Vault

Security checks across malware telemetry and agentic risk

Overview

This is a local encrypted password vault, but using it lets OpenClaw store, reveal, and delete credentials when commanded.

Install only if you want OpenClaw to manage credentials. Use a strong master key, keep the vault file private, avoid storing high-value production secrets unless you accept agent access to them, and be careful with `show` because plaintext may appear in transcripts, logs, screenshots, or terminal history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The README documents commands that reveal stored passwords in plaintext (`show`) and delete entries (`remove`) without prominent warnings about shoulder-surfing, shell history/logging, or destructive misuse. In a password-management skill, encouraging direct secret display increases the chance of accidental exposure during terminal recording, screen sharing, or agent output capture.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation encourages users to pass secrets directly as command-line arguments, which commonly exposes them in shell history, terminal scrollback, process listings, audit logs, and screenshots. In a password-management skill, normalizing unsafe secret handling is more dangerous because users are likely to follow the examples exactly with real credentials.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill returns the decrypted password directly in the command response, which exposes the secret to any caller, transcript logger, UI history, or agent memory layer that can observe command output. In an agent environment, this is more dangerous than a local CLI because secrets may be propagated into logs, conversation context, analytics, or downstream tools.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The examples include plaintext credential values and show the secret being printed back to the console, which normalizes on-screen disclosure and increases the chance of leakage through terminal logs, recordings, shared sessions, and copy/paste mistakes. For a vault tool, documentation that demonstrates revealing secrets undermines the security posture users expect from the product.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal