Skillv1.0.0

ClawScan security

PassManager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 3:49 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill claims a full-featured, AES-256 enterprise password manager but the included code is much weaker and many referenced components are missing — proceed with caution and verify before use.
Guidance: Do not install this into a production or sensitive OpenClaw environment yet. Key issues: the SKILL.md promises AES-256/TLS/key rotation/backups but the only included code uses weak 'base64+reverse' encoding and no key management; many files and scripts described in the documentation are missing; the code writes persistent data under /root/.openclaw/secrets (the platform's secrets area) which could mix with agent secrets. Before using: 1) require the author/source repository and verify integrity (there's no homepage and source is 'unknown'); 2) obtain the missing scripts and full source; 3) perform a code review to confirm proper AES (with secure key derivation, KDF, IV handling), TLS and network code, safe backup endpoints, and no hidden exfiltration; 4) change default data paths to a controlled directory (do not reuse platform secrets directory) and run in an isolated environment; 5) prefer a well-audited password manager or have this code security-audited and fixed (implement proper cryptography, secure logging, and access control) before entrusting real secrets. If you want, I can list the exact code changes needed to bring the implementation closer to the claimed security posture.

Review Dimensions

Purpose & Capability: concernThe SKILL.md promises AES-256 encryption, TLS transport, key rotation, automated backups, cluster deploy, and many helper scripts. The actual repository contains a single Python file that implements only a very simple base64+reverse 'encryption', a local SQLite DB, and basic logging. Many referenced scripts and features (backup.py, setup.py, deploy_*.py, monitor.py, config docs, TLS/key-management code) are absent. This is a clear mismatch between claimed capabilities and actual code.
Instruction Scope: concernRuntime instructions tell the agent to initialize and run scripts under /root/.openclaw/workspace/skills/passmanager and reference many commands and files that do not exist in the bundle. The SKILL.md and code instruct creation and use of files under /root/.openclaw/secrets (database, backups, logs), which is the platform's sensitive area — the skill will read/write persistent secrets and logs in that location. The instructions also promise networked features (TLS, backups, cluster) but no network code or remote endpoints are present in the included script.
Install Mechanism: noteThere is no formal install spec (instruction-only skill) and the code file will be executed locally via python. That minimizes supply-chain download risk, but the script will create and persist files under /root/.openclaw/secrets and logs, which can shadow or mix with platform-level secret storage. The SKILL.md suggests installing via 'skillhub' or git clone but no authoritative repository/homepage is provided (source is 'unknown').
Credentials: concernThe skill declares no required environment variables or credentials, yet the code hardcodes filesystem paths under /root/.openclaw/secrets and writes DB/logs there. That effectively requires write access to the agent's secret storage area. Also, the SKILL.md claims strong cryptography and key management but the code uses an insecure 'simple_encrypt' (base64 + reverse) with no key, KDF, or AES implementation — a substantive security misrepresentation.
Persistence & Privilege: notealways:false (normal). However the skill writes persistent artifacts (database, log files, backups path) into the agent's secrets directory and could therefore persist sensitive data on disk. That persistent presence combined with the mismatch in crypto claims increases risk if deployed without review.