ClawHub

Archon Vault

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate encrypted backup and vault-management skill, but it handles broad local backups and recovery secrets with weak guardrails.

Review before installing. Use this only if you trust Archon and the dynamically invoked `@didcid/keymaster` package, protect `~/.archon.env` with restrictive permissions, avoid passing your 12-word mnemonic in a shell command, confirm the gatekeeper URL and backup scope, review `.backup-ignore`, clean leftover `/tmp` archives, and verify any restored OpenClaw config or memory before merging it into a live environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill exposes shell-based capabilities through multiple executable script examples, but it does not declare explicit permissions or constraints for those operations. This weakens security transparency and can cause an agent or user to invoke filesystem and backup actions without clear consent boundaries, especially because the described operations include archiving and restoring sensitive local data.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script sources ~/.archon.env and exports ARCHON_PASSPHRASE into the process environment for downstream npx commands. This expands trust to whatever shell code is inside that file and exposes secrets to child processes, increasing the blast radius if the local environment file is modified or if invoked tooling is compromised.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description is broadly worded and encourages use for creating, managing, backing up, restoring, disaster recovery, and membership changes without tight trigger constraints. In an agent setting, this increases the chance of overbroad or accidental invocation for high-impact actions involving sensitive data and access control changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script compresses the workspace, ~/.openclaw config, and optionally a database, then uploads them to a remote service via @didcid/keymaster, defaulting to a public Archon gatekeeper URL. Even if the vault is intended to be encrypted, this is still off-system transmission of potentially sensitive data without an explicit consent prompt or strong warning at execution time.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script requires the 12-word mnemonic to be passed directly as a command-line argument, which exposes it through shell history, process listings, audit logs, and possibly job control or telemetry. Because this mnemonic is the root secret for wallet recovery, disclosure enables full wallet takeover and downstream vault recovery.

Missing User Warnings

High
Confidence
85% confidence
Finding
The recovery flow invokes remote-dependent wallet recovery operations after creating a wallet from the mnemonic, but the script does not clearly disclose that highly sensitive recovery metadata may be transmitted to an external gatekeeper service. In a disaster-recovery context this may be expected functionally, but lack of explicit disclosure and confirmation increases the risk of users unknowingly sending recovery-related data to a remote endpoint.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs a destructive vault operation immediately after accepting two positional arguments, with no confirmation prompt, dry-run mode, or safeguard against accidental targeting of the wrong vault item. In a backup/recovery skill managing encrypted vault contents, accidental deletion can directly cause data loss or operational disruption, especially if the removed item is not easily recoverable.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs an irreversible membership change immediately after accepting user-supplied arguments, with no confirmation prompt, dry-run mode, or validation that the target DID is the intended member. In a vault-management context, accidental removal can disrupt legitimate access, recovery workflows, or multi-party control and is therefore a real operational security risk.

Credential Access

High
Category
Privilege Escalation
Content
# Load environment
if [ -f ~/.archon.env ]; then
    source ~/.archon.env
    export ARCHON_PASSPHRASE  # Must explicitly export for npx subprocesses
else
    echo "ERROR: ~/.archon.env not found"
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Ensure environment is loaded
if [ -z "$ARCHON_PASSPHRASE" ]; then
    if [ -f ~/.archon.env ]; then
        source ~/.archon.env
    else
        echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Ensure environment is loaded
if [ -z "$ARCHON_PASSPHRASE" ]; then
    if [ -f ~/.archon.env ]; then
        source ~/.archon.env
    else
        echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
        exit 1
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Ensure environment is loaded
if [ -z "$ARCHON_PASSPHRASE" ]; then
    if [ -f ~/.archon.env ]; then
        source ~/.archon.env
    else
        echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
Confidence
89% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Ensure environment is loaded
if [ -z "$ARCHON_PASSPHRASE" ]; then
    if [ -f ~/.archon.env ]; then
        source ~/.archon.env
    else
        echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
        exit 1
Confidence
88% confidence
Finding
.env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal