Back to skill
Skillv1.0.0
ClawScan security
Claude OAuth Auto-Renewal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 4:23 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (auto‑renew Claude Code OAuth on macOS) but contain inconsistencies and behaviors that could inadvertently expose sensitive tokens (temporary logs, PTY capture) and metadata omits some required binaries; review and harden before installing.
- Guidance
- This skill is broadly coherent with its purpose (auto-renewing Claude Code OAuth tokens on macOS) but you should not install it blindly. Before using: 1) Inspect and edit the script to avoid logging sensitive data (remove or redact /tmp/claude-auth-pty.log and /tmp/claude-auth-expect.log, or write logs to a secure location), 2) Confirm and add 'expect', 'osascript' (and any other required utilities) to the declared metadata so you know what will be used, 3) Test the flow manually (run claude auth login yourself) and run the script interactively to observe what it prints, 4) Limit who/what can run the heartbeat (do not run on shared machines), 5) Only enable Chrome Apple Events (Allow JavaScript from Apple Events) if you trust the script — this grants UI automation capability, and 6) Consider replacing PTY capture with safer IPC or temporary in-memory handling if possible. If you cannot inspect and modify the script, treat it as high-risk and avoid granting the Keychain/browser automation permissions.
Review Dimensions
- Purpose & Capability
- noteName/description, SKILL.md, and the included shell script align: reading macOS Keychain, calling the 'claude' CLI, and automating Chrome via osascript/expect are expected for an OAuth auto‑renewal tool on macOS. Minor inconsistency: metadata/required binaries list includes 'claude', 'security', and 'python3' but the script also relies on 'osascript', 'expect', and the 'script' utility — these are documented in SKILL.md but not declared in the registry metadata.
- Instruction Scope
- concernThe SKILL.md directs the agent to read Keychain secrets and run an included script that invokes: security find-generic-password -g (which can print secret values), 'script' to capture a PTY session to /tmp/claude-auth-pty.log, and expect which writes /tmp/claude-auth-expect.log. SKILL.md claims the script never stores or logs token values, but the implementation creates temporary logs that could contain sensitive output (auth codes, CLI prompts, or tokens). The script also automates Chrome (Apple Events) which requires elevated UI automation permissions.
- Install Mechanism
- okInstruction-only skill with no install spec and a single shell script to copy into your workspace — this is lower risk than arbitrary remote downloads. Nothing is fetched from external URLs during install.
- Credentials
- noteNo environment variables or external API keys are requested (only WARN_HOURS optional). However, the skill requires access to highly sensitive local state: macOS Keychain entries for the user's Claude credentials and the ability to control Chrome via Apple Events. Those privileges are proportional to the stated goal but are high-sensitivity and should be granted carefully.
- Persistence & Privilege
- okThe skill is not always-enabled and does not modify other skills or global agent settings; it is intended to be invoked from the heartbeat flow. Autonomous invocation is allowed (platform default) but not an additional special privilege here.