Back to skill
Skillv1.1.0
VirusTotal security
Keychain Bridge Publish · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:12 AM
- Hash
- 0ebed238271a9d38ba1a4c5ab62ff4e8b41ed34c22ea3a9855e79d9a4d39be57
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: keychain-bridge Version: 1.1.0 The skill bundle manages sensitive macOS Keychain secrets but employs high-risk patterns, including writing credentials to plaintext files (Group B bridge in `populate_secrets.sh`) and executing dynamically generated Python scripts via `subprocess` across multiple system binaries (`migrate_secrets.py`). While these behaviors are documented as workarounds for macOS Tahoe keychain regressions, the automated handling of secrets and the suggestion in `SKILL.md` to programmatically unlock keychains using login passwords via `ctypes` create a significant security risk. No evidence of intentional data exfiltration or external communication was found.
- External report
- View on VirusTotal