Skillv1.1.0

ClawScan security

OAuth Providers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 2:35 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and requested actions are consistent with an OAuth/settings UI that manages provider credentials; it reads/writes local OpenClaw config and secrets and auto-detects Anthropic tokens from the Claude CLI, which is coherent with the described purpose.
Guidance: This skill appears to do what it says: add an OAuth/API-key UI and store credentials in OpenClaw's auth and secrets stores. Before installing, consider the following: - It will read ~/.claude/.credentials.json (Claude CLI) if you use the Anthropic auto-detect feature and copy that token into OpenClaw — only enable auto-detect if you trust this behavior. - Credentials are written to OpenClaw config/secrets (auth-profiles.json, ~/.openclaw/secrets.json). Make backups if you want to revert changes. - OAuth manual fallback requires pasting the full redirect URL (contains codes/state). Avoid pasting such URLs into untrusted UIs or shared clipboards. - The gateway uses a third-party package (@mariozechner/pi-ai) via dynamic import; ensure that dependency in your environment comes from a trusted source before using the OAuth flow. - Logs may include short token prefixes in error messages (the code prints the token start in some errors). If that concerns you, review/modify logging before use. If you are comfortable with these behaviors (reading Claude CLI creds, writing to OpenClaw auth/secrets, and relying on the external pi-ai package), the skill is coherent with its stated purpose. If you need higher assurance, review the included TypeScript files and the provenance of @mariozechner/pi-ai before enabling the feature.

Review Dimensions

Purpose & Capability: okName/description align with the code and SKILL.md: the UI view, controller, and gateway RPCs implement OAuth, subscription-token, and API-key storage for Anthropic, OpenAI (Codex PKCE), Google, and OpenRouter. The actions (reading ~/.claude, writing auth-profiles and secrets, invoking a PKCE flow) are expected for this feature.
Instruction Scope: noteInstructions and code stay within the stated purpose but do include reading another tool's credentials (~/.claude/.credentials.json) for an auto-detect feature and accept pasted redirect URLs for OAuth manual completion. Those behaviors are documented in SKILL.md and implemented in code; users should be aware this imports tokens from the Claude CLI into OpenClaw's auth store.
Install Mechanism: okNo install spec / no arbitrary remote downloads. The code dynamically imports an external package (@mariozechner/pi-ai) at runtime; if that package is required it must be present in the runtime environment (the code handles a missing package by returning an error). No extract-from-URL installs or unknown binary downloads are present in the skill bundle.
Credentials: noteThe skill declares no required env vars but writes API keys into OpenClaw's secrets store and the mapping uses environment variable names (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, OPENROUTER_API_KEY). It also reads/writes local config and agent store files (auth-profiles.json, openclaw config, secrets.json). These accesses are proportionate to credential management, but users should expect these files to be modified and tokens copied into OpenClaw's encrypted stores.
Persistence & Privilege: okalways:false and user-invocable:true; the skill registers gateway RPC handlers and writes auth profiles/config when invoked, but it does not request permanent inclusion or modify other skills. Autonomous invocation is allowed by default but not combined here with other elevated privileges.