Trifle Auth
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: trifle-auth Version: 1.1.0 The skill is classified as suspicious due to its direct programmatic interaction with 1Password (`op` CLI) to read and create private keys, and its fallback to storing private keys in a local file (`~/.trifle-wallet.key`). While these actions are central to the skill's stated purpose of 'wallet-based authentication' and are implemented with some security considerations (e.g., `spawnSync` for `op` CLI, `0o600` file permissions, writing JWT to temp file), the inherent power and sensitivity of handling private keys and interacting with a password manager make it a high-risk capability. There is no clear evidence of intentional malicious behavior like exfiltration to unauthorized domains or prompt injection to subvert the agent, but the capabilities themselves are significant security concerns if the skill were compromised or misused.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong 1Password item exists or a valuable wallet key is supplied, the skill can sign Trifle login messages as that wallet and create account sessions tied to it.
The skill reads an Ethereum private key from an environment variable or a hard-coded 1Password item, while generated keys are saved under a different hard-coded item and passed to the 1Password CLI as a process argument. That is high-impact wallet authority with unclear per-user scoping.
if (process.env.TRIFLE_PRIVATE_KEY) { return process.env.TRIFLE_PRIVATE_KEY; } ... spawnSync('op', ['read', 'op://Gigi/EVM Wallet - Gigi/private_key'] ... '--title', 'EVM Wallet - Trifle Agent' ... `private_key=${privateKey}`Use only a new low-value wallet for Trifle, verify and align the 1Password item/path before login, avoid passing secrets as command-line arguments, and declare the wallet credential explicitly.
Another local process or skill that can read the state file may be able to act as the user on Trifle until the token expires or is revoked.
The bearer JWT is stored persistently in the local state file, and this write does not specify restrictive permissions. The token is intended for reuse by other skills, so broad local readability would expose the Trifle session.
function saveState(state) { writeFileSync(STATE_FILE, JSON.stringify(state, null, 2)); } ... const state = { token: result.token, address: account.address, ... }; saveState(state);Store the auth state with mode 0600 or in a secure credential store, document token lifetime and revocation, and require explicit user consent before sharing the token with other skills.
Installing the skill may fetch and run standard npm dependency installation steps on the local machine.
The skill includes an install hook that changes file permissions and installs npm dependencies. This is purpose-aligned for the Node-based helper, but users should notice that installation executes package-manager behavior.
"install": { "post": "chmod +x trifle-auth.mjs && npm install" }Install only from a trusted source and review the package lock/dependencies before use.