Proton Pass CLI
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Proton Pass CLI guide, but it involves highly sensitive password-vault, sharing, deletion, and secret-injection operations that users should explicitly control.
Use this skill only if you intend the agent to help with Proton Pass. Install the CLI from a trusted Proton source, use interactive authentication where possible, and require explicit confirmation before revealing, sharing, deleting, transferring, or injecting secrets into commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote installer can modify the local system if the user runs it.
The skill tells users how to install the Proton Pass CLI by executing a remote script. The source appears purpose-aligned, but remote installer execution should be verified.
curl -fsSL https://proton.me/download/pass-cli/install.sh | bash
Install only from Proton's official site or trusted package managers, and avoid running remote scripts unless you trust the source.
If copied into an unsafe shell, logs, or shared environment, Proton credentials or 2FA values could be exposed.
The skill documents using Proton account authentication factors through environment variables for automation. This is expected for a password-manager CLI but exposes highly sensitive credentials if mishandled.
export PROTON_PASS_PASSWORD='your-password' ... export PROTON_PASS_TOTP='123456' ... export PROTON_PASS_EXTRA_PASSWORD='your-extra-password'
Prefer interactive login or secure files over plaintext environment variables, and never let the agent display or store these values.
A mistaken command could permanently delete stored passwords and secrets.
The skill documents destructive Proton Pass vault operations. It includes a warning and the behavior is purpose-aligned, but the impact is high.
⚠️ **Warning:** Permanently deletes vault and all items. ... pass-cli vault delete --share-id "abc123def"
Require explicit user confirmation before delete, transfer, sharing, member-role, or bulk mutation commands.
Secrets could be revealed to a command, script, log, or application that the user did not intend to trust.
The skill advertises running applications with secrets injected into their environment or templates. This is central to the stated purpose, but subprocesses may expose those secrets if chosen incorrectly.
secret injection (run commands with secrets, inject into templates), environment variable injection
Only inject secrets into trusted commands and avoid printing generated environments, logs, or templates containing secrets.