ClawHub
Back to skill
v1.1.0

Proton Pass CLI

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 AM.

Analysis

This appears to be a Proton Pass CLI reference, but it gives broad password-vault and account-changing authority that should be reviewed carefully before use.

GuidanceUse this skill only if you want the agent to help operate Proton Pass. Before use, decide which vaults/items are in scope, require confirmation for viewing or changing secrets, avoid plain-text credential environment variables where possible, and verify the Proton CLI installer source.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
Supports vault/item CRUD, sharing, member management, SSH agent operations, TOTP generation, secret references (pass://vault/item/field), template injection, and command execution with secrets.

The skill documents broad operations that can change vault contents, share access, operate SSH credentials, generate OTPs, and run commands with injected secrets. The provided instructions do not add clear approval or scoping rules for these high-impact actions.

User impactAn agent using these instructions could expose, modify, share, delete, or inject sensitive password-manager secrets if the user does not tightly supervise the requested action.
RecommendationRequire explicit user approval before viewing secrets, deleting or transferring vaults, changing members, sharing items, or running any command with injected secrets; scope actions to named vaults/items only.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -fsSL https://proton.me/download/pass-cli/install.sh | bash
...
Invoke-WebRequest -Uri https://proton.me/download/pass-cli/install.ps1 -OutFile install.ps1; .\install.ps1

The install instructions use remote installer scripts. This is a common, user-directed setup pattern for CLI tools, but it means the user should verify the source before running it.

User impactRunning a remote installer executes code from the downloaded source on the user's machine.
RecommendationPrefer a package manager when available, or verify the Proton download URL and script contents before executing the installer.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
export PROTON_PASS_PASSWORD='your-password'
export PROTON_PASS_TOTP='123456'
export PROTON_PASS_EXTRA_PASSWORD='your-extra-password'

pass-cli login --interactive user@proton.me

The skill instructs users how to provide Proton account authentication factors, including plain-text environment variables for automation. Those credentials can unlock password-manager vault data, while the registry metadata declares no primary credential or required environment variables.

User impactInstalling and using the skill may give the agent practical access to a Proton Pass account session and the secrets stored in that account.
RecommendationUse this only with accounts and vaults you intend the agent to access; prefer file-based or interactive authentication over plain-text environment variables, and log out or revoke sessions when finished.