ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Keychain Bridge Publish

v1.1.0

Manage secrets via macOS Keychain instead of plaintext files. Migrate existing secrets, read/write keychain entries, bridge to files for bash tools, audit fo...

0· 586·0 current·0 all-time
by@euda1mon1a
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included scripts: migrate, audit, helper, CLI, and populate script. Requested binaries (bash, python3) are appropriate. However the README and description claim to "eliminate plaintext credential storage" while the skill deliberately provides a Group B file-bridge that writes plaintext files to disk — this contradicts the stated goal and is a meaningful design trade-off that should be highlighted.
!
Instruction Scope
SKILL.md instructs the agent to scan a user secrets directory, read plaintext secret files, inject them into the keychain, and (optionally) delete the originals. It also instructs adding a boot-time script (populate_secrets.sh) that reads secrets from keychain and writes chmod 600 files to disk for bash consumers. These instructions intentionally create plaintext secret files on disk and tell the agent to enumerate Python binaries and run them; that scope is broader than a pure 'remove plaintext' promise and increases exposure.
Install Mechanism
Instruction-only skill (no remote downloads). All code is included and readable. The only install step suggested is pip install keyring (standard public package). No network downloads or obscure install URLs are used.
Credentials
The skill requests no environment variables or external credentials. It will, however, read files from a user-specified directory (default ~/.openclaw/secrets/) and will execute multiple local Python binaries discovered on the host. Executing all detected Python interpreters is explained by keychain ACL behavior but increases the attack surface if a non-trusted Python binary exists on the system.
!
Persistence & Privilege
The skill recommends installing a boot-time/populate script (LaunchAgent or startup) that writes plaintext secret files at boot. That gives persistent on-disk exposure of secrets to any process able to read user files. The skill itself is not always:true, but adding the LaunchAgent is an explicit instruction that increases persistence and blast radius.
Scan Findings in Context
[pre-scan-injection-signals-none] expected: Static scan found no injection signals. That's consistent with the included plain Python and bash scripts, but absence of findings is not a guarantee of safety; the code intentionally manipulates secrets and launches local interpreters.
What to consider before installing
What to consider before installing: - This skill does migrate secrets into macOS Keychain locally and includes readable scripts, but it deliberately supports a "Group B" pattern that writes plaintext secret files to disk at boot so bash tools can use them. That directly contradicts the "eliminate plaintext storage" wording — expect plaintext files if you enable the file bridge. - The migration tool runs multiple local Python binaries to inject keychain items (to work around per-binary ACLs). If you have untrusted Python interpreters on your machine (pyenv installs, non-system binaries), those binaries will be executed by the migration process — review your Python installations first. - Adding populate_secrets.sh to a startup/LaunchAgent will create plaintext files (chmod 600) at boot. While permissions help, any process running as your user (or with sufficient privileges) can read them. Prefer avoiding Group B when possible; instead make consumers use keychain APIs or the Python helper. - The codebase is included and readable. Review the scripts yourself, run them in a safe test account/machine first, and back up your original secrets. If you proceed: 1) audit your Python binaries, 2) install keyring only for the Pythons you trust, 3) test a dry-run migration, and 4) avoid installing the boot-time file bridge unless you accept the plaintext-file tradeoff. If you want, I can point out the exact lines where plaintext files are written and the places that execute detected Python binaries, or produce a checklist for a safe dry-run migration.

Like a lobster shell, security has layers — review code before you run it.

keychainvk97800awr3rmdgb3g9fgffftzd81fra0latestvk972g9sef95crhssg7c42ec0an82f56xmacosvk97800awr3rmdgb3g9fgffftzd81fra0migrationvk97800awr3rmdgb3g9fgffftzd81fra0secretsvk97800awr3rmdgb3g9fgffftzd81fra0securityvk97800awr3rmdgb3g9fgffftzd81fra0tahoevk97800awr3rmdgb3g9fgffftzd81fra0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsbash, python3

Comments