ClawHub

Credential Hygiene Validator

v1.0.0

Checks whether credentials and tokens are stored safely. Validates file permissions, plaintext exposure, git repo contamination, log redaction coverage, and...

0· 261·1 current·1 all-time
byOnyedika Christopher Agada@techris93
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actions: scanning files, checking git status, and inspecting permissions. Minor inconsistency: registry metadata declares no required config paths, but the SKILL.md hard-codes ~/.openclaw and ~/.gitignore as targets — this is coherent with the described OpenClaw focus but should be declared explicitly in metadata.
Instruction Scope
SKILL.md only runs local, read-only commands (stat, grep, git, find, ls) against the user's home dotfiles and logs. These actions are within the declared purpose (permission checks, token pattern scanning, git/gitignore checks). It does not transmit data externally. Note: the grep patterns are broad and may produce false positives and the use of grep -P (PCRE) may not be available on all platforms.
Install Mechanism
Instruction-only skill with no install spec or code to download — lowest install risk.
Credentials
The skill requests no environment variables or credentials. The binaries it requires (grep, stat, git) are appropriate for the described checks.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request permanent presence or modify other skills/configuration.
Assessment
This skill appears to do exactly what it claims: read-only local checks for credential hygiene. Before installing or invoking it, review the SKILL.md to confirm the hard-coded paths (~/.openclaw, ~/.gitignore, logs) match what you want inspected. Be aware the grep patterns are broad and can yield false positives; test the commands manually in a safe environment first. Ensure your agent runs with the least privilege necessary (not as root) so it only examines your user files. If you want it to scan different directories, either edit the prompts or run the commands locally yourself rather than granting an agent broad access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cdrwnvf3pfetp7srv9hfp798262va

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgrep, stat, git

Comments