Firm Auth Compliance Pack
v1.0.0Authentication and compliance audit pack. OAuth 2.1/OIDC Discovery, token scope enforcement, tool deprecation lifecycle, circuit breaker, GDPR residency, DID...
⭐ 0· 285·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name, description, and listed tools align with an authentication/compliance audit pack. However, the SKILL.md lists eight command-line-style tools but the skill provides no code or binaries itself; it declares a dependency on 'mcp-openclaw-extensions >= 3.0.0' in the SKILL.md metadata, implying those implementations must come from that extension. This is a reasonable design but depends entirely on that external package being present and trustworthy.
Instruction Scope
Runtime instructions show invoking tools like openclaw_oauth_oidc_audit with a config_path (e.g., /path/to/config.json). The instructions do not ask the agent to read unrelated system files or environment variables, but they do assume access to user-supplied config files — which may contain secrets. The SKILL.md also includes a caution that generated content needs human validation.
Install Mechanism
No install spec and no code files: lowest-risk distribution model. The skill is instruction-only and therefore does not write files or download archives itself. The only install-related requirement is the declared dependency on 'mcp-openclaw-extensions >= 3.0.0', but there is no install step provided here.
Credentials
The skill declares no required environment variables, credentials, or config paths. This is proportionate to the stated purpose of being an audit/instruction pack. Caveat: the external tools it invokes (from the required extension) may in practice need credentials or access to config files containing secrets — the SKILL.md does not document those runtime needs.
Persistence & Privilege
Flags show the skill is not always-enabled and allows user invocation; model invocation is enabled by default (normal). The skill does not request persistent system presence or modifications to other skills. Because it can be invoked autonomously by the agent, users should be mindful that running the audits could cause the agent to read configuration files if instructed.
Assessment
This skill is an instruction-only compliance pack that expects 'mcp-openclaw-extensions >= 3.0.0' to provide the actual tools. Before installing or running it: 1) Confirm the external extension (mcp-openclaw-extensions) is present and from a trusted source; the skill itself contains no code. 2) Review any configuration files you pass as config_path — they may contain secrets or credentials; do not point the tool at sensitive files unless you trust the tool implementation. 3) Since the agent can invoke skills autonomously, consider restricting automatic runs until you've validated outputs manually. 4) Because the skill’s source/homepage is unknown, perform an additional provenance check or manual review of the extension that will supply the audit commands.Like a lobster shell, security has layers — review code before you run it.
latestvk975z5yhdcpcc59251ya22t4dn825dqr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.