Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agentsecrets
v1.1.2Zero-knowledge secrets infrastructure — AI agents manage the complete credential lifecycle without ever seeing values
⭐ 1· 424·1 current·1 all-time
byAdemijuwon Wisdom@steppacodes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to be a zero-knowledge secrets manager and all runtime instructions, README, and helper scripts revolve around the agentsecrets CLI, workspace/project/environment management, and making authenticated calls. Requiring an agentsecrets CLI (per SKILL.md) is appropriate for this purpose. Note: the registry metadata shown to me lists 'Required binaries: none' while SKILL.md declares an agentsecrets binary requirement — a minor metadata mismatch but not a functional incoherence.
Instruction Scope
SKILL.md instructs the agent to run agentsecrets commands (status, init, workspace/project/env operations, and agentsecrets call) and to ask the user before high-impact operations (invites, deletions, allowlist updates). The included scripts are simple wrappers that sanitize arguments and exec agentsecrets. The instructions do not tell the agent to read unrelated files or harvest unrelated environment variables. They do rely on the agentsecrets binary to access the OS keychain and perform network calls to user-specified endpoints, which is consistent with the stated functionality.
Install Mechanism
This is instruction-only (no download/install spec in the bundle). SKILL.md suggests standard install methods (npx, brew, pip, go). The bundle's scripts and README do not download arbitrary code from unknown servers. No high-risk 'download+extract' steps are present in the skill itself.
Credentials
The skill requests no credentials or environment variables in the registry metadata. SKILL.md includes an optional AGENTSECRETS_INSTALLED flag and documents that the CLI reads credentials from the OS keychain (which is expected for a secrets manager). There are no unrelated or excessive environment/credential requests in the bundle.
Persistence & Privilege
The skill is not always:true and is user-invocable. It is intended to run commands autonomously (disable-model-invocation is false by default), which aligns with its purpose. Because the skill makes agent-invoked CLI calls that may perform network actions, you should be aware that the agent can autonomously execute those agentsecrets commands when the skill is invoked — this is expected but increases the importance of trusting the agentsecrets binary and configuration.
Assessment
This skill appears internally consistent: it delegates all secret handling to the agentsecrets CLI and contains only safe wrapper scripts. Before installing, verify you trust the upstream AgentSecrets binary (install source: Homebrew/NPM/PyPI/Go) because that binary will access your OS keychain and perform network requests. Confirm that the tool does not print secret values to stdout in your workflows, and review ~/.agentsecrets/proxy.log (the skill claims it records key names only) if you need an audit trail. Note the small metadata mismatch: the registry listing shows no required binaries while SKILL.md expects the agentsecrets CLI — ensure the CLI is installed from a trusted source before letting the agent run commands autonomously.Like a lobster shell, security has layers — review code before you run it.
latestvk97evctn9ysed3270aeygxe4bn83ceht
License
MIT-0
Free to use, modify, and redistribute. No attribution required.