Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenAI Auth Switcher Public
v0.3.1-previewWeb-first, publishable OpenClaw skill for OpenAI OAuth account switching. Use when you need a reusable public-track workflow for first-run takeover, environm...
⭐ 0· 145·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts: the package contains installers, runtime discovery, import/backup/restore helpers, and a web preview—all expected for an OpenAI OAuth 'auth switcher' workflow. The presence of file-copy, backup and restore logic, port selection, generated admin credentials, and systemd user service management is coherent with the stated goals.
Instruction Scope
SKILL.md explicitly instructs the operator to run install.sh and helper scripts (doctor.py, env_detect.py, inspect_runtime.py, import-auth flows). These instructions require reading and writing local OpenClaw runtime files (auth-profiles.json, service units, runtime state). The preview API includes POST /api/import-auth that accepts an absolute path and will copy/validate the supplied auth file into the runtime location—this is functionally appropriate for first-run takeover but is high-sensitivity behavior and should be executed only after manual inspection and on trusted machines.
Install Mechanism
No external install spec or network download is present in the manifest (instruction-only in registry). The repository contains local install.sh and Python scripts that run locally; there are no obvious external fetches in the provided snippets. That lowers supply-chain risk compared to remote installers, but you must still audit included scripts because they will be executed on the host.
Credentials
The skill declares no required env vars, but the code and docs reference OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR and other OpenClaw path overrides and will probe/copy local auth files. The scripts perform file I/O on sensitive auth-profiles.json, create backups, and rebuild token ledgers. There is also an 'hourly_usage' rollup script (local analytics) which could transmit telemetry—its network behavior is not shown and should be audited. Access to local credential-bearing files is expected for this tool, but it is inherently sensitive and the skill does not declare explicit credential requirements in metadata (so users may underestimate impact).
Persistence & Privilege
always:false and model invocation is allowed (default) — normal for skills. The install flow creates/manages a systemd user unit under ~/.config/systemd/user (the unit path is hard-coded in install.sh). The skill writes runtime files under its own runtime area by design but also writes or copies auth files into the OpenClaw runtime location and may create backups. This is coherent with its purpose but elevates its privileges on the host; run only with appropriate user consent and review.
What to consider before installing
This package is credential-adjacent and will read/write local OpenClaw auth files and manage a user-level service. Before installing: 1) Review service/app.py and any network/telemetry code (hourly_usage.py) to confirm nothing phones home or exposes tokens. 2) Inspect scripts that copy or restore auth-profiles.json (scripts/auth_file_lib.py, scripts/import_auth_file.py) to ensure import behavior is intentional and safe. 3) Run doctor.py and env_detect.py in --json mode on an isolated/test machine first. 4) Set OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR to an external test directory (per docs) to avoid polluting the source tree. 5) Backup existing auth-profiles.json and related OpenClaw state before any import/switch operations. 6) If you do not trust the author or cannot audit the code, do not run install.sh on production hosts — prefer running in a sandbox or VM and use the packaging wrapper (package_public_skill.py) to inspect artifacts before publishing or deploying.Like a lobster shell, security has layers — review code before you run it.
latestvk978nf31rx9cjnyp9bvj2km0rs83g77x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.