ClawHub

MFA WORD

v1.1.0

Enforces MFA by requiring a secret word to access protected sensitive data and allows emergency reset with a super secret word.

0· 674·0 current·0 all-time
by@cenralsolution
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to gate access to sensitive actions using a secret word and an emergency reset word; the code implements local storage of hashed secrets, a session state, check/verify/reset functions, and audit logging under ~/.openclaw. The requested resources (no network, no external credentials) match the stated purpose.
Instruction Scope
SKILL.md instructs the agent to call check_gate_status/verify_access before performing sensitive actions — the code provides those functions. However, the skill cannot enforce checks on I/O or commands outside of agent cooperation; it relies on the agent following the protocol. Also SKILL.md mentions protecting .ssh in examples, but the default sensitive_list in code does not include '.ssh' (only .env, password, config, sudo).
Install Mechanism
No install spec or external downloads are present. The skill includes a local JS module only; nothing is pulled from the network or written to non-standard system locations beyond ~/.openclaw.
Credentials
The skill requests no environment variables or external credentials. It stores data locally in ~/.openclaw (vault and audit log) which is consistent with a local MFA gatekeeper. Note: file writes require filesystem permissions and the vault/log files should be protected by filesystem ACLs/permissions.
Persistence & Privilege
The skill does create persistent artifacts (~/.openclaw/mfa_vault.json and ~/.openclaw/mfa_audit.log) and will append audit entries. It does not set always: true, does not modify other skills, and has no network persistence — but users should be aware that it writes persistent files to the home directory and that audit logs may reveal usage timing.
Assessment
This skill is coherent with its stated purpose, but review these points before installing: - Local file writes: it stores a vault (hashed secrets) and an audit log in ~/.openclaw. Ensure you are comfortable with those files existing and set restrictive filesystem permissions (chmod 600) if you use it. - Crypto: secrets are hashed with plain SHA-256 without salt or a slow KDF; low-entropy secret words could be brute-forced if an attacker obtains mfa_vault.json. Consider using a stronger KDF (e.g., PBKDF2/scrypt/Argon2) or adding a per-user salt. - Agent-enforced-only: the skill relies on the agent to call its check/verify functions before performing sensitive actions. The skill cannot prevent other code from accessing files or running commands — it is a procedural gate, not a kernel-level enforcer. - Code quality: index.js mixes CommonJS require(...) with export const declarations which may cause runtime errors depending on how the platform loads modules; validate the module works in your agent environment. - Audit logs: logs contain action/result entries (no plaintext secrets) but may reveal usage patterns; consider rotating or protecting them. If you decide to use it: verify the module runs in your environment, harden vault/log permissions, consider improving the hashing method, and test reset and dead-man-switch behavior. If you need a stronger enforcement boundary, use a system-level access control mechanism rather than relying solely on an agent skill.

Like a lobster shell, security has layers — review code before you run it.

2favk977km58q2vrt6k7cn1bm5tf01814zt3access-controlvk977km58q2vrt6k7cn1bm5tf01814zt3anti-injectionvk977km58q2vrt6k7cn1bm5tf01814zt3audit-logsvk977km58q2vrt6k7cn1bm5tf01814zt3authenticationvk977km58q2vrt6k7cn1bm5tf01814zt3credential-safetyvk977km58q2vrt6k7cn1bm5tf01814zt3dead-mans-switchvk977km58q2vrt6k7cn1bm5tf01814zt3ecurityvk977km58q2vrt6k7cn1bm5tf01814zt3encryptionvk977km58q2vrt6k7cn1bm5tf01814zt3file-protectionvk977km58q2vrt6k7cn1bm5tf01814zt3gatekeepervk977km58q2vrt6k7cn1bm5tf01814zt3guardrailsvk977km58q2vrt6k7cn1bm5tf01814zt3latestvk977km58q2vrt6k7cn1bm5tf01814zt3mfavk977km58q2vrt6k7cn1bm5tf01814zt3middlewarevk977km58q2vrt6k7cn1bm5tf01814zt3pii-protectionvk977km58q2vrt6k7cn1bm5tf01814zt3privacyvk977km58q2vrt6k7cn1bm5tf01814zt3safetyvk977km58q2vrt6k7cn1bm5tf01814zt3session-lockvk977km58q2vrt6k7cn1bm5tf01814zt3sha256vk977km58q2vrt6k7cn1bm5tf01814zt3zero-trustvk977km58q2vrt6k7cn1bm5tf01814zt3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments