Claude Connect
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: claude-connect Version: 1.1.0 The skill performs several high-risk actions, including reading OAuth tokens from macOS Keychain, writing them to `~/.clawdbot/agents/main/agent/auth-profiles.json`, making external network calls to `https://console.anthropic.com/v1/oauth/token` for token refresh, and establishing persistence via a `launchd` job (`com.clawdbot.claude-oauth-refresher.plist` in `~/Library/LaunchAgents/`). While these actions (found primarily in `refresh-token.sh` and `install.sh`) are explicitly stated and appear to align with the skill's purpose of keeping Claude CLI tokens refreshed for Clawdbot, the combination of direct credential access, modification of sensitive application configuration, external network communication, and persistent execution elevates its risk profile beyond benign. There is no clear evidence of *intentional malicious intent* such as exfiltration to unauthorized endpoints or subversion of the agent, but the capabilities themselves are significant.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this can let Clawdbot use your Claude subscription and may expose or overwrite OAuth credentials if the scripts are wrong or untrusted.
The skill expands the credential boundary by taking Claude OAuth credentials from Keychain and placing access and refresh tokens into Clawdbot's auth profile, giving Clawdbot ongoing delegated Claude access.
Reads OAuth tokens from macOS Keychain ... Writes them to ~/.clawdbot/agents/main/agent/auth-profiles.json ... "access": "sk-ant-...", "refresh": "sk-ant-ort..."
Only install if you trust the source and want Clawdbot to use these Claude credentials; inspect the scripts first, back up auth-profiles.json, and be prepared to revoke or re-authenticate tokens if needed.
The refresher can keep operating in the background and maintaining account access even when you are not actively using the skill.
The skill installs persistent launchd automation that continues to run and handle OAuth tokens after the initial setup task.
Auto-refreshes every 2 hours ... Runs every 2 hours via ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist ... auto-refreshes tokens forever
Verify the LaunchAgent contents and unload or uninstall it when you no longer need it; confirm the documented plist name matches what is actually installed.
It is harder to verify who produced the code and exactly what will run during installation before granting it access to OAuth credentials.
The package lacks provenance and a declarative install mechanism, yet its shell scripts are responsible for credential handling and persistence.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Code file presence: install.sh, refresh-token.sh, uninstall.sh
Prefer a known upstream source or Clawdbot's native OAuth flow if available; otherwise manually inspect the shell scripts and verify checksums before running them.
Users may install a credential-handling background service that the package itself says is unnecessary and unmaintained.
This conflicts with the active SKILL.md and registry description that recommend installing the skill to keep tokens refreshed 24/7.
DEPRECATED — Clawdbot Handles This Natively ... This skill is no longer needed ... The code is no longer maintained.
Check whether Clawdbot's native OAuth support already solves the problem, and treat the skill as potentially stale unless the maintainer clarifies the status.
Refresh status messages may be sent to an auto-detected chat, user, or phone target that you did not manually confirm.
The installer auto-detects messaging channel targets and uses them for success/failure notifications, which is purpose-aligned but touches private messaging configuration.
Read ~/.clawdbot/clawdbot.json ... telegram: extract default_chat_id or user_id ... slack ... discord ... whatsapp ... imessage ... signal
Review claude-oauth-refresh-config.json after installation, confirm the notification target, and disable notifications if you do not want these messages sent.