ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Plugin

v0.3.9

Precision decisioning, agentic trust, and verifiable identity for autonomous agents

0· 60·0 current·0 all-time
by@knuckles-stack
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to gate high-risk tool calls and produce attestations; the included code implements before_tool_call and after_tool_call hooks, a client that POSTs to a governance gateway, and two callable tools (kevros_verify, kevros_passport). Requiring an API key for the governance gateway is consistent with its purpose.
Instruction Scope
The runtime instructions and code send tool inputs and truncated outputs (and release tokens/metadata) to https://governance.taskhawktech.com via /governance/verify and /governance/attest. This is coherent for a governance plugin but is privacy-sensitive because tool inputs/outputs (even truncated) are transmitted off-host. The SKILL.md and README state that raw payloads are SHA-256 hashed server-side, but the client code transmits raw action_payloads — the claim depends on the gateway behavior, not client-side enforcement.
Install Mechanism
The package is distributed as an npm package (@kevros/openclaw-plugin) and the repository field points to a GitHub URL; included files contain source and built dist files. No binary downloads or obscure URLs are used. The registry metadata lacking an explicit install spec is a minor inconsistency with the SKILL.md (which lists an npm install) but not a high risk.
Credentials
Registry metadata lists KEVROS_API_KEY as a required primary env var which is appropriate, but the code auto-provisions a free API key by calling POST /signup if no apiKey is configured. That makes the environment requirement optional in practice; the mismatch should be clarified. No other unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. It registers hooks and tools within the agent API as expected. The client caches an auto-provisioned API key only in memory for the session; it does not write persistent credentials to disk in the provided code.
Assessment
This plugin appears to implement what it claims — it will intercept high-risk tool calls and POST verification/attestation data to governance.taskhawktech.com. Before installing: (1) Confirm you trust the external gateway (review their privacy policy, source repo, and the gateway URL) because agent inputs/outputs (possibly sensitive) are transmitted off-host; (2) Test in advisory mode (mode: "advisory") first to avoid fail-closed blocking and to see what data would be sent; (3) Prefer providing your own KEVROS_API_KEY in config rather than allowing the plugin's auto-signup if you want control over provisioning and rate limits; (4) Consider restricting highRiskTools to only the truly sensitive tools for your deployment; (5) If you need stronger guarantees, verify the gateway implementation (server-side handling of payload hashing and storage) before sending production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pcv2sbfqp499jhsx2cdhkh839g1h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSLinux · macOS · Windows
EnvKEVROS_API_KEY
Primary envKEVROS_API_KEY

Comments