Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
R4
v1.0.2Access and manage credentials, secrets, and domain registrations securely using the R4 platform with injected environment variables and API calls.
⭐ 0· 410·2 current·2 all-time
byLuke Zirngibl@lukezirngibl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md describes a password-manager + domain-registrar integration that requires an `r4` CLI and an `R4_API_KEY` environment variable. However, the registry metadata declares no required binaries, no required env vars, and no primary credential. That omission is inconsistent: a vault/registrar skill legitimately needs an API key and/or CLI access, so the metadata should declare them.
Instruction Scope
The instructions tell the agent to list and fetch vault items (including 'r4 vault list' which returns all project env vars) and to run commands with secrets injected ('r4 run'). Those actions are within the claimed purpose, but they enable broad secret access and potential misuse. The README also says the CLI and API key are pre-configured — an assumption that may not hold and is not reflected in metadata.
Install Mechanism
No install spec is provided (instruction-only), and the single code file only exposes the SKILL.md path and content. Nothing is downloaded or written at install time, which minimizes install-time risk.
Credentials
Though the skill clearly needs an `R4_API_KEY` and access to many vault items (usernames, passwords, API keys, SSH keys), the registry declares no required environment variables or primary credential. The skill's effective permissions would be broad (access to many secrets) but that is not articulated in the metadata — this mismatch is disproportionate and should be clarified.
Persistence & Privilege
The skill is not set to always:true and does not request elevated persistent platform privileges. Model invocation is allowed by default (normal). The skill does not modify other skills or system-wide settings in the provided files.
What to consider before installing
This skill claims to be a password manager and domain registrar front-end that can read and inject all project secrets, but the registry info does not declare the required CLI or API key. Before installing: 1) Verify the skill author/source (unknown here) and confirm that r4.dev is legitimate for your environment. 2) Ask whether the R4 CLI is actually pre-installed and where the R4_API_KEY will come from; do not assume an API key is present. 3) Confirm the exact vault-item sharing/permissions — which vaults and fields are shared with the agent? 4) Be cautious about allowing autonomous runs that execute commands with injected secrets (r4 run) — secrets could be leaked if the agent runs networked commands. 5) Require the publisher to update registry metadata to list required binaries and the primary env var(s) (e.g., R4_API_KEY) so the permission scope is explicit. If you cannot verify these, run the skill in an isolated/test environment and audit CLI behavior and network calls before granting it access to production secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97am2wr8akg69fhd9rg1k63j581z8dj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.