← 返回 Skills 市场
610
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install secure-autofill
功能描述
1Password-backed credential filling via vault_suggest/vault_fill (plugin tools).
安全使用建议
Before installing or running this skill:
- Treat OP_SERVICE_ACCOUNT_TOKEN as a sensitive secret. Do not paste it into chat. Prefer creating a least-privileged 1Password service account/token for this use.
- The metadata claims no required env vars but the skill will prompt to write OP_SERVICE_ACCOUNT_TOKEN (and DISPLAY/WAYLAND_DISPLAY) into a skill-local config and optionally into your gateway env (~/.config/openclaw/env). This is a material mismatch — expect the gateway process to gain access to the token if you allow copying.
- The onboarding script can restart your openclaw-gateway systemd user service; only proceed if you understand and trust that service.
- Verify the presence and provenance of the external tools the skill depends on (vault_suggest, vault_fill) and confirm they are allowed in your tool allowlist before enabling them.
- Review the included onboard.sh yourself (it's short and readable) and run it manually in a terminal rather than letting an automated agent perform the onboarding.
- If you decide to proceed, restrict file permissions on any env file that contains the OP token, and consider not copying the token into the gateway env (use skill-local config) unless necessary.
Given the metadata mismatch around required environment access and the sensitive token handling, proceed only after manual review and applying the least-privilege principles.
功能分析
Type: OpenClaw Skill
Name: secure-autofill
Version: 0.1.0
The skill is classified as suspicious due to the extensive system-level capabilities it instructs the OpenClaw agent to perform, which, while necessary for its stated purpose, introduce significant vulnerability risks. The `SKILL.md` instructs the agent to execute `sudo` commands for installing Google Chrome, modify systemd user service files (`~/.config/systemd/user/openclaw-gateway.service.d/override.conf`) to configure environment variables, and restart the `openclaw-gateway` service. Additionally, the `scripts/onboard.sh` script handles sensitive `OP_SERVICE_ACCOUNT_TOKEN` values and modifies configuration files (`config.env`, `~/.config/openclaw/env`). These capabilities, if exploited through agent compromise or prompt injection, could lead to unauthorized command execution or persistence, despite the skill's apparent benign intent for secure credential autofill.
能力评估
Purpose & Capability
Name/description claim 1Password-backed autofill; included files (SKILL.md + onboard.sh) implement exactly that. However registry metadata declares no required env or primary credential while the runtime docs and script clearly expect/handle OP_SERVICE_ACCOUNT_TOKEN and gateway env updates. The missing declaration is an incoherence that affects trust decisions.
Instruction Scope
Instructions ask the operator/agent to write machine-local and gateway env files, optionally copy OP_SERVICE_ACCOUNT_TOKEN into the gateway env, modify tool allowlists, and restart the openclaw-gateway systemd user service. These actions are within the scope needed to enable a plugin that types secrets into the browser, but they involve modifying user config and restarting services and therefore touch sensitive local state.
Install Mechanism
There is no network install/download; the skill is instruction-first and ships a small onboarding script. No remote archives, URLs to execute, or package installs are performed by the skill itself (the SKILL.md suggests manually installing Chrome from Google's apt repo, which is a standard, explicit step).
Credentials
Functionality legitimately needs a 1Password service token (OP_SERVICE_ACCOUNT_TOKEN) and display-related env vars, but the skill metadata lists no required env vars. The onboarding script will propose copying the OP token into a gateway env file and the gateway process would therefore gain access to it; this is sensitive and should be explicitly declared and justified in metadata. Ensure principle of least privilege for any token used.
Persistence & Privilege
The skill does not request always:true and won't install persistent binaries. It does instruct optionally modifying the gateway env and restarting the openclaw-gateway user service so the gateway process can read the token — this grants the gateway process access to the secret and increases blast radius if the gateway is compromised. That behavior is plausible for the stated purpose but worth deliberate consent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secure-autofill - 安装完成后,直接呼叫该 Skill 的名称或使用
/secure-autofill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release
元数据
常见问题
Secure Autofill 是什么?
1Password-backed credential filling via vault_suggest/vault_fill (plugin tools). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 610 次。
如何安装 Secure Autofill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secure-autofill」即可一键安装,无需额外配置。
Secure Autofill 是免费的吗?
是的,Secure Autofill 完全免费(开源免费),可自由下载、安装和使用。
Secure Autofill 支持哪些平台?
Secure Autofill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secure Autofill?
由 Zhihao(@moodykong)开发并维护,当前版本 v0.1.0。
推荐 Skills