ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Volcengine Agent Identity

v0.2.1

UserPool login, TIP token, credential hosting, and tool risk approval. Activate when user needs to check identity (whoami/status), log in, list/add credentia...

4· 513·0 current·0 all-time
byM1a0@loveyana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and runtime instructions align: the skill is for OIDC login, TIP tokens, credential hosting, and risk approval. It does not request unrelated environment variables or binaries. The declared required config path (plugins.entries.agent-identity.enabled) is appropriate for a plugin of this type.
Instruction Scope
SKILL.md instructs the agent to call identity tools for login, status, fetch, list, and binding operations — this is within scope. It explicitly warns the agent not to self-approve user-initiated slash commands. One notable capability: the skill supports binding credential providers to environment variables for other tools (tool injection). That is a legitimate feature for a credential-hosting plugin, but it is powerful because it enables other tools/commands to receive secrets. The instructions do not ask the agent to read arbitrary host files or unrelated env vars, nor to transmit secrets to unexpected external endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest risk from installation perspective. Nothing is written to disk by this skill's manifest.
Credentials
The skill declares no required environment variables or primary credential, which is proportional. However, its functionality includes storing credentials and binding them to environment variables for tool use; while appropriate for identity management, that capability effectively grants the plugin the ability to surface secrets to other tools, so operational controls (who can approve bindings, auditing) matter.
Persistence & Privilege
always is false and model invocation is not disabled (normal). The skill requires enabling in plugin config; it does not demand permanent always-on inclusion or modify other skills' configs. No other elevated persistence or cross-skill access is requested.
Assessment
This skill is coherent for identity and credential management and does not request unrelated secrets or installs. Before enabling it, consider: 1) Only enable the plugin if you need agent-hosted credentials or OIDC/TIP flows. 2) Review where credentials will be stored and who can access them; ensure storage is encrypted and access-audited. 3) Pay attention to bindings: binding a provider to an env var lets other tools receive those secrets — restrict which tools/agents can use injected env vars. 4) Keep authz.requireRiskApproval enabled (and avoid allowing the agent to self-approve) so high-risk commands require explicit user approval. 5) Monitor approval logs and periodically review providers and bindings. If you are uncomfortable with an agent having the ability to inject credentials into tool invocations, do not enable this plugin.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781tj58p4wawrsd19j0rkgx181ve55

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Configplugins.entries.agent-identity.enabled

Comments