757cf9bd570ac
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: passwordstore-broker Version: 1.1.1 The skill bundle is designed for secure secret handling, acting as a broker between an AI agent and a `pass` password store. All scripts (`run_with_secret.sh`, `vault.sh`, `get_password_from_user.py`, `setup_totp_enrollment.py`) demonstrate strong security practices, including robust input sanitization, safe subprocess execution (e.g., passing secrets via stdin, using `--` for `pass` commands, `exec env` for environment injection), and strict network access controls (e.g., `get_password_from_user.py` explicitly checks for private IPs and restricts access to local or private networks). The `SKILL.md` and `references/SETUP.md` documentation includes explicit guardrails for the AI agent, instructing it never to leak secrets or expose sensitive information. There is no evidence of intentional malicious behavior, data exfiltration, or unauthorized actions; instead, the code actively implements measures to prevent such risks.
- External report
- View on VirusTotal