ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Archon Vault

v0.1.0

Encrypted distributed storage using Archon DID vaults. Manage vaults, backup and restore workspace/config/memory with multi-party access control. Use for cre...

0· 406·0 current·0 all-time
by@macterra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The requested credentials (ARCHON_WALLET_PATH, ARCHON_PASSPHRASE) and the use of @didcid/keymaster align with an Archon DID vault backup/restore skill. However the declared required binaries mismatch what the scripts actually use: SKILL.md lists node, npx, tar and optionally zip/unzip/sha256sum, but the scripts rely heavily on zip/unzip, jq, sqlite3, du and unzip/zip; tar is declared but not used. This is inconsistent and suggests the manifest was not kept in sync with the code.
!
Instruction Scope
The scripts will archive user workspace and ~/.openclaw and upload them to an external gatekeeper (default https://archon.technology). They also back up hexmem.db (memory) and will source ~/.archon.env (which contains the passphrase). The disaster-recovery script accepts a 12-word mnemonic as a plain CLI argument — this leaks the mnemonic to process listings and shell history. The scripts export ARCHON_PASSPHRASE into the environment for npx subprocesses, which exposes secrets to child processes. These behaviors are within a backup tool's domain but are sensitive and should be highlighted and mitigated.
!
Install Mechanism
There is no install spec, but the scripts call npx @didcid/keymaster at runtime. npx will fetch and execute packages from the npm registry at runtime, which means network-downloaded code runs on the machine whenever used. That is expected for npx usage but is higher-risk than a shipped, pinned binary. Also the manifest does not declare runtime dependencies like jq and sqlite3 that the scripts use.
Credentials
Requesting ARCHON_WALLET_PATH and ARCHON_PASSPHRASE is proportionate for a vault wallet tool. However the scripts also reference ARCHON_GATEKEEPER_URL (not listed in requires.env) and they source ~/.archon.env (implicitly relying on it). Exporting the passphrase for npx child processes and accepting mnemonics on the command line are sensitive practices that increase exposure of credentials.
Persistence & Privilege
The skill is not always: true, does not request system-wide config changes, and does not attempt to modify other skills. Autonomous invocation is allowed by default but is not, by itself, a red flag here.
What to consider before installing
This skill mostly matches its stated purpose (backup/restore Archon DID vaults) but has several practical and security issues you should consider before installing or running it: - Missing runtime dependency declarations: the scripts use jq and sqlite3 (and rely heavily on zip/unzip), but these are not listed in the skill manifest. Ensure those tools are installed before running. - npx usage: the scripts call npx @didcid/keymaster at runtime. npx fetches code from the npm registry each run — review the @didcid/keymaster package source and trustworthiness before allowing runtime network installs. - Mnemonic handling risk: disaster-recovery.sh requires the 12-word mnemonic as a command-line argument, which can be observed via ps and saved to shell history. Prefer methods that read the mnemonic from a secure prompt or file with restricted permissions instead of a CLI arg. - Passphrase exposure: scripts source ~/.archon.env and export ARCHON_PASSPHRASE so child processes can access it. This is necessary for npx but increases exposure; protect ~/.archon.env and avoid running these scripts in multi-user environments. - Backup scope: defaults archive your workspace (script uses $PWD) and ~/.openclaw and may include sensitive data. Review and populate .backup-ignore carefully and run the backup from the correct working directory (the script warns about running from $HOME or /). - External endpoint: by default uploads go to https://archon.technology. If you need to avoid third-party servers, set ARCHON_GATEKEEPER_URL to a trusted local endpoint. Recommended actions before using: 1) Inspect the @didcid/keymaster package source/version that npx will fetch. 2) Install and verify jq, sqlite3, zip/unzip if you plan to run verification scripts. 3) Never pass your mnemonic on the command line; modify disaster-recovery.sh to read it from stdin or a protected file. 4) Backup and test in a controlled environment; verify .backup-ignore excludes anything sensitive. 5) If you cannot audit the upstream npm package, avoid running npx calls on a machine with sensitive data. Given the combination of undeclared deps, runtime package fetching, and unsafe mnemonic handling, proceed only after addressing these issues or classify the skill as high-risk for machines holding sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fm3ndkpr0j9qw8v1cdcr1e181tx4g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💾 Clawdis
Binsnode, npx, tar
Any binzip, unzip, sha256sum
EnvARCHON_WALLET_PATH, ARCHON_PASSPHRASE
Primary envARCHON_PASSPHRASE

Comments