Keys
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent key-broker, but it gives the agent broad authenticated access to user accounts without clear per-action approval or narrow scoping.
Install only if you want the agent to make authenticated API calls on your behalf. Use restricted, non-production API keys where possible, avoid high-risk Stripe or GitHub tokens, review every mutating request, and do not run or share verification commands that print the actual key.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or a prompt causes an unsafe request, it could act with the user's OpenAI, Anthropic, Stripe, or GitHub token privileges.
The broker reads API keys from the local OS keychain and attaches them to outbound authenticated API requests, giving the agent delegated account authority.
security find-generic-password -s "keys:${service}" -a "$USER" -w ... secret-tool lookup service "keys:${service}" ... printf 'Authorization: Bearer %s' "$key"Use least-privileged API keys, avoid storing high-risk production or financial tokens, and add explicit user confirmation for sensitive or mutating calls.
A mistaken or malicious instruction could create, modify, delete, or expose data in connected third-party accounts.
The tool allows broad access to entire provider API domains and permits mutating methods such as POST, PUT, PATCH, and DELETE without endpoint-level restrictions or approval checks.
["stripe"]="^https://api\.stripe\.com/" ... ["github"]="^https://api\.github\.com/" ... [[ "$method" =~ ^(GET|POST|PUT|PATCH|DELETE|HEAD)$ ]]
Restrict allowed endpoints and methods per service, deny destructive methods by default, and require user approval before account-changing requests.
A user could accidentally reveal an API key in terminal output or a shared transcript while trying to verify that it exists.
The management guide includes verification commands that print the stored key, which weakens the skill's repeated claim that keys should never be exposed to the agent context.
## Verify a Key Exists ```bash # This should return the key ... security find-generic-password ... -w ... secret-tool lookup service keys:SERVICE ```
Replace key-printing verification steps with commands that only report presence or success, and explicitly tell users not to share command output containing secrets.
The installed command will be available in future shells and can use stored keys when invoked.
The setup is a manual local install of a shell script into the user's PATH and modifies shell startup configuration; this is purpose-aligned but important because the script handles API keys.
cp keys-broker.sh ~/.local/bin/keys-broker chmod +x ~/.local/bin/keys-broker echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
Review the script before installing, install it only from a trusted copy, and remove the PATH entry if you stop using the skill.