ClawHub

Safe .env Manager

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local .env management helper; its sensitive file access matches its purpose, though users should avoid pasting real secrets into the example commands.

Install only if you want an agent to manage local .env files. Use it for key-only checks by default, approve set/unset operations deliberately, do not paste real secrets into visible command examples or chat transcripts, and periodically prune backup files after rotating sensitive values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Credential Access

High
Category
Privilege Escalation
Content
- Check key exists:
  - `node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env exists OPENAI_API_KEY`
- Set/update key (safe stdin, default):
  - `printf '%s' 'NEW_VALUE' | node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env set OPENAI_API_KEY --stdin`
- Add new key with mandatory comment (recommended):
  - `printf '%s' 'NEW_VALUE' | node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env set NEW_PROVIDER_API_KEY --stdin --comment "Provider key for xxx integration"`
- Set only when missing:
Confidence
70% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
- Set/update key (safe stdin, default):
  - `printf '%s' 'NEW_VALUE' | node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env set OPENAI_API_KEY --stdin`
- Add new key with mandatory comment (recommended):
  - `printf '%s' 'NEW_VALUE' | node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env set NEW_PROVIDER_API_KEY --stdin --comment "Provider key for xxx integration"`
- Set only when missing:
  - `printf '%s' 'NEW_VALUE' | node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env set OPENAI_API_KEY --stdin --if-missing`
- Remove key:
Confidence
70% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
- Add new key with mandatory comment (recommended):
  - `printf '%s' 'NEW_VALUE' | node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env set NEW_PROVIDER_API_KEY --stdin --comment "Provider key for xxx integration"`
- Set only when missing:
  - `printf '%s' 'NEW_VALUE' | node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env set OPENAI_API_KEY --stdin --if-missing`
- Remove key:
  - `node {baseDir}/scripts/envsafe.js --file /home/node/.openclaw/.env unset OPENAI_API_KEY`
- Lint format/duplicates:
Confidence
68% confidence
Finding
.env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal