ClawHub

Side Peace

v1.1.1

Minimal secure secret handoff. Zero external deps. Human opens browser form, submits secret, agent receives it via temp file. Secret NEVER appears in stdout/logs.

1· 1.9k·0 current·0 all-time
byEULOxGOS@bitbrujo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with behavior: drop.js launches a small HTTP form, writes the posted secret to a temp file with 0600, prints the filename, then exits. No unrelated env vars, binaries, or installs are requested.
!
Instruction Scope
SKILL.md instructs the agent to run the included node script and then read/use/delete the temp file, which is consistent. However the documentation asserts 'Secret NEVER appears in stdout/logs' while its suggested usage examples (e.g., piping the file into xargs to call npx or passing tokens on the command line) can expose the secret in process arguments or via command-history. Also the server accepts POSTs without auth and the example prints network addresses, making the secret reachable by any host that can access the bound interface.
Install Mechanism
Instruction-only with a single JS file; no install spec and no third-party downloads. This is low-install risk and the included source is small and fully present for review.
Credentials
No environment variables, credentials, or external config paths are requested. The skill operates entirely with node built-ins and CLI args, which is proportionate.
Persistence & Privilege
The script binds to 0.0.0.0 and prints local network addresses, which is expected for a human-accessible form but increases exposure (anyone on the LAN or any network path to the host can POST secrets). The skill is not installed persistently and does not request 'always:true', so persistence risk is low if used correctly.
What to consider before installing
This skill is small and auditable and does what it says, but take precautions before running: (1) Prefer binding to localhost (change server.listen to '127.0.0.1' or run behind SSH port-forward) if the human and agent are on the same machine or you don't trust the LAN. (2) Do not pass secrets as plain command-line arguments (they can appear in process lists); use stdin or environment variables handled carefully. The provided one-liner using xargs will place the secret into a command argument briefly — avoid that if you care about process-list leakage. (3) Transport is plain HTTP — avoid using this on untrusted networks (MITM risk). (4) Ensure the temp file is removed promptly and the host firewall prevents unwanted access. If you need stricter guarantees, prefer a link that uses authenticated HTTPS or an out-of-band channel you control. If you want me to, I can suggest a safer invocation pattern (localhost-only or SSH tunneling) or modify the script to bind only to 127.0.0.1 and accept a token-based one-time path.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bqmhjsb51r68kgmjxfjqcmd80kdnr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments