ClawHub
Back to skill
v0.1.0

lelogin skill (乐登录凭据管理技能)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 1:25 PM.

Analysis

This skill matches a credential-management CLI use case, but it includes commands that can run an unverified web installer and expose or weaken protection around secrets.

GuidanceReview this skill before installing. Trust the lelogin vendor and installer source first, do not let the agent print secret values, avoid the SSH example's disabled host-key checking, and require confirmation before any save/delete/exec action involving real credentials.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
bash -c "$(curl -fsSL https://www.nationauth.cn/dl/lelogin/cli/install-lelogin.sh)"

The skill instructs the agent to download and execute a remote installer script when the CLI is missing, with no pinned version, checksum, install spec, or reviewed helper code in the artifact set.

User impactInstalling the skill could lead the agent to run changing remote code on the user's machine before handling secrets.
RecommendationOnly run the installer after verifying the vendor, URL, checksum or signature, and installation impact; prefer a pinned package or manually reviewed installer.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
lelogin exec ... -- /bin/sh -c 'echo "$TEST_KEY" "$KEY2_NAME"'

The variables are populated from lelogin:// secret references; after lelogin exec resolves them, echoing them can print real secret values into terminal output, logs, or the agent transcript.

User impactSecrets managed by lelogin could be exposed to anyone who can see command output or logs.
RecommendationDo not echo resolved secret variables; use non-sensitive test values for demonstrations and validate presence without printing secret contents.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
sshpass -e ssh -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$SSH_HOST" "echo ok"

The SSH example supplies a password from the secret manager while disabling host-key verification, which weakens protection against connecting to an impostor host.

User impactA user adapting this example for a real host could expose SSH credentials to a man-in-the-middle or wrong server.
RecommendationKeep SSH host-key verification enabled, pre-populate known_hosts when automation is needed, and avoid password-based SSH where possible.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
`lelogin list`, `lelogin save ...`, `lelogin delete ...`, and `lelogin exec --env-file ...`

The skill can list accessible secret references, persistently add/update/delete secrets, and inject credentials into child processes for services such as MySQL, SSH, Alibaba Cloud CLI, and mail.

User impactThese capabilities are expected for a credential-management skill, but mistakes could reveal, overwrite, delete, or misuse important account credentials.
RecommendationRequire explicit user confirmation before listing, saving, deleting, or injecting real secrets, and scope commands to the specific secret path and service requested.