Key Expiry Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill coherently checks locally stored credential expiry metadata and does not show evidence of stealing, transmitting, or modifying secrets.

Install only if you are comfortable maintaining a local credential expiry inventory. Keep ~/.openclaw/workspace/.credentials.json metadata-only, restrict its file permissions, and run the check manually before enabling the optional cron schedule.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: This shell script accesses a hidden file that stores credential information and parses its contents, which is a sensitive operation under the warning criteria for code files. Although the script prints status output, it does not disclose up front that it will read credential-related data from the user's workspace, and the visible comments are only operational notes rather than a user warning.

Credential Access

High

Category: Privilege Escalation
Content: set -euo pipefail CREDENTIALS_FILE="$HOME/.openclaw/workspace/.credentials.json" STATE_FILE="$HOME/.openclaw/workspace/.credential-tracker-state.json" ALERT_DAYS=14 CRITICAL_DAYS=7
Confidence: 70% confidence
Finding: credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal