ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Connect

v1.1.0

Connect Claude to Clawdbot instantly and keep it connected 24/7. Run after setup to link your subscription, then auto-refreshes tokens forever.

12· 5.2k·28 current·29 all-time
by@tunaissacoding·duplicate of @tunaissacoding/claude-oauth-refresher-final
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description promise (connect Claude to Clawdbot and auto-refresh tokens) aligns with the actual scripts: they read Keychain entries, call the OAuth endpoint, update ~/.clawdbot/agents/.../auth-profiles.json, and install a launchd job. Minor inconsistency: many docs/scripts refer to a 'claude-oauth-refresher' name while the registry entry is 'claude-connect', and README.md declares the repo deprecated — this naming/ageing mismatch is confusing but plausibly explained by a rename or deprecation notice.
!
Instruction Scope
Runtime instructions and shipped scripts explicitly read macOS Keychain credentials, parse ~/.clawdbot/clawdbot.json, may call clawdbot CLI (e.g., message search) to auto-detect notification targets, write to auth-profiles.json, update Keychain, and restart the gateway. Those actions are consistent with the stated feature set, but they are high-privilege and touch sensitive local data (tokens, chat IDs, messaging history via CLI). The auto-detection step that runs clawdbot message search may access local messages/metadata; confirm you are comfortable with those reads and any CLI output parsing before running.
Install Mechanism
There is no external install spec (no network download); installation is via the included install.sh script (shipped in the skill). That reduces supply-chain risk from remote downloads but means you must inspect the shipped scripts before execution. The package writes a launchd plist into ~/Library/LaunchAgents and creates config/log files under $HOME — expected for this use but persistent.
!
Credentials
The registry lists no env vars (correct), but the skill needs access to macOS Keychain and to read/write Clawdbot configuration files. Those accesses are proportionate to the goal (refreshing tokens), but they are sensitive: the scripts will read refresh/access tokens and will write OAuth credentials into Clawdbot's auth-profiles.json and Keychain. The skill does not request unrelated credentials, but you should verify Keychain identifiers used and ensure no unexpected network endpoints are contacted beyond auth.anthropic.com and local Clawdbot CLI.
!
Persistence & Privilege
The installer creates a launchd job that runs every 2 hours to refresh tokens — persistent background presence is intentional for the feature. always:false (normal), but persistent auto-refresh combined with Keychain access increases blast radius if the code were malicious or later modified. The SKILL.md includes uninstall steps and a verify/validate script, which is good; still review the launchd plist and scripts before enabling.
What to consider before installing
This package appears to implement exactly what it says (reading Keychain, refreshing Claude OAuth, writing Clawdbot auth profiles, and installing a launchd refresher), but it is persistent and touches sensitive local tokens and messaging config. Before installing: 1) Inspect refresh-token.sh, install.sh, and the launchd plist for any unexpected network endpoints or commands; confirm the only external OAuth calls are to auth.anthropic.com (or other expected endpoints). 2) Back up ~/.clawdbot/agents/.../auth-profiles.json and your Keychain entries. 3) If you don't need it: README notes Clawdbot may already handle this natively — consider using the native feature instead. 4) If you proceed, run install.sh interactively and verify validate-update.sh / verify-setup.sh outputs; after installation, check ~/Library/LaunchAgents for the plist and inspect its contents. 5) If you are uncomfortable granting ongoing Keychain/config write access, do not install. If you want higher assurance, run the scripts in a controlled/test account or review them with a security-savvy colleague.

Like a lobster shell, security has layers — review code before you run it.

latestvk975tadega61c91qg39e94eh057zz0qz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments