Archon Vault
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is broadly consistent with encrypted backup/restore, but it handles master recovery secrets and decrypted backups in ways that could expose sensitive data or send backups to an unintended default vault.
Review this skill carefully before installing. If you use it, avoid command-line mnemonic recovery, pin or preinstall the keymaster dependency, confirm the exact vault destination before backing up, and manually delete any /tmp backup archives until the scripts implement secure temporary-file cleanup.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the mnemonic can recover the wallet and potentially access vault contents.
The master recovery mnemonic is supplied as a command-line argument and then passed to another process, which can expose it through shell history, process listings, or subprocess handling.
Usage: $0 "word1 word2 ... word12" [target-dir] ... MNEMONIC="$1" ... npx @didcid/keymaster import-wallet "$MNEMONIC" > /dev/null
Do not pass recovery mnemonics on the command line. Read the mnemonic from an interactive hidden prompt or a protected file descriptor, warn users about exposure, and avoid passing it as a process argument.
Sensitive workspace, agent configuration, and memory-related data may remain locally readable after backup, even though the remote vault storage is described as encrypted.
The backup flow creates decrypted workspace and OpenClaw config archives in /tmp using predictable filenames and does not remove them after upload.
cd /tmp rm -f workspace.zip zip -q -r workspace.zip "$WORKSPACE_DIR" ... npx @didcid/keymaster add-vault-item backup /tmp/workspace.zip ... rm -f /tmp/config.zip zip -q -r /tmp/config.zip .
Use a private temporary directory created with mktemp, set restrictive permissions, add a trap to clean up temporary files automatically, and avoid predictable filenames.
A routine backup verification can leave decrypted copies of workspace, config, and memory backups behind on disk.
Verification downloads decrypted backup items into /tmp and only prints a cleanup command instead of deleting them automatically.
VERIFY_DIR="/tmp/backup-verify-$$" mkdir -p "$VERIFY_DIR" ... echo "Cleanup: rm -rf $VERIFY_DIR"
Store verification downloads in a permission-restricted temporary directory and delete them automatically on exit unless the user explicitly chooses to keep them.
A user may believe they selected a specific vault, but the script can upload broad workspace/config backups to a different default alias.
The implementation hardcodes the destination vault alias as 'backup', while the SKILL.md documents the backup command as accepting an optional '[vault-did]'.
npx @didcid/keymaster add-vault-item backup /tmp/workspace.zip ... npx @didcid/keymaster add-vault-item backup /tmp/config.zip
Either honor an explicit vault argument or remove the documented argument, and print the exact destination vault with a confirmation before uploading sensitive backups.
A changed or compromised npm package could access the Archon passphrase, wallet context, files being backed up, or recovery data.
The scripts execute @didcid/keymaster through npx without a pinned version or lockfile, while wallet credentials and sensitive files are in scope.
npx @didcid/keymaster add-vault-item "$VAULT_ID" "$FILE_PATH"
Pin the package version, use a reviewed local installation or lockfile, and document package provenance before handling wallet credentials or backups.
Adding the wrong DID could let another party decrypt vault contents.
Vault membership management is disclosed and purpose-aligned, but it grants continuing access to encrypted backup contents.
Adding a member grants them decrypt access to vault contents.
Verify member DIDs carefully, confirm membership changes before execution, and periodically review vault members.