ClawHub

Local-Passwords-Manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local password manager, but it needs review because it can store or export passwords in plaintext and lacks safeguards for sensitive actions.

Install only if you are comfortable managing real credentials with this skill. Verify cryptography is installed before saving passwords, treat CSV exports as plaintext secret dumps, delete exports immediately after use, and require explicit confirmation before export or any service-wide/bulk deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill manifest describes a local password manager for storing, querying, modifying, and deleting credentials, but the code also supports CSV import/export. That expands the data exfiltration and ingestion surface beyond the declared scope, especially because export writes credentials out of the managed encrypted store into another file format that may be less protected.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The export function decrypts every stored password and writes them into a plaintext CSV file in the current working directory. This defeats the security benefit of encrypted-at-rest storage because any local user, backup system, sync client, or malware with file access can read all credentials from the exported file.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The module advertises encrypted local password storage, but if the cryptography dependency is missing it silently falls back to storing passwords in plaintext. In a password-manager context this is especially dangerous because users will reasonably trust that secrets are protected and may never realize they are being written unencrypted.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases include very broad expressions such as '查一下xxx', '我的密码', and '搜索xxx', which can overlap with ordinary conversation and cause accidental invocation. For a password manager, accidental triggering is dangerous because it may surface secrets, alter stored credentials, or perform destructive operations when the user intended a generic query. The sensitive context makes broad triggers more dangerous than they would be in a low-risk utility skill.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation advertises CSV export/import of password data but does not prominently warn that CSV exports are effectively plaintext secrets and can be opened, indexed, synced, or leaked by other applications. This substantially increases exfiltration risk because encrypted-at-rest storage is bypassed at export time. In a password manager, missing warnings around plaintext export materially raise the chance of user harm.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents delete operations, including service-wide and bulk deletion modes, without strong warnings about irreversible data loss or the scope of deletion. Users may misunderstand whether they are deleting one account, an entire service, or many matched records, especially when combined with broad search/tag actions. In a password store, unintended deletion can lock users out of accounts and destroy recovery information.

Missing User Warnings

High
Confidence
98% confidence
Finding
Exporting decrypted passwords to CSV without a prominent warning or confirmation creates a high risk of accidental credential disclosure. Users may trigger export expecting a safe backup, but the resulting file is plaintext and likely outside the normal protections applied to the encrypted password store.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal