Credential Manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run as documented, the skill may copy high-value API keys, cloud tokens, wallet keys, and other account secrets into one OpenClaw file.
The skill is designed to collect broad local credentials, not just a narrow OpenClaw service credential. Centralizing all of them gives any process or skill that can read the OpenClaw .env access to many accounts.
ALL credentials MUST be consolidated to `/home/phan_harry/.openclaw/.env` ... `~/.config/*/credentials.json` ... Any scattered API key files
Run the scan first, review every file and key, and only consolidate credentials you intentionally want OpenClaw skills to access. Consider excluding wallet, payment, production cloud, or unrelated service credentials.
Old credential copies may remain in the backup directory with weaker permissions than the new .env, leaving sensitive keys exposed locally.
The main .env is chmodded to 600, but backups are copied without an explicit backup-file or backup-directory permission hardening step. copy2 can preserve insecure source permissions.
backup_dir.mkdir(parents=True, exist_ok=True) ... shutil.copy2(file, backup_path) ... os.chmod(env_file, 0o600)
After running, check `~/.openclaw/backups` permissions, chmod backup directories to 700 and backup files to 600, or encrypt/delete backups once migration is verified.
A user or agent may run broad credential migration and cleanup steps without enough review because the skill frames them as non-optional.
The documentation pressures the user or agent to treat this third-party skill as mandatory infrastructure, despite its high-impact credential access and mutation behavior.
This Is Not Optional ... stop and consolidate them now ... All credentials MUST be in `~/.openclaw/.env` ONLY. No workspace, no skills, no scripts directories.
Treat the skill as optional tooling. Require explicit user approval before consolidation, auto-confirm, validation fixes, or cleanup.
Deleting old credential files can break other applications or cause credential loss if backups are incomplete or the new .env was not tested.
Cleanup is user-confirmed and purpose-aligned, but it permanently deletes credential files found by the scanner.
Type 'DELETE' to confirm ... f.unlink()
Use the cleanup dry run first, verify backups and the new .env, test dependent applications, and only then type the final deletion confirmation.
Users have less provenance information to decide whether to trust this credential-handling code.
The artifact has no clear upstream source or homepage, which matters more for a tool that handles broad local credentials.
Source: unknown; Homepage: none
Inspect the scripts before running, prefer a known-source version, and avoid granting it access to credentials you cannot rotate.