User-Delegated OAuth API Access
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent may be able to act with the permissions granted to the authorized third-party account, and token material could pass through agent-visible command output.
This shows the skill can give an agent reusable provider credentials and may expose token payloads through command output. That is aligned with the skill purpose, but it is high-impact and the artifacts do not show enforced masking, minimal-scope controls, or a bounded downstream permission model.
later claim reusable third-party API tokens from local keychain storage ... `login claim` may return sensitive token payload data in JSON output.
Use this only with trusted agents and trusted runtimes, authorize the minimum provider scopes needed, ensure logs/tool outputs redact token data, and confirm how stored tokens are revoked or removed.
If the external CLI package or its supply chain is compromised, OAuth credentials handled by the skill could be at risk.
The credential-handling behavior depends on an external npm package rather than code included in the reviewed artifacts. The install path is disclosed and purpose-aligned, and the skill recommends pinning, but users should still verify package provenance.
This skill declares a Node installer in `metadata.openclaw.install` for package `clawauth` ... Manual fallback: `npm i -g clawauth`
Install only an operator-approved, pinned version of the CLI from a trusted source, and review the linked source/package before allowing it to handle tokens.