olares-settings@ 1.2.0

github.com/clawhub.ai/olares-settings

Verdict: Do not install

3 critical0 high1 medium

SCORE 0 / 100

$skillox install olares-settingsSoon

Why grade F?

score · 0 / 100

The current grade reflects 3 critical findings (any 2+ CRITs → F).

3 CRIT0 HIGH1 MED0 LOW

To reach a higher grade

D
Reach Dtarget score 30
Resolve 2 of your 3 CRIT findings — any single CRIT still keeps you at D.
C
Reach Ctarget score 55
Resolve all 3 CRIT findings.
B
Reach Btarget score 75
Resolve all 3 CRIT.
A
Reach Atarget score 95
Resolve all 3 CRIT.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-imh10ue6dwxevg4jvh7u9wst · Thu, 28 May 2026 15:29:57 GMT · 8ms

crit

Skill references secret env var $AWS_ACCESS_KEY_ID

The skill instructions reference `$AWS_ACCESS_KEY_ID`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 285CWE-200

▾

283```bash

284olares-cli settings integration accounts add awss3 \

285 --access-key-id "$AWS_ACCESS_KEY_ID" \← references $AWS_ACCESS_KEY_ID — potential credential leak

286 --access-key-secret "$AWS_SECRET_ACCESS_KEY" \

287 --endpoint "https://s3.amazonaws.com" \

crit

Skill references secret env var $AWS_SECRET_ACCESS_KEY

The skill instructions reference `$AWS_SECRET_ACCESS_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 286CWE-200

▾

284olares-cli settings integration accounts add awss3 \

285 --access-key-id "$AWS_ACCESS_KEY_ID" \

286 --access-key-secret "$AWS_SECRET_ACCESS_KEY" \← references $AWS_SECRET_ACCESS_KEY — potential credential leak

287 --endpoint "https://s3.amazonaws.com" \

288 --bucket "my-bucket" # optional

crit

Skill references secret env var $AWS_SECRET_ACCESS_KEY

The skill instructions reference `$AWS_SECRET_ACCESS_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 366CWE-200

▾

364- `settings users create` / `settings users delete` are destructive (`delete` needs the whole word `yes` unless **`--yes`**). **Both default to accepted-then-exit**; pass **`--watch`** to block until `Created` / `Deleted` (with `--watch-timeout` / `--watch-interval`, same as [`olares-cli market --watch`](../olares-market/SKILL.md#watch-flag)). **`delete` cannot remove the owner account** (fails before DELETE). `create` always generates the initial password once to stdout; treat transcripts accordingly.

365- `settings users get <username>` returns the same record the SPA shows on the user detail page; treat its email / olaresId as PII and avoid forwarding it outside the requesting workflow.

366- For writes that take secrets (`integration accounts add awss3|tencent` is the verified one in this surface), **always** read the secret from an env var or stdin pipe — never paste it into the chat or expand it inline in an `olares-cli ...` command line you suggest. Bash history retention is the user's responsibility; the agent should default to env-var / pipe style invocations (`--access-key-secret "$AWS_SECRET_ACCESS_KEY"`, `printf '%s\n' "$VAR" | ... --password-stdin`) whenever the verb supports it.← references $AWS_SECRET_ACCESS_KEY — potential credential leak

367- Other secret-bearing verbs (e.g. `backup password set`, `restore plans check-url / create-from-url`) live in [`UNVERIFIED_COMMANDS.md`](cli/cmd/ctl/settings/scripts/UNVERIFIED_COMMANDS.md) until they're smoke-greened; the same env-var / stdin-pipe rule applies whenever you exercise them by hand.

368- Read-only verbs do **not** carry "this will change X" prompts — only mutating verbs do, and the prompts they do carry come from the upstream server's own response messages. Don't fabricate one for read verbs.

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

View latest scan →

skillox.io/c/olares-settings

Skill facts

Latest grade: F · 0
Total scans: 1
Latest version: 1.2.0
Last scanned: 2026-05-28
Source: clawhub.ai/olares-settings

AIBOM

What this skill accesses

No manifest

Declared (from capabilities)

No capabilities block in frontmatter — the skill doesn't state what it should access.

Observed (from scan findings)

Secret env vars referenced

$AWS_ACCESS_KEY_ID
$AWS_SECRET_ACCESS_KEY

AIBOM (Application Skills Bill of Materials) — see /docs/concepts/aibom for the format.

Version history

Only this scan

No other scans on record for this skill name. New scans appear here as the catalog re-crawls or creators request a re-scan.

Embed badge

Show this grade in your README.

Tracks the latest grade automatically. Updates within five minutes of every re-scan.

Markdown

[![SkillOx grade](https://api.skillox.io/badge/olares-settings.svg)](https://skillox.io/c/olares-settings)

Markdown · score

[![SkillOx score](https://api.skillox.io/badge/score/olares-settings.svg)](https://skillox.io/c/olares-settings)

HTML

<a href="https://skillox.io/c/olares-settings"><img src="https://api.skillox.io/badge/olares-settings.svg" alt="SkillOx grade"/></a>

reST

.. image:: https://api.skillox.io/badge/olares-settings.svg
   :target: https://skillox.io/c/olares-settings
   :alt: SkillOx grade

Coming soon

Creator verification badge, expert-review status, and Cosign-signed release attestation appear here as those layers ship. AIBOM + version history are live; the others follow once the creator portal completes its identity-proof + signing surface.