Back to skill
Skillv1.0.0
ClawScan security
test-skill22131 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 1, 2026, 4:54 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's description, install, and required binary (op) line up with a 1Password CLI helper, but the runtime instructions include actions (capturing tmux pane output, using socket dirs via undeclared env vars) that could inadvertantly collect or expose secrets and are not fully justified or constrained.
- Guidance
- This skill appears to be a legitimate 1Password CLI helper and installs via Homebrew as expected. The main risk is operational: the instructions require creating a tmux session and capturing the terminal pane, which can include sensitive output. Before installing, confirm you (or the agent) will: 1) never transmit captured pane output to logs or external services, 2) implement redaction or strict filtering of captured output, and 3) review/declare any socket-related env vars (OPENCLAW_TMUX_SOCKET_DIR / CLAWDBOT_TMUX_SOCKET_DIR) used in your environment. If you want stronger guarantees, ask the skill author to remove automatic capture-pane usage or to add explicit redaction and handling rules in SKILL.md. If these safeguards cannot be enforced, treat outputs from this skill as high-sensitivity data and restrict its use.
Review Dimensions
- Purpose & Capability
- okName, description, required binary (op), and the brew install formula (1password-cli) are consistent with a skill whose job is to help install and use the 1Password CLI.
- Instruction Scope
- concernThe SKILL.md mandates running every op command inside a freshly-created tmux session and explicitly captures the tmux pane (capture-pane) then kills the session. Capturing terminal output can include secrets (or one-time codes) and the instructions do not require redaction or otherwise limit what is captured or how the captured output is handled/transmitted. The instructions also reference socket-directory env vars (OPENCLAW_TMUX_SOCKET_DIR, CLAWDBOT_TMUX_SOCKET_DIR) that are not declared in the skill metadata. Overall the instructions perform actions that could expose sensitive data unless callers strictly follow additional safeguards not specified here.
- Install Mechanism
- okInstall spec uses Homebrew formula '1password-cli' which is an expected, low-risk installation path for this purpose. No arbitrary downloads or archive extraction are present.
- Credentials
- noteThe skill declares no required credentials or env vars (appropriate for a local CLI helper). However, it references OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR in example commands; these are not declared in requires.env. There is no request for unrelated credentials, which is good.
- Persistence & Privilege
- okThe skill is not force-included (always: false) and does not request elevated or persistent platform privileges. Autonomous invocation is allowed by platform default but not combined with other high-risk flags.