ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Credential Vault

v1.0.0

Encrypted credential storage for OpenClaw agents. Stop storing API keys in plaintext.

0· 108·1 current·1 all-time
byChloe Park@chloepark85
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a local AES-256-GCM encrypted vault as described (CRUD, audit, expiry, env export). Required binary 'uv' and local storage paths are consistent with the stated purpose. However the package metadata declares a primary credential name (VAULT_MASTER_PASSWORD) while the CLI implementation expects interactive entry (getpass) and does not read that environment variable — this is an inconsistency that could confuse usage or expectations about non-interactive unlocking.
!
Instruction Scope
Runtime instructions and code operate only on local files under ~/.openclaw/vault and do not perform network access (matches the 'local only' claim). However the documentation includes explicit insecure automation examples (storing the master password in plaintext and piping it to unlock in a cron job). The CLI writes a session key file to disk for session reuse — the SKILL.md warns about persistence but provides no secure automation alternatives. These guidance and behaviors expand scope into patterns that can leak the master key if used carelessly.
Install Mechanism
This is instruction-only from the registry perspective (no formal install spec); code files are present and the README instructs users to run 'uv sync' and 'uv run' to use the CLI. There are no remote downloads or obscure URLs in the manifest; dependencies are standard (cryptography). Risk from install mechanism is low, but the absence of an explicit install spec combined with reliance on 'uv' means runtime behavior depends on that package manager/environment.
!
Credentials
The skill declares VAULT_MASTER_PASSWORD as the primary credential in metadata, but the implementation exclusively prompts for the master password via getpass and does not consume that environment variable. No other unrelated credentials are requested. Declaring a primaryEnv that the code doesn't use is an incoherence and could mislead users into exporting their master password as an env var (a risky practice).
!
Persistence & Privilege
The vault writes a session key file (~/.openclaw/vault/session) to disk to support multi-command sessions. The code does not explicitly set file permissions on the session file (only on the vault file). This means the session key could persist across reboots or be left with default permissions depending on umask, increasing attack surface. The skill does not request elevated or cross-skill privileges and always:false, but the session-file behavior and the provided cron examples increase risk if followed.
What to consider before installing
This skill largely does what it says (a local encrypted vault), but a few things don't add up or are risky: 1) the metadata lists VAULT_MASTER_PASSWORD as the primary credential but the CLI always prompts interactively — don't assume you can safely set your master password in an env var to automate unlocks; 2) the vault stores a raw session key to ~/.openclaw/vault/session without explicitly hardening that file — consider inspecting/modifying the code to chmod the session file to 0600 or avoid writing the session key to disk; 3) the docs include an example that stores the master password in plaintext for cron jobs — treat that as unsafe and prefer more secure automation (OS keyring, dedicated secrets manager, or short-lived service credentials for CI); 4) review the code yourself (or run tests in an isolated environment) before using it for high-value secrets. If you want to proceed, at minimum: audit and patch session-file permissions, remove/avoid examples that write plaintext master passwords, and consider adding support for secure non-interactive unlocking (e.g., OS keyring) rather than env vars or plaintext files.

Like a lobster shell, security has layers — review code before you run it.

latestvk971hehav9ytey11has322a2sn8330b9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsuv
Primary envVAULT_MASTER_PASSWORD

Comments