ClawHub

Gateway Env Injector

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised macOS gateway setup, but it persists API keys and a 1Password service token into a LaunchAgent plist while claiming to avoid plaintext secrets on disk.

Review before installing or running. Treat this as a script that writes your provider API keys and 1Password service account token into a local LaunchAgent plist and gateway environment. Use only tightly scoped, rotatable credentials, inspect plist permissions, remove OP_SERVICE_ACCOUNT_TOKEN unless the gateway truly needs it, and plan how to clean old secrets out of the plist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill claims it avoids leaving plaintext keys on disk, but its described behavior injects secrets into a LaunchAgent plist, which is itself a file persisted on disk. If it also writes OP_SERVICE_ACCOUNT_TOKEN into the plist, it converts a high-value credential into a persistent local secret, broadening compromise impact to anyone or any process that can read the plist or backups of it.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script explicitly copies the 1Password service account token from a local file into the LaunchAgent plist as an environment variable. That persists a highly privileged secret to disk and makes it available to the long-running gateway process, broadening exposure through plist inspection, process/environment disclosure, backups, and any compromise of the gateway account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script's header frames this as a safe way to inject secrets, but it does not clearly warn that the retrieved API keys are being written into a LaunchAgent plist on disk and then exposed as process environment variables. That can mislead operators into treating the workflow as non-persistent secret handling when it actually increases the attack surface and forensic recoverability of the secrets.

Session Persistence

Medium
Category
Rogue Agent
Content
# Gateway Environment Injector

Bake secrets from 1Password into macOS LaunchAgent plists without leaving plaintext keys on disk. Uses `op read` to fetch secrets and `/usr/libexec/PlistBuddy` to inject them directly into the plist's `EnvironmentVariables` block.

## Why This Exists
Confidence
97% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
# Gateway Environment Injector

Bake secrets from 1Password into macOS LaunchAgent plists without leaving plaintext keys on disk. Uses `op read` to fetch secrets and `/usr/libexec/PlistBuddy` to inject them directly into the plist's `EnvironmentVariables` block.

## Why This Exists
Confidence
97% confidence
Finding
Plist

Session Persistence

Medium
Category
Rogue Agent
Content
# Gateway Environment Injector

Bake secrets from 1Password into macOS LaunchAgent plists without leaving plaintext keys on disk. Uses `op read` to fetch secrets and `/usr/libexec/PlistBuddy` to inject them directly into the plist's `EnvironmentVariables` block.

## Why This Exists
Confidence
97% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
bash scripts/inject-gateway-env.sh
```

Reads each key from 1Password, injects into the gateway plist, then restarts the service.

## What It Injects
Confidence
91% confidence
Finding
plist

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal