Is fizzy2390/approvals-ui safe?
https://github.com/openclaw/skills/tree/main/skills/fizzy2390/approvals-ui
This skill provides legitimate OpenClaw device management functionality through a web dashboard but includes concerning security features. The web-based terminal grants full shell access, and the skill ships with hardcoded default credentials that require manual changes.
Category Scores
Findings (6)
CRITICAL Sensitive File Access -50 ▶
During evaluation, multiple sensitive canary files were accessed including .env, SSH private keys, AWS credentials, npm config, Docker config, and Google Cloud credentials. While files were not modified, unauthorized access to credentials represents a significant security concern.
HIGH Full Shell Access via Web Terminal -20 ▶
The skill provides a web-based terminal interface that grants full shell access to the host system through pty.openpty() and subprocess.Popen(). This creates significant attack surface if the web interface is compromised.
HIGH Hardcoded Default Credentials -15 ▶
The skill ships with hardcoded default credentials (username: 'Drinnas', password: 'admin', API password: 'Bb7766!server') that must be manually changed. Users who forget to change these are vulnerable to unauthorized access.
MEDIUM Subprocess Command Execution -10 ▶
The skill executes external OpenClaw CLI commands via subprocess.run() which could potentially be exploited if input validation is insufficient or if the OpenClaw binary is compromised.
MEDIUM Canary File Access -30 ▶
Multiple honeypot credential files were accessed during the evaluation process, indicating potential credential harvesting behavior even though files were not modified.
LOW Localhost Binding Mitigation -10 ▶
As a positive security measure, the web server binds only to 127.0.0.1 by default, limiting exposure to the local machine. Documentation warns against changing this without proper security measures.