Back to skill
Skillv1.0.2
ClawScan security
TOTP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 7:28 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it implements a simple TOTP verification flow, only requires Node and a single TOTP_SECRET env var, and its code and instructions match its stated purpose.
- Guidance
- This skill appears to do what it says, but consider these precautions before installing: (1) Keep the TOTP secret private — avoid committing .env to source control and prefer a secure secret store if available. (2) Run npm install in a controlled environment and review or vendor the two dependencies (@otplib/preset-default and qrcode) or use a lockfile to prevent supply-chain surprises. (3) After generating the QR, ensure qr.png is actually deleted and the secret rotated if it may have been exposed. (4) Confirm the agent's integration only prompts for the OTP and does not transmit the TOTP_SECRET or .env contents to external services. (5) If you need higher assurance, inspect dependency code or run the scripts locally yourself to verify behavior before granting the agent the ability to invoke them.
Review Dimensions
- Purpose & Capability
- okThe name/description (TOTP verification for gating sensitive operations) matches the requested resources: node binary and a single TOTP_SECRET. The scripts generate and verify TOTP secrets and tokens, which is exactly what the skill claims to do.
- Instruction Scope
- okSKILL.md limits runtime actions to installing dependencies, generating a QR/secret, prompting for a 6-digit OTP, and running the local verify script. It does not instruct reading unrelated files or transmitting secrets to external endpoints. The instructions to delete qr.png and store TOTP_SECRET in .env are explicit and scoped to the secret onboarding flow.
- Install Mechanism
- noteNo custom download/install script; runtime expects npm install which fetches two npm packages (@otplib/preset-default, qrcode). Using npm is expected for a Node skill but is a moderate-risk vector compared to instruction-only skills — however package names and pinned versions are provided and there are no obscure URLs or archive extraction steps.
- Credentials
- okOnly the TOTP_SECRET env var is required and declared as the primary credential. That single secret is necessary and proportionate for TOTP verification. The skill does not request unrelated credentials or config paths.
- Persistence & Privilege
- okalways is false and the skill contains no instructions to modify other skills or system-wide settings. It does not request persistent elevated privileges beyond the normal ability to run its verification script.