ClawHub

Auto Authenticator Local

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local TOTP helper, but its installer and seed-handling instructions are risky enough that users should review it carefully before installing.

Install only if you are comfortable with a local tool storing MFA seeds in your OS credential store. Avoid the one-line installer; prefer cloning or downloading a pinned release, inspecting the installer, and using a virtual environment with pinned dependencies. Do not pass real TOTP seeds directly on the command line for this version because shell history and process listings can expose them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill instructs use of shell commands and bundled scripts, but the metadata shown in this file does not declare the corresponding permissions. Undeclared execution capability is dangerous because it can bypass expected review and consent boundaries, especially in a skill that handles authentication secrets and invokes local tooling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-start instructs users to execute a remote script directly via curl-to-bash without any integrity verification, pinning, or warning. That creates a supply-chain and remote code execution risk: if the GitHub content or delivery path is compromised, users will run attacker-controlled code immediately.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The installer unconditionally executes `rm -rf "$TARGET_DIR"` when the target is not a git repo, without a dedicated confirmation prompt or strong path safety checks. If `OPENCLAW_SKILL_DIR` or the resolved target path is misconfigured, empty in edge cases, or pointed at an unintended location, this can delete user data before cloning the repository.

External Script Fetching

Low
Category
Supply Chain
Content
One-line install:

```bash
curl -fsSL https://raw.githubusercontent.com/LucasZH7/auto-authenticator-local/main/install.sh | bash
```

This installer clones the repository into `~/.openclaw/skills/auto-authenticator-local` by default and installs Python dependencies locally for the tool.
Confidence
96% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/LucasZH7/auto-authenticator-local/main/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
One-line install:

```bash
curl -fsSL https://raw.githubusercontent.com/LucasZH7/auto-authenticator-local/main/install.sh | bash
```

This installer clones the repository into `~/.openclaw/skills/auto-authenticator-local` by default and installs Python dependencies locally for the tool.
Confidence
97% confidence
Finding
| bash

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal