Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Web Service Onboarding
v1.0.2Autonomous signup for external web services — browser automation, email verification, API key generation and secure storage in 1Password. Use when asked to c...
⭐ 0· 48·1 current·1 all-time
byNissan Dookeran@nissan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's claimed purpose—automating signups, email verification, passkey handling, API key generation, and storing secrets in 1Password—matches the content of SKILL.md. However, the skill does not declare any required binaries, environment variables, or credentials (e.g., Playwright/Chromium, 1Password CLI/session token, Proton Bridge or IMAP credentials), even though the instructions clearly require them. That omission is an inconsistency: a legitimate onboarding skill should list the external tools and secrets it needs.
Instruction Scope
The SKILL.md instructs the agent to perform sensitive operations: create browser contexts, add a Playwright CDP virtual authenticator, export WebAuthn credentials to a local file (/tmp/webauthn-creds.json), fetch verification links via an IMAP bridge on localhost, and save API keys into 1Password. These operations access, create, and persist secrets. The instructions do not explain how to authenticate to 1Password or how to protect exported passkey files (which are written to /tmp, often world-readable). The skill also assumes access to a Proton Bridge or local IMAP proxy at 127.0.0.1:1143 without documenting credentials or setup. This scope creep and lack of safe-handling guidance is concerning.
Install Mechanism
There is no install spec (instruction-only), so nothing will be written automatically to disk by an installer — this lowers supply-chain risk. However, the runtime instructions depend on external tooling (browser automation like Playwright/CDP, Node runtime, 1Password CLI, Proton Bridge) and will write temporary files. The absence of an install spec means the skill expects those tools to already exist; the missing dependency declarations are a transparency gap.
Credentials
No environment variables or primary credential are declared, yet the workflow requires secrets and auth to external/local services: IMAP/email credentials or Proton Bridge config, 1Password session tokens or CLI auth, and possibly cloud provider credentials for some services. The skill also writes exported passkeys and presumably API keys to disk before moving them to 1Password. Requesting unspecified credentials or accessing local services without declaring them is disproportionate and raises risk of misconfiguration or accidental secret exposure.
Persistence & Privilege
The skill is not marked always:true and is user-invocable, so it does not have elevated forced persistence. Autonomous invocation is allowed (platform default) but that alone is not flagged. The SKILL.md does instruct writing persistent artifacts (files under /tmp, 1Password entries) but it does not attempt to modify other skills or global agent config.
What to consider before installing
This skill automates account creation and handles very sensitive secrets (email inbox access, passkeys, API keys, and 1Password storage). Before installing or invoking it, ask the publisher to: 1) list required binaries and exact environment variables (Playwright/Chrome, Node, 1Password CLI/OP session env, Proton Bridge/IMAP creds); 2) explain how 1Password authentication is performed (which env var or interactive flow) and confirm it will not leak tokens; 3) avoid writing raw credentials to world-readable temp files (don't write passkeys/API keys to /tmp or at minimum encrypt them and clean up securely); 4) provide a minimal, auditable example run or source code so you can review how private data is handled; and 5) run the skill first in an isolated sandbox account/environment. If the publisher cannot provide those clarifications, treat the skill as high risk for accidental credential exposure or misuse.Like a lobster shell, security has layers — review code before you run it.
latestvk973pe2zjcwdw1w5t0dqt0bky583rj3b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis