authlock Security Report — Suspicious | ClawSafe

30 /100

authlock

MFA-bound secret protection with TOTP encryption

AuthLock provides legitimate TOTP-based secret encryption but contains an undocumented subprocess execution feature with shell=True that poses command injection risk.

Skill Nameauthlock

Duration41.8s

Enginepi

⚠

Use with caution

Review the --exec functionality and consider sanitizing the command argument or removing shell=True. The feature appears designed for legitimate use cases but lacks proper input validation.

Findings 3 items

Severity	Finding	Location
High	Shell command injection vulnerability in --exec The cmd_open function uses subprocess.run(shell=True) with the user-supplied --exec argument. While the example shows legitimate use for SSH, the command is not sanitized and could allow command injection if metacharacters are included in args.exec. `subprocess.run(cmd, shell=True)` → Use subprocess.run with shell=False and pass command as list, or implement strict input validation to prevent shell injection.	`authlock_cli.py:336`
Medium	Sensitive path access not prominently documented The SKILL.md examples show encrypting ~/.ssh/id_rsa but this sensitive path access is not declared in the capability requirements section. `authlock seal ~/.ssh/id_rsa --name my-server-key` → Document that the tool accesses user home directory and sensitive files for encryption purposes.	`SKILL.md:45`
Low	TOTP seed stored in plaintext config The TOTP seed is stored in config.json without additional encryption beyond file permissions. While this is standard practice, the seed is the critical secret. `config['totp_seed'] = seed` → Consider documenting that config.json should be protected with appropriate file permissions.	`authlock_cli.py:103`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	SKILL.md:seal/open commands; authlock_cli.py:cmd_seal,cmd_open
Shell	`NONE`	`WRITE`	✗ Violation	authlock_cli.py:336 - subprocess.run(cmd, shell=True)
Environment	`NONE`	`READ`	✓ Aligned	SKILL.md:OPENCLAW_WORKSPACE,AUTHLOCK_HOME usage
Network	`NONE`	`NONE`	—	No network requests found

File Tree

2 files · 29.5 KB · 986 lines

Python 1f · 728L Markdown 1f · 258L

├─ 🐍 authlock_cli.py Python 728L · 21.7 KB

└─ 📝 SKILL.md Markdown 258L · 7.9 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`cryptography`	`*`	pip	No	Standard encryption library
`pyotp`	`*`	pip	No	TOTP generation
`qrcode`	`*`	pip	No	QR code display

Security Positives

✓ TOTP-based MFA provides strong authentication for decryption

✓ AES-256-GCM with PBKDF2-SHA256 for encryption (industry standard)

✓ No evidence of network exfiltration or data theft

✓ Security notes prohibit echoing plaintext in conversation

✓ PIN optional second factor implemented

✓ Temporary files cleaned up after execution

✓ File permissions set to 0o600 for decrypted secrets

Scan Report

Findings 3 items

File Tree

Dependencies 3 items

Security Positives