by 安全扫描
OpenClaw
可疑
high confidenceThe skill's declared purpose (inject 1Password secrets into a macOS LaunchAgent) matches the files and requirements, but it contradicts its own security claim by writing secrets (including the 1Password service account token) into a plist on disk and thus introduces avoidable persistence/exposure of secrets.
评估建议
This skill largely does what it says — it reads secrets from 1Password and writes them into the OpenClaw gateway's LaunchAgent plist. Important considerations before installing:
- The script contradicts its claim of 'avoiding plaintext keys on disk' by writing secrets (including the OP_SERVICE_ACCOUNT_TOKEN) into the plist at ~/Library/LaunchAgents/ai.openclaw.gateway.plist. That plist is stored on disk and may be readable by processes or users with access to your account. If your goal is to a...详细分析 ▾
✓ 用途与能力
Name, description, required binaries (op, bash), and primaryEnv (OP_SERVICE_ACCOUNT_TOKEN) align with the actual behavior: the script reads secrets via the 1Password CLI and injects them into a LaunchAgent plist used by the OpenClaw gateway. The set of provider keys (OpenAI, Anthropic, Gemini, Mistral, HF, optional Voyage) are plausible for a gateway process.
⚠ 指令范围
SKILL.md and the included script instruct the agent to read a local token file (~/.config/openclaw/.op-service-token), call 'op read' for multiple items, and use /usr/libexec/PlistBuddy to add string entries into the gateway plist's EnvironmentVariables, then restart the LaunchAgent. The skill's text claims it 'avoids plaintext keys on disk', but the script writes secrets (including OP_SERVICE_ACCOUNT_TOKEN) into the plist file—creating persistent plaintext secrets on disk, which contradicts the stated security goal and increases exposure.
✓ 安装机制
Instruction-only skill with a bundled Bash script; no remote downloads or install steps. The script is executed locally, so there is no high-risk install mechanism (no external archives or shortener URLs).
⚠ 凭证需求
Requesting OP_SERVICE_ACCOUNT_TOKEN is expected for reading 1Password. However, the script writes that same service-account token into the LaunchAgent plist, exposing the token to any process that can read the plist or the process environment. Injecting the service account token into the gateway may be unnecessary and disproportionate; other requested secrets (provider API keys) are reasonable for a gateway but also create persistent on-disk copies.
✓ 持久化与权限
The skill is not always: true and is user-invocable; it restarts a LaunchAgent (expected for its purpose) but does not modify other skills or system-wide agent settings. It does create persistent changes to a LaunchAgent plist (intended), which is within scope but increases long-term exposure of secrets.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/7
Initial release of gateway-env-injector. - Injects API keys from 1Password into macOS LaunchAgent plists using PlistBuddy. - Prevents plaintext secrets on disk while ensuring LaunchAgents have required environment variables. - Requires 1Password CLI (`op`) and Bash; uses service account token from environment. - Customizable for your own 1Password items and desired environment variables. - Designed for secure OpenClaw deployments on macOS.
● 可疑
安装命令
点击复制官方npx clawhub@latest install gateway-env-injector
镜像加速npx clawhub@latest install gateway-env-injector --registry https://cn.longxiaskill.com