Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, description, and features (set/get/list/delete) match the included script's functionality. However the SKILL.md says the encryption key is read from an environment variable and the storage filename is '.secure-storage.json', whereas the script hardcodes the encryption key and writes to '$HOME/.openclaw/workspace/memory/secure-storage.json' — these mismatches are unexpected and unexplained.
Instruction Scope
SKILL.md instructs running the provided node script and warns the encryption key is from an env var; the actual script does not read any env var for the key and uses a hardcoded SIMPLE_KEY. The SKILL.md/README also references a different storage filename than the script uses. The script performs only local file I/O and no networking, but the documentation gives a false impression about how the key is provided.
Install Mechanism
No install spec (instruction-only with one script). This has low install risk: nothing is downloaded or executed implicitly during install.
Credentials
SKILL.md claims the encryption key comes from an environment variable, but the skill.json declares no required env vars and the script ignores environment variables for the key. Instead the code uses a hardcoded SIMPLE_KEY and a static salt ('salt') when deriving an AES key — this is disproportionate to the claimed secure behavior and weakens confidentiality.
Persistence & Privilege
Skill does not request 'always: true' and is user-invocable only. It writes a storage file under the user's HOME path (creates ~/.openclaw/workspace/memory/secure-storage.json) with file mode 0600, which is reasonable for a local CLI tool. It does not modify other skills or system-wide configs.
What to consider before installing
This skill implements local encrypted storage but is misleading and not safe for high-value secrets as-is. Key issues to consider before installing or using: 1) SKILL.md claims the encryption key comes from an environment variable, but the script ignores env vars and uses a hardcoded SIMPLE_KEY ('openclaw-secure-storage-v1') with a static salt — an attacker who obtains the repo can decrypt stored values. 2) The code uses a simple AES-256-CBC scheme with a static salt and no authentication (no AES-GCM or HMAC), which is not production-grade. 3) The documented filename ('.secure-storage.json') differs from the actual path the script writes to ('$HOME/.openclaw/workspace/memory/secure-storage.json'), which could cause surprise or data scattering. 4) Although the file is written with 0600, anyone with filesystem access to your HOME can read it; do not store high-value secrets (root-level AWS keys, production tokens) without stronger protections. Recommended actions: do not rely on this for critical secrets; ask the author to (a) actually read the encryption key from a required env var and declare it in metadata, (b) use a well-reviewed authenticated encryption scheme (e.g., AES-GCM or use OS keychain/KMS), (c) use a proper per-secret salt/IV/key derivation and not a hardcoded salt or key, (d) fix documentation to match actual storage path, and (e) consider storing secrets in the OS keyring or cloud KMS instead. If you still want to use it for low-value items, review and run the script in an isolated environment and consider modifying it to accept and require a real secret (from env) and to use authenticated encryption.Like a lobster shell, security has layers — review code before you run it.
latestvk973p999jdh3mkzp92zcq874yx84vkgt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.