ClawHub

A2A Vault

v2.0.0

Zero-knowledge secrets management via PassBox — store, retrieve, rotate, and inject credentials securely.

0· 409·0 current·0 all-time
byLê Minh Hiếu@paparusi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (zero-knowledge secrets management) align with the listed passbox_* tools (store, retrieve, list, rotate, import .env, inject into executions). The install spec (npm package @a2a/openclaw-plugin) plausibly provides those tools.
!
Instruction Scope
SKILL.md explicitly instructs the agent to "Read your local .env file" and to perform bulk retrievals (passbox_get_environment) and automated injection (a2a_secure_execute). The skill declares no required config paths or file permissions, and does not constrain how retrieved plaintext secrets may be handled or transmitted. Asking the agent to read local files and resolve placeholders increases the risk of unintended exfiltration and is not declared in the metadata.
Install Mechanism
The install uses an npm package (@a2a/openclaw-plugin). That's a typical mechanism but adds moderate risk compared with instruction-only skills. There is no homepage, source repository, or release provenance in the metadata, which reduces confidence in the package's trustworthiness.
!
Credentials
No environment variables or credentials are requested, which is reasonable. However, the skill instructs reading local .env files and retrieving entire environment secret sets without declaring file/config access; that implicit request for local file access and bulk secret access is disproportionate to the metadata and should be explicitly declared and justified.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request persistent system-wide privileges in the manifest and does not claim to modify other skills or system configs.
Scan Findings in Context
[no-findings] expected: The static regex scanner found no matches because this is an instruction-only skill with no code files. That absence is not evidence of safety; the SKILL.md itself instructs local file access and secret retrieval which the scanner could not analyze.
What to consider before installing
Before installing, verify the npm package provenance and vendor: look up @a2a/openclaw-plugin on the registry, inspect its source repository and recent releases, and confirm the publisher identity. Ask the author to declare any required file paths/permissions (reading .env) and to explain how decrypted secrets are handled, logged, or transmitted (especially with passbox_get_environment and a2a_secure_execute). If you plan to use this in sensitive environments, consider restricting the agent's file access or testing in a low-risk environment first, and require explicit confirmation before any bulk export/injection of secrets. If you cannot verify the package source or the team, treat the installation as higher-risk and avoid granting the agent access to production .env files or production secrets until you have more provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk9793mhv8ynfbak77nafn7e4ys81nje4passboxvk9793mhv8ynfbak77nafn7e4ys81nje4secretsvk9793mhv8ynfbak77nafn7e4ys81nje4securityvk9793mhv8ynfbak77nafn7e4ys81nje4vaultvk9793mhv8ynfbak77nafn7e4ys81nje4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis

Install

Install A2A Corp pluginnpm i -g @a2a/openclaw-plugin

Comments