ClawHub
Back to skill

Security audit

Locker Vault

Security checks across malware telemetry and agentic risk

Overview

This is a coherent secrets-management skill, but it includes unsafe install and credential-handling patterns that users should review before trusting it with real secrets.

Review before installing. Prefer read-only Locker access, avoid the .env, raw piping, broad environment export, and inline cron credential examples, and install the Locker CLI only through a verified signed or checksummed source. Use read-write mode only for agents that truly need to rotate or manage secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly instructs use of environment variables and shell execution (`locker` CLI, `curl | bash`) but does not declare permissions. Undeclared privileged capabilities weaken policy enforcement and review because an agent may gain secret-accessing shell/env behavior without explicit authorization boundaries.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The trigger list contains very broad terms such as `secret`, `password`, `token`, `env var`, and `sensitive`, which are likely to appear in many unrelated conversations. That can cause unintended invocation of a skill that handles credentials and shells out to a CLI, increasing the chance of accidental secret-handling workflows or over-privileged tool use in contexts that did not require it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly recommends exporting all secrets into a `.env` file without warning that this creates a plaintext aggregate of sensitive values on disk. In a secrets-management skill, normalizing this pattern increases the chance that agents or operators persist credentials in files that may be committed, backed up, or read by other local processes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example shows a secret value being emitted to stdout and piped directly into another command, which can expose the secret through process inspection, shell history variants, logging, or accidental misuse of command-line arguments. The same section also frames this as a suitable usage pattern without discussing risks of transmitting secrets into downstream tools or remote services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance recommends exporting all secrets as environment variables for a spawned process but omits the exposure risks of inherited environments, crash dumps, diagnostics, child-process propagation, and application-level env logging. In a credential-handling skill, this omission is especially risky because agents may adopt broad environment export as a standard pattern.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The cron example embeds access keys directly in the job definition, creating a high risk of credential disclosure through crontab readability, backup systems, operational screenshots, and administrative tooling. Because this skill is specifically meant to manage secrets safely, presenting hardcoded credentials in scheduler configuration materially undermines the skill's stated security purpose.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Download and install (check locker.io/secrets/download for latest)
curl -fsSL https://locker.io/secrets/install.sh | bash

# Verify installation
locker --version
Confidence
98% confidence
Finding
curl -fsSL https://locker.io/secrets/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Download and install (check locker.io/secrets/download for latest)
curl -fsSL https://locker.io/secrets/install.sh | bash

# Verify installation
locker --version
Confidence
97% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.