Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Safe Encryption
v0.1.0Encrypt, decrypt, and manage keys with the SAFE CLI — a modern GPG alternative with post-quantum support.
⭐ 0· 621·0 current·0 all-time
byNick Sullivan@grittygrease
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (encrypt/decrypt/manage keys) aligns with the runtime instructions. However, the SKILL.md instructs aggressive behaviors that go beyond a passive helper: auto-installing a system binary (using sudo/mv), auto-generating and auto-storing keys in ~/.safe/, and 'Just do it. Don't ask for confirmation.' Those actions are plausible for a CLI helper but are higher-impact than the description implies.
Instruction Scope
Instructions tell the agent to (a) auto-install a binary from thesafe.dev without asking, (b) auto-generate keys and store them in ~/.safe/, and (c) for decryption, automatically try all keys in ~/.safe/keys/ if no key is specified. The skill also references using SAFE_PASSPHRASE and 'env:VARNAME' for automation although no envs are declared. Directives to auto-run cryptographic operations without user confirmation and to probe local key files are scope creep and sensitive.
Install Mechanism
Installation is via curl from https://thesafe.dev/downloads/... and a sudo mv into /usr/local/bin. This is a direct binary download from an external site (not a known package manager or signed release flow in the SKILL.md). The doc lists SHA‑256 checksums on the same domain (better than nothing) but no detached signature or independent verification is provided. Automatic, unattended curl|chmod|sudo moves are higher-risk.
Credentials
Registry metadata declares no required env vars, but SKILL.md mentions SAFE_PASSPHRASE and using -p env:VARNAME for automation. The skill will read or expect passphrases and local key files (~/.safe/...). Asking the agent to probe and try all local keys can expose many local secrets. The requested environment/credential access is not fully reflected in the declared requirements and is higher-sensitivity than the metadata suggests.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform privileges. However, the install instructions write a system-wide binary to /usr/local/bin (requires sudo), which is a system-level change. This is legitimate for a CLI but increases privilege impact and should be performed with user approval rather than automatically.
What to consider before installing
This skill mostly does what it says (manage encryption via the SAFE CLI), but there are several red flags you should consider before installing or allowing the agent to act autonomously: 1) The SKILL.md tells the agent to auto-install a prebuilt binary from https://thesafe.dev and move it into /usr/local/bin with sudo — don't allow that without manual review. 2) The document references SAFE_PASSPHRASE and env-based automation, but the registry metadata lists no required envs — expect the skill to read environment variables if present. 3) The skill instructs the agent to automatically try all keys in ~/.safe/keys/ for decryption and to perform cryptographic operations without confirmation — this could cause the agent to access many local secrets or decrypt files unintentionally. 4) If you want to use this skill, install the SAFE binary yourself (and verify checksums/signatures), deny automatic installation, require explicit confirmation before any encrypt/decrypt action, and avoid letting the agent probe your key directory or environment variables. If you prefer lower risk, use the browser-based alternative described and interact manually or via your own trusted browser automation with careful controls.Like a lobster shell, security has layers — review code before you run it.
cryptographyvk974a83a4m8jc15ns28y2r9f6h81gcj4encryptionvk974a83a4m8jc15ns28y2r9f6h81gcj4gpg-alternativevk974a83a4m8jc15ns28y2r9f6h81gcj4latestvk974a83a4m8jc15ns28y2r9f6h81gcj4post-quantumvk974a83a4m8jc15ns28y2r9f6h81gcj4securityvk974a83a4m8jc15ns28y2r9f6h81gcj4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.