ClawHub

Keys Manager

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate secret-management skill, but it gives an agent broad ways to reveal, export, sync, and delete credentials without enough safety guidance.

Install only if you trust the external `keys` CLI and want an agent to interact with your local secret store. Prefer targeted retrieval or `keys inject` for a single command, avoid `eval $(keys expose)`, be careful with `.env` files, use sync only on trusted networks, and treat non-macOS use as lower-friction access to stored credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly recommends commands that generate or export secrets into a `.env` file but does not warn that this creates plaintext secret material on disk that may be committed, backed up, indexed, or read by other local processes. In a secret-management skill, omission of storage-safety guidance materially increases the chance of accidental credential disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill promotes `keys expose` and especially `eval $(keys expose)` without warning that secrets printed to stdout can leak through terminal logs, shell history, process monitoring, CI logs, or accidental copy/paste. Using shell evaluation on secret-bearing output is particularly risky because it encourages broad propagation of credentials into the shell environment with little user visibility.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The sync feature transmits secrets over the network and advertises auto-discovery via mDNS, yet the documentation does not clearly warn users to restrict use to trusted/reachable networks and to verify peers before transferring credentials. Even with encryption, insufficient guidance about network trust boundaries can lead users to expose secrets on hostile or unintended network segments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal