Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PublishGuard — Post Verification & Credential Manager
v1.1.0Prevents false "posted successfully" claims by verifying content URLs, enforcing platform rules, tracking rate limits, and securely storing credentials persi...
⭐ 0· 696·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and SKILL.md describe a post-verification and credential manager — that purpose fits the code (URL verification, platform rules, credential storage). However, SKILL.md emphatically claims 'API keys and tokens are never stored in plaintext' and describes a VaultCrypto engine; the main module (publish_guard.py) implements a separate CredentialStore that saves credentials in plaintext JSON to workspace/the-alpha-oracle/vault/publish_guard_creds.json. This directly contradicts the stated purpose and guarantees.
Instruction Scope
SKILL.md and the code instruct the agent to verify posts by performing HTTP GETs (expected). But the instructions and code also read/write workspace files (audit logs and credential files) and reference the OPENCLAW_WORKSPACE environment variable — this env var is used at runtime but not declared in the skill's manifest. The migration CLI in vault_crypto suggests moving plaintext creds to the vault, but the presence of an always-written plaintext credential store means credentials may be left unencrypted unless the user explicitly migrates them.
Install Mechanism
No install spec or external downloads; skill is instruction-only with bundled Python files and claims zero external dependencies. No network install URLs or package manager installs were found. That lowers supply-chain risk compared with remote downloads.
Credentials
The skill declares no required environment variables, but both scripts use OPENCLAW_WORKSPACE (falling back to ~/.openclaw/workspace), plus they derive a machine fingerprint from hostname, username, and home directory. That implicit dependency on OPENCLAW_WORKSPACE and machine identity is not declared. The credential storage behavior (plaintext JSON vs encrypted vault) is disproportionate to the manifest's lack of secrets requirements and is likely to surprise users.
Persistence & Privilege
The skill persistently writes files in the workspace: plaintext credential JSON (publish_guard_creds.json), an encrypted vault (publish_guard_creds.vault), and JSONL audit logs under memory/publish_audit/. It does not request elevated OS privileges or force installation (always:false). The persistence of plaintext credentials by default is the primary concern.
What to consider before installing
Do not install or store live credentials yet. The package claims "never stored in plaintext" but the main engine writes credentials to a plaintext JSON file in the workspace. Before using: (1) Ask the maintainer to explain why publish_guard.py includes CredentialStore that saves plaintext and whether that is intentional or a leftover; (2) If you must test, do so in an isolated sandbox and do not enter real secrets; (3) Prefer using the EncryptedVault and run the provided migrate tool, but verify that publish_guard actually reads from the encrypted vault rather than the plaintext file; (4) If you intend to use this in production, request the author remove (or gate) the plaintext store, or modify the code to use only the encrypted vault with secure permissions and documented migration behavior; (5) Confirm the vault's cryptography and threat model meet your security needs — the vault implements custom crypto primitives (HMAC-CTR, PBKDF2) and makes specific machine-binding choices that you may want reviewed by a crypto expert.Like a lobster shell, security has layers — review code before you run it.
latestvk97aqbfden7bp5smpt0b5nzra1812qhq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.