Skills
skills/aaaaqwq/agi-super-team/provider-key-manager/Gen Agent Trust Hub

provider-key-manager

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill's primary function involves reading, writing, and displaying API keys stored in ~/.openclaw/openclaw.json and various models.json files within the agent workspaces.
  • [DATA_EXFILTRATION]: The test and update commands use the urllib library to send plaintext API keys to external AI provider endpoints (such as OpenAI, Anthropic, and Google) to verify connectivity. While these are legitimate well-known services associated with the keys, this behavior represents a transit of sensitive data over the network.
  • [COMMAND_EXECUTION]: The script executes the system's pass utility using subprocess.run to insert and update credentials in the local password store. The path used for the password store is partially derived from user-supplied provider names.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external models.json files located in agent directories.
  • Ingestion points: Reads ~/.openclaw/agents/*/agent/models.json in cmd_audit, cmd_migrate, and cmd_update functions.
  • Boundary markers: None; the script parses the JSON content and processes provider keys directly.
  • Capability inventory: File system read/write via json.load/json.dump, network requests via urllib.request, and shell command execution via subprocess.run for the pass utility.
  • Sanitization: Minimal sanitization is performed on input keys; however, provider names are validated against a hardcoded map in some contexts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:01 AM
Security Audit — agent-trust-hub — provider-key-manager