ClawHub

Headless Vault CLI

v1.2.6

Read and edit Markdown notes on your personal computer via SSH tunnel. Use when the user asks to read, create, or append to notes in their vault.

1· 1.6k·0 current·0 all-time
byLogan Yang@logancyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (read/edit Markdown via SSH tunnel) matches the declared requirements (ssh binary, VAULT_SSH_USER) and the behavior in vault.sh (invokes ssh to run vaultctl remotely). No unrelated binaries or unrelated credentials are requested.
Instruction Scope
SKILL.md confines actions to a narrow set of vaultctl operations (tree, resolve, info, read, create, append) and emphasizes base64 encoding to avoid shell injection. It does rely on the user's correct setup (reverse tunnel, forced-command in authorized_keys, and vaultctl enforcing path sandboxing). Those are trust assumptions: the skill assumes the local vaultctl and forced-command correctly restrict actions — this is reasonable but user-dependent.
Install Mechanism
Instruction-only skill with an included shell wrapper (vault.sh). There is no install step, no downloads, and no archive extraction. Risk from installation is minimal.
Credentials
Only VAULT_SSH_USER is required (with optional VAULT_SSH_PORT and VAULT_SSH_HOST), which is proportionate. One small inconsistency: registry metadata listed no required config paths, but SKILL.md and vault.sh reference a fallback config file (~/.config/headless-vault-cli/mac-user). That file is read for convenience if the env var is not set.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide privileges. It does read a per-user config fallback file in $HOME, which is within expected scope for a CLI wrapper.
Assessment
This skill appears coherent with its purpose, but it depends on correct local setup and trust in the local helper (vaultctl). Before using: (1) verify you properly configured authorized_keys with a forced-command wrapper so the VPS key can only run vaultctl; (2) review and trust the local vaultctl implementation to ensure it enforces VAULT_ROOT and rejects path traversal or symlink escapes; (3) confirm the VPS SSH key is kept secure and that the VPS is trusted, since the tunnel gives that VPS the ability to run vaultctl on your machine; (4) note the script will read ~/.config/headless-vault-cli/mac-user as a fallback if VAULT_SSH_USER is unset — if you prefer, set VAULT_SSH_USER explicitly to avoid that; (5) ensure the VPS SSH host key is known (StrictHostKeyChecking is enabled) to avoid man-in-the-middle risk. If you cannot verify the forced-command and vaultctl sandboxing on your local machine, do not enable the tunnel or give the VPS access.

Like a lobster shell, security has layers — review code before you run it.

latestvk978krnn1hm5sgsaywwmm23n15818a8c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗄️ Clawdis
Binsssh
EnvVAULT_SSH_USER

Comments