Keychain Access
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for managing macOS Keychain passwords, but it handles real credentials and overstates how safely password inputs are kept out of process listings.
Install only if you trust this local helper and need agent-assisted Keychain management. Use explicit service/account filters, avoid --raw unless you truly need to reveal a password, avoid --yes unless you have approved the exact change, and be aware that setting a password may still expose it briefly in the spawned security command's process arguments.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When setting a password, another local process or user with process-list visibility may be able to observe the secret briefly.
The helper stores a user-supplied password by placing it in the argument list of the spawned macOS security command. Even if the user supplied the secret through stdin, an environment variable, or a hidden prompt, the secret still becomes a child-process command-line argument.
local cmd=(security add-generic-password -s "$SERVICE" -a "$ACCOUNT" -w "$PASSWORD" -U)
Use only on trusted local machines, avoid highly sensitive secrets until this is documented or fixed, and prefer an implementation path that does not pass passwords through command-line arguments.
A user may choose this skill believing the safer input modes fully avoid process-list exposure, when they only avoid exposing the secret in the initial helper command.
This safety claim is incomplete because the script later invokes `security add-generic-password ... -w "$PASSWORD"`, putting the secret into the security process arguments. Users may rely on a stronger privacy guarantee than the implementation provides.
Prefer `--password-stdin`, `--password-env VAR`, or the hidden interactive prompt for `set`. These keep secrets out of process listings and shell history.
Correct the documentation to disclose the downstream `security -w` argument exposure, or change the implementation to avoid passing the secret via argv.
If an agent uses --yes without clear user approval, credentials could be overwritten or deleted without an interactive confirmation step.
Skipping prompts is documented and can be useful, but this skill can update or delete persistent Keychain credentials, so automated use must remain explicitly user-authorized.
The script prompts by default and accepts `--yes` to skip the prompt for automation.
Use --dry-run first, keep default confirmations for interactive use, and only allow --yes after the user has clearly approved the exact service/account and action.
Users have less external provenance information to rely on when deciding whether to trust a credential-management helper.
The artifacts include the helper and no remote install step, but provenance is limited for a skill that handles local credentials.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included script before use and prefer installing credential-handling skills from publishers and repositories you trust.