Skip to content
← Registry
Trust Report

openclaw-vault

72
SUSPICIOUS
Format: openclawScanner: v0.8.0Duration: 4msScanned: 11d ago · Apr 30, 6:32 AMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 72AgentVerus SUSPICIOUS 72AgentVerus SUSPICIOUS 72
[![AgentVerus](https://agentverus.ai/api/v1/skill/37b720be-cc39-4975-a9a7-df318df898c8/badge)](https://agentverus.ai/skill/37b720be-cc39-4975-a9a7-df318df898c8)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/37b720be-cc39-4975-a9a7-df318df898c8/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"37b720be-cc39-4975-a9a7-df318df898c8","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/37b720be-cc39-4975-a9a7-df318df898c8/trust

Category Scores

78
Permissions
50
Injection
100
Dependencies
95
Behavioral
60
Content
100
Code Safety

Findings (6)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Shell

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highComprehensive secret collection detected-25

Found comprehensive secret collection pattern: "Comprehensive credential"

Comprehensive credential exposure audit: permission checks, shell history, git config, config file scanning, log file scanning, gitignore coverage, and staleness detection.

Skills should not instruct collection of all tokens, keys, or credentials. Access only the specific credentials needed and declare them.

injectionASST-05
highCredential access detected-25

Found credential access pattern: "credential file"

Build a structured inventory of all credential files in the workspace. Categorizes by type (API key, database URI, token, certificate, SSH key, password), tracks age, and flags stale or exposed creden

Remove references to credentials and secrets. Skills should never access sensitive authentication data.

injectionASST-05
mediumHigh-risk workflow lacks explicit safety boundaries-15

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09
mediumSkill path discovery detected-5

Found skill path discovery pattern: "{baseDir}" Related auth/profile context: - auth/session capability-contract context — Capability contract mismatch: inferred cookie URL handoff is not declared

python3 {baseDir}/scripts/vault.py audit --workspace /path/to/workspace

Treat dynamic skill path resolution and installation-path discovery as local filesystem reconnaissance. Scope which paths may be read or executed from, and avoid broad path probing unless the user explicitly requested it.

behavioralASST-03
lowMissing or insufficient description-5

The skill lacks a meaningful description, making it difficult to assess its purpose.

No description found

Add a clear, detailed description of what the skill does and what it needs access to.

contentASST-09