MFA WORD

Enforces MFA by requiring a secret word to access protected sensitive data and allows emergency reset with a super secret word.

This skill is coherent with its stated purpose, but review these points before installing: - Local file writes: it stores a vault (hashed secrets) and an audit log in ~/.openclaw. Ensure you are comfortable with those files existing and set restrictive filesystem permissions (chmod 600) if you use it. - Crypto: secrets are hashed with plain SHA-256 without salt or a slow KDF; low-entropy secret words could be brute-forced if an attacker obtains mfa_vault.json. Consider using a stronger KDF (e.g., PBKDF2/scrypt/Argon2) or adding a per-user salt. - Agent-enforced-only: the skill relies on the agent to call its check/verify functions before performing sensitive actions. The skill cannot prevent other code from accessing files or running commands — it is a procedural gate, not a kernel-level enforcer. - Code quality: index.js mixes CommonJS require(...) with export const declarations which may cause runtime errors depending on how the platform loads modules; validate the module works in your agent environment. - Audit logs: logs contain action/result entries (no plaintext secrets) but may reveal usage patterns; consider rotating or protecting them. If you decide to use it: verify the module runs in your environment, harden vault/log permissions, consider improving the hashing method, and test reset and dead-man-switch behavior. If you need a stronger enforcement boundary, use a system-level access control mechanism rather than relying solely on an agent skill.

Type: OpenClaw Skill Name: mfa-word Version: 1.1.0 The OpenClaw AgentSkills bundle 'mfa-word' is designed to implement a multi-factor authentication gatekeeper. The `SKILL.md` provides clear instructions for the AI agent to enforce security checks before sensitive actions, without any prompt injection attempts to bypass security or perform malicious acts. The `index.js` code uses standard Node.js file system operations to store hashed secrets and audit logs locally within the user's `.openclaw` directory. It uses SHA256 for hashing secrets and has no external dependencies or network calls. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized execution, or persistence mechanisms. While the `sensitive_list` parameter could theoretically be a vector for prompt injection if the AI agent's internal detection mechanism for patterns is vulnerable, the skill itself does not instruct the AI to exploit this, nor does its code perform any malicious actions with these patterns. The skill's functionality is aligned with its stated purpose of enhancing security.