Is grewingm/bring safe?

The skill writes Bring! account email and password in plaintext JSON to ~/.openclaw/bring/config.json. While the file is user-owned, plaintext credential storage is a security concern if the host filesystem or other skills can read arbitrary home directory files.

The 'configure' command takes email and password as positional shell arguments. These are visible in the process argument list (ps aux), recorded in shell history files (~/.bash_history, ~/.zsh_history), and may be logged by audit daemons. Users who run this command are at risk of credential leakage to other local processes or log aggregators.

The skill requires the user to run 'npm install -g bring-shopping' before first use. This installs a third-party package globally on the host system. The bring-shopping package was not present in the skill repository and was not audited here. A future compromised or typosquatted version could execute arbitrary code during or after install. The referenced package (foxriver76/node-bring-api) is a legitimate open-source library, but this represents an unreviewed supply chain dependency.

Six sensitive canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, .config/gcloud/application_default_credentials.json) were opened at 08:19:59 (auditd timestamp 1771921199.599). The git clone does not begin until 08:20:05 (1771921205.116) — a 6-second gap. The reads coincide precisely with the 'ss -tunap' BEFORE-snapshot command (1771921199.573), indicating they are Oathe monitoring-system baseline canary checks. A second identical access set at 1771921219.032 is the post-install verification pass. No canary file was written or modified.

The installation performs a shallow sparse checkout of the openclaw/skills monorepo, extracts only the skills/grewingm/bring subtree, copies it to the target directory, and removes the temporary clone. This is the expected installation pattern for a monorepo-hosted skill. No unexpected network connections were observed.