Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
whoami
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real profile-sync skill, but it gives agents persistent read/write access to a remote personal profile that can influence future conversations.
Install only if you are comfortable storing a concise personal profile with this remote service and letting agents use it to personalize answers. Keep secrets out of the profile, review changes before saving, protect or rotate the API key, verify the endpoint, and use only temporary files for updates.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A compromised, outdated, or overly broad profile could influence how the agent acts across future conversations and could expose personal context to AI sessions where the user did not expect it.
Why it was flagged
The skill creates persistent remote memory and instructs agents to inject it into future task context. Because the profile is Markdown and shared across AI tools, stale or poisoned profile content could steer later agent behavior unless treated as untrusted preference data.
Skill content
- Read user profile from remote and inject into conversation context - Save/update user identity information to remote - Share the same user profile across AI tools ... After loading the profile, use its content as context to understand the user
Recommendation
Review the profile regularly, keep secrets and command-like instructions out of it, and require agents to treat loaded profile text as lower-priority user preference data that cannot override the current user request or system rules.
What this means
Anyone with the API key may be able to read or overwrite the remote identity profile. If the endpoint is changed in the environment/config, the key and profile could be sent somewhere unexpected.
Why it was flagged
The script reads a local API key and sends it as a Bearer token to the configured endpoint. This is expected for the service, but it is sensitive authority and the registry metadata does not declare a primary credential or config path.
Skill content
CONFIG_PATH = Path.home() / ".whoamiagent"
DEFAULT_ENDPOINT = "https://whoamiagent.com"
...
env_endpoint = os.environ.get("WHOAMI_ENDPOINT")
...
"Authorization": f"Bearer {api_key}"Recommendation
Protect ~/.whoamiagent, verify the endpoint before use, do not paste the key into untrusted chats or logs, and rotate the key if it may have been exposed.
What this means
If the agent or user passes an existing important file instead of a temp file, that file could be uploaded as profile content and then deleted locally.
Why it was flagged
The update flow reads the path supplied to --file and then deletes it. The documentation intends this for temporary files, but the code does not enforce that the path is actually temporary.
Skill content
if len(args) >= 2 and args[0] == "--file":
file_path = Path(args[1])
...
content = file_path.read_text(encoding="utf-8").strip()
...
file_path.unlink()Recommendation
Use only a newly created temporary file for profile updates, and do not pass existing documents or sensitive files to the --file option.