76/100 (Low)

OpenClaw： benign
VirusTotal： suspicious
StaticScan： unknown

OpenClaw： benign

The skill's declared purpose (proxying credentials through Keychains) matches the install and runtime instructions, but it requires trusting an external service and an npm package you should verify be...

[内容已截断]

VirusTotal： suspicious VT 报告

静态扫描： unknown

README 未提供

{
    "latestVersion": {
        "_creationTime": 1771453329027,
        "_id": "k975rrt6d26s5mtctwz1mb177581dd2p",
        "changelog": "- SKILL.md significantly updated for clarity, conciseness, and easier onboarding.\n- Audience refocus: emphasizes agent and end-user security, user control, and setup simplicity.\n- Adds quick start, usage, troubleshooting, and explicit security sections.\n- Highlights install command, service requirements, and provider compatibility.\n- Updates metadata for improved integration and discoverability.\n- Removes older SKILL.md sections now superseded by new structured documentation.",
        "changelogSource": "user",
        "createdAt": 1771453329027,
        "parsed": {
            "clawdis": {
                "emoji": "🔐",
                "homepage": "https:\/\/keychains.dev",
                "install": [
                    {
                        "bins": [
                            "keychains"
                        ],
                        "id": "npm",
                        "kind": "node",
                        "label": "Install Keychains CLI (npm)",
                        "package": "keychains@0.0.13"
                    }
                ],
                "requires": {
                    "bins": [
                        "keychains"
                    ]
                }
            }
        },
        "version": "1.0.3"
    },
    "owner": {
        "_creationTime": 0,
        "_id": "publishers:missing",
        "displayName": "Séverin MARCOMBES",
        "handle": "smarcombes",
        "image": "https:\/\/avatars.githubusercontent.com\/u\/830644?v=4",
        "kind": "user",
        "linkedUserId": "kn7ds13nnza4g3vn6pq8hgadc1804egd"
    },
    "ownerHandle": "smarcombes",
    "skill": {
        "_creationTime": 1771442631185,
        "_id": "kd7fhbv8xg3arz6ekgnvm1sx5x81ceg6",
        "badges": [],
        "createdAt": 1771442631185,
        "displayName": "Secure API Calls",
        "latestVersionId": "k975rrt6d26s5mtctwz1mb177581dd2p",
        "ownerUserId": "kn7ds13nnza4g3vn6pq8hgadc1804egd",
        "slug": "secure-api-calls",
        "stats": {
            "comments": 0,
            "downloads": 2102,
            "installsAllTime": 14,
            "installsCurrent": 13,
            "stars": 4,
            "versions": 4
        },
        "summary": "Call any API without leaking credentials. Keychains proxies requests and injects real tokens server-side — your agent never sees them.",
        "tags": {
            "latest": "k975rrt6d26s5mtctwz1mb177581dd2p",
            "security credentials api oauth keychains zerotrust": "k97b962bg2d47admsfq4w871cs81c3c5"
        },
        "updatedAt": 1774325641111
    }
}