Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Authy
v0.3.0Inject secrets into subprocesses via environment variables. You never see secret values — authy run injects them directly. Use for any command that needs API...
⭐ 2· 689·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (secret injection) matches the required binary (authy) and required env vars (AUTHY_TOKEN, AUTHY_KEYFILE). However, registry metadata lists no required config file or primary credential while the SKILL.md metadata explicitly requires $AUTHY_KEYFILE and AUTHY_TOKEN — a mismatch in declared requirements between registry and SKILL.md.
Instruction Scope
SKILL.md limits agent actions to `authy list` and `authy run`, and describes how to run arbitrary subprocesses with secrets injected. That is consistent with the stated purpose, but by design it gives an invoked command full access to secret values in its environment. The instructions also rely on the agent/script writer to never echo/log secrets (a behavioral constraint that is unenforceable), which increases the risk of accidental or malicious exfiltration.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. It does require a preinstalled `authy` binary on PATH, which is reasonable for a CLI wrapper.
Credentials
Requiring AUTHY_TOKEN and AUTHY_KEYFILE is proportionate for a secret-injection CLI. But SKILL.md metadata claims the KEYFILE path (files: ["$AUTHY_KEYFILE"]) while registry metadata lists no config paths; primary credential is unspecified in registry though SKILL.md calls out AUTHY_TOKEN as the run credential. This inconsistency should be clarified.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request modifying other skills or global config. Autonomous invocation is allowed by platform default, which increases blast radius but is not a standalone reason to reject.
What to consider before installing
This skill appears to do what it says — it wraps an on-PATH authy CLI to inject secrets as environment variables for subprocesses. Before installing, verify: (1) the `authy` binary's origin and integrity (the SKILL.md references a GitHub repo but registry shows no homepage), (2) whether you are comfortable giving the agent access to AUTHY_TOKEN and AUTHY_KEYFILE (these allow retrieval/injection of secrets), and (3) that tokens granted are least-privilege and run-only. Note the metadata mismatches (registry vs SKILL.md) and ask the publisher to clarify required files and which env var is the primary credential. Finally, avoid enabling autonomous agent invocations with broad permissions — any command run via `authy run` can access injected secrets and could exfiltrate them if misused.Like a lobster shell, security has layers — review code before you run it.
latestvk97d24q7s4mkmcbda2jb0ehdvd81fjat
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsauthy
EnvAUTHY_KEYFILE, AUTHY_TOKEN