ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Otp Challenger

v1.0.6

Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - deploy commands, financial operations, data access, admin operations, and change control.

0· 2.5k·0 current·0 all-time
by@ryancnelson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (TOTP + YubiKey verification) align with the included scripts (verify.sh, check-status.sh, generate-secret.sh), the declared binaries (openssl, curl, base64, jq, python3, optionally oathtool) are reasonable for the stated functionality, and the conditional env vars (OTP_SECRET, YUBIKEY_CLIENT_ID, YUBIKEY_SECRET_KEY) are the exact credentials needed.
Instruction Scope
Runtime instructions and scripts operate within the expected scope: they read config (~/.openclaw/config.yaml) or env vars for secrets, maintain a local state file (memory/otp-state.json), call Yubico's API for YubiKey validation, and log audit events. They do not appear to read unrelated system files. However the SKILL.md and scripts document an OTP_FAILURE_HOOK that the skill will execute on failure events; that hook runs arbitrary shell commands and is therefore out-of-band behavior that increases risk if misconfigured or abused.
Install Mechanism
Install spec only references Homebrew formulas (jq, python3, oath-toolkit). No downloads from untrusted URLs, no archive extraction, and the repo files are present in the skill bundle. Homebrew usage is proportionate for these native binaries.
!
Credentials
No required global credentials are demanded by default; required credentials are conditional and match their purpose (TOTP secret or Yubico client id/secret). However OTP_FAILURE_HOOK is an environment/config option that allows arbitrary commands to run as the agent user on verification failures. The README even includes an example hook that kills OpenClaw — this is a high-risk capability that is disproportionate unless the operator explicitly intends it and has locked down the hook's contents and permissions.
Persistence & Privilege
The skill does not request forced or persistent platform-level privileges (always:false). It writes state to its own workspace memory file and may write audit logs, which is expected. The main persistence/privilege risk is the configurable failure hook and any scripts it calls; those run with the same privileges as the agent and can have system impact if misused.
What to consider before installing
This skill appears to implement what it claims, but review these items before installing: 1) Inspect verify.sh (and related scripts) yourself to confirm there are no unexpected network endpoints beyond api.yubico.com and no hidden behavior. 2) Don’t set OTP_FAILURE_HOOK to an unrestricted or destructive script; prefer a safe notifier (append-only logging or an alert sender) and lock its file permissions. 3) Keep OTP_SECRET and YUBIKEY_SECRET_KEY in a secure secret manager (1Password/Bitwarden) and avoid plaintext in ~/.openclaw/config.yaml when possible. 4) Verify the skill source — SKILL.md references a GitHub repo, but the registry metadata shows no homepage; prefer installing from a verified upstream repository (and check commit history/signature). 5) Run the scripts in a controlled environment or sandbox first, and review audit logs after test runs. If you rely on autonomous agent invocation, be extra cautious about enabling any hook that executes commands.

Like a lobster shell, security has layers — review code before you run it.

2favk9719cdnhanwmktk0khzp97e4580avf7latestvk976ehcm4arbhfxk0wb6qg16p58118x7otpvk9719cdnhanwmktk0khzp97e4580avf7securityvk9719cdnhanwmktk0khzp97e4580avf7totpvk9719cdnhanwmktk0khzp97e4580avf7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsjq, python3, curl, openssl, base64
Any binoathtool, node

Install

Install jq via Homebrew
Bins: jq
brew install jq
Install Python 3 via Homebrew
Bins: python3
brew install python3
Install OATH Toolkit via Homebrew
Bins: oathtool
brew install oath-toolkit

Comments