ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ArmorClaw

v1.0.0

AES-256 encrypted secrets manager for OpenClaw agents. Store API keys, tokens, and credentials in a secure local vault instead of plain-text .env files. Feat...

0· 56·0 current·0 all-time
by@supertechgod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the package implements an AES-256 vault, .env importer, machine/IP locking, per-skill access logs, and cross-skill retrieval. However the registry metadata calls this 'instruction-only' while the package contains a full Python project (pyproject.toml + modules). That mismatch (no install spec vs. shipped code) is unexpected and worth verifying.
!
Instruction Scope
SKILL.md and CLI direct the agent to scan user locations (~/projects, ~/Documents, ~/.openclaw) for .env files, import them, and optionally delete originals; the code implements these scans and file operations. The skill also provides env injection (injecting plaintext secrets into process environment) and supports adding an auto-unlock password to the agent config. These actions read and write user files broadly and can expose secrets if misused.
Install Mechanism
Registry shows no install spec, but the repo contains pyproject.toml and CLI entry points and SKILL.md suggests pip / npx install flows. The absence of an explicit install spec in the skill metadata is an inconsistency to confirm: how will the agent obtain/execute the packaged code in your environment?
!
Credentials
The skill declares no required credentials, which is reasonable, but it will: (1) contact external IP lookup services (api.ipify.org, ifconfig.me, icanhazip.com) revealing your IP to third parties; (2) optionally write an encrypted master password into ~/.openclaw/openclaw.json so the bot can auto-unlock (this grants the agent persistent access to your vault); and (3) enable cross-skill retrieval of secrets (any skill calling the API can request secrets, logged but not access-restricted). These are high-impact behaviors relative to a simple secrets storage claim.
!
Persistence & Privilege
The skill can persist an auto-unlock artifact into the agent config (~/.openclaw/openclaw.json). Even though the password is machine-encrypted, storing an auto-unlock credential in agent config increases the long-term attack surface and allows the agent (or any process with access to that config) to unlock the vault automatically. The skill does not set always:true, but the config-write behavior is a form of persistence that requires user consent and careful review.
What to consider before installing
What to check before installing - Source and provenance: the package contains a full Python project and CLI. Confirm you trust PHRAIMWORK LLC and the repository URL in pyproject.toml before installing. - Cryptography: the library falls back to a custom 'stdlib' AES-like implementation when the 'cryptography' package is not installed. That fallback is explicitly marked as "less battle-tested" and appears to be a custom construction (hashlib-based block primitive). Do NOT rely on this for high-value secrets — install with the 'secure' extras (pip install armorclaw[secure]) or ensure the environment has the 'cryptography' package. - Scanning & importing: the default scanner looks in broad locations (~/projects, ~/Documents). That can read many files and the import flow can delete original .env files if you choose that option. Review any found files before importing and prefer 'backup' over 'delete'. - Auto-unlock persistence: the CLI can write an encrypted master password into ~/.openclaw/openclaw.json to enable bot auto-unlock. Even encrypted, this increases exposure — only enable for fully trusted agents and machines. Prefer interactive unlocking where possible. - Network calls: external IP detection uses third-party services (api.ipify.org, ifconfig.me, icanhazip.com). These requests reveal your external IP to those services; consider the privacy implications and whether you want that traffic. - Cross-skill sharing: the vault allows any skill to request keys (the API accepts a 'skill' parameter and logs accesses). The design relies on skill-level trust and auditing; there is no per-skill ACL enforcement. Only enable cross-skill access for trusted skills and monitor access logs. - Recommended mitigations: install the 'cryptography' dependency, audit the code (especially crypto.py and machine_crypto.py), run tests in a disposable environment first, back up any .env files before running imports, and carefully review any changes to ~/.openclaw/openclaw.json after setup. If you are not comfortable with the above risks (config writes, scanning Documents, fallback crypto), treat this skill as not suitable for sensitive production secrets.

Like a lobster shell, security has layers — review code before you run it.

api-keysvk975kb22gbj0nyrd8m091jfgeh83abn3latestvk975kb22gbj0nyrd8m091jfgeh83abn3openclawvk975kb22gbj0nyrd8m091jfgeh83abn3secretsvk975kb22gbj0nyrd8m091jfgeh83abn3securityvk975kb22gbj0nyrd8m091jfgeh83abn3vaultvk975kb22gbj0nyrd8m091jfgeh83abn3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis

Comments