📦 Keychain Bridge Publish — 钥匙串密钥管理
v1.1.0用 macOS Keychain 替代明文文件管理密钥,支持迁移现有密钥、读写钥匙串项,并为 bash 工具生成文件桥接,同时提供审计功能,确保敏感信息全程加密存储。
0· 611·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill mostly does what it claims (migrate plaintext secrets into macOS Keychain), but there are internal inconsistencies and risky design choices you should understand before installing (notably the deliberate creation of plaintext files for bash compatibility and running/injecting across multiple Python binaries).
评估建议
What to consider before installing:
- This skill does migrate secrets into macOS Keychain locally and includes readable scripts, but it deliberately supports a "Group B" pattern that writes plaintext secret files to disk at boot so bash tools can use them. That directly contradicts the "eliminate plaintext storage" wording — expect plaintext files if you enable the file bridge.
- The migration tool runs multiple local Python binaries to inject keychain items (to work around per-binary ACLs)....详细分析 ▾
ℹ 用途与能力
Name/description match the included scripts: migrate, audit, helper, CLI, and populate script. Requested binaries (bash, python3) are appropriate. However the README and description claim to "eliminate plaintext credential storage" while the skill deliberately provides a Group B file-bridge that writes plaintext files to disk — this contradicts the stated goal and is a meaningful design trade-off that should be highlighted.
⚠ 指令范围
SKILL.md instructs the agent to scan a user secrets directory, read plaintext secret files, inject them into the keychain, and (optionally) delete the originals. It also instructs adding a boot-time script (populate_secrets.sh) that reads secrets from keychain and writes chmod 600 files to disk for bash consumers. These instructions intentionally create plaintext secret files on disk and tell the agent to enumerate Python binaries and run them; that scope is broader than a pure 'remove plaintext' promise and increases exposure.
✓ 安装机制
Instruction-only skill (no remote downloads). All code is included and readable. The only install step suggested is pip install keyring (standard public package). No network downloads or obscure install URLs are used.
ℹ 凭证需求
The skill requests no environment variables or external credentials. It will, however, read files from a user-specified directory (default ~/.openclaw/secrets/) and will execute multiple local Python binaries discovered on the host. Executing all detected Python interpreters is explained by keychain ACL behavior but increases the attack surface if a non-trusted Python binary exists on the system.
⚠ 持久化与权限
The skill recommends installing a boot-time/populate script (LaunchAgent or startup) that writes plaintext secret files at boot. That gives persistent on-disk exposure of secrets to any process able to read user files. The skill itself is not always:true, but adding the LaunchAgent is an explicit instruction that increases persistence and blast radius.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/2/19
Fix: security unlock-keychain -p also broken on Tahoe 26.x. Add ctypes SecKeychainUnlock as working SSH alternative. Document process-scoped unlock, Homebrew vs Apple Python ACL asymmetry. Known Issues 5 → 6.
● 可疑
安装命令
点击复制官方npx clawhub@latest install keychain-bridge
镜像加速npx clawhub@latest install keychain-bridge --registry https://cn.longxiaskill.com