Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SSH OP
v0.1.0Use the ssh-op helper script to load an SSH private key from 1Password (op) into an in-memory ssh-agent and then run ssh. Use when connecting to hosts that r...
⭐ 0· 546·0 current·0 all-time
byZhihao@moodykong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's description (use 1Password CLI to load a private key into ssh-agent) matches the included onboarding and helper scripts. However the registry metadata claims no required binaries or env vars while the SKILL.md and onboard.sh explicitly require the `op` CLI and ssh-related binaries. The canonical executable referenced (~/.openclaw/skills/ssh-op/scripts/ssh-op) is described but not included in the provided file contents, so the actual runtime behavior cannot be verified.
Instruction Scope
SKILL.md and onboard.sh give explicit, scoped instructions (run op whoami, run onboard.sh, run ssh-op, optionally update ~/.ssh/config). They do not instruct broad file-system scraping or network exfiltration. However because the main runtime script (scripts/ssh-op) is not present for review, we cannot confirm it adheres to the documented behavior (e.g., piping `op read ... | ssh-add -`). The provided ensure_ssh_config.py is intended only to manage a delimited block in ~/.ssh/config, but it contains a regex bug that will likely append duplicate blocks instead of updating them idempotently.
Install Mechanism
There is no install spec (instruction-only with some helper scripts), which is low-risk from an installation standpoint. Nothing is downloaded from external URLs in the package.
Credentials
The skill does not declare any required environment variables in registry metadata, yet the documentation and onboard.sh rely on the user's 1Password CLI session (op) and optionally OP_SERVICE_ACCOUNT_TOKEN. The skill writes a machine-local config.env containing vault/item names (not secrets). The mismatch between declared requirements and actual runtime requirements is noteworthy and should be corrected/verified before use.
Persistence & Privilege
The skill does not request global/always-on privileges. It writes a config file in its own skill directory and can update ~/.ssh/config (expected for managing host aliases). It does not attempt to modify other skills or system-wide agent settings.
What to consider before installing
Proceed with caution. Things to check before installing or using this skill: 1) The package references a runtime script (~/.openclaw/skills/ssh-op/scripts/ssh-op) but that file was not provided for review — inspect that script yourself to ensure it actually does what the README claims and contains no network calls or unexpected behavior. 2) Ensure you have the 1Password CLI (op) installed and are comfortable that piping the private key from `op read` into `ssh-add -` (in-memory agent) matches your security policy; verify no temporary files are created by the actual ssh-op script. 3) Back up ~/.ssh/config before running ensure_ssh_config.py; the included Python script has a regex bug and may append duplicate managed blocks instead of updating them idempotently. 4) Confirm you trust the skill owner and run the onboarding/test steps in an isolated account or VM first. 5) Ask the publisher to correct metadata to list required binaries (op, ssh, ssh-agent, ssh-add) and either include the canonical executable or explain where it will be installed so reviewers can validate runtime behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97eyjxwys8014e9s7hqtjr8h581nvff
License
MIT-0
Free to use, modify, and redistribute. No attribution required.