← Back to Skills Marketplace
grittygrease

Safe Encryption

by Nick Sullivan · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
698
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install safe-encryption-skill
Description
Encrypt, decrypt, and manage keys with the SAFE CLI — a modern GPG alternative with post-quantum support.
Usage Guidance
This skill mostly does what it says (manage encryption via the SAFE CLI), but there are several red flags you should consider before installing or allowing the agent to act autonomously: 1) The SKILL.md tells the agent to auto-install a prebuilt binary from https://thesafe.dev and move it into /usr/local/bin with sudo — don't allow that without manual review. 2) The document references SAFE_PASSPHRASE and env-based automation, but the registry metadata lists no required envs — expect the skill to read environment variables if present. 3) The skill instructs the agent to automatically try all keys in ~/.safe/keys/ for decryption and to perform cryptographic operations without confirmation — this could cause the agent to access many local secrets or decrypt files unintentionally. 4) If you want to use this skill, install the SAFE binary yourself (and verify checksums/signatures), deny automatic installation, require explicit confirmation before any encrypt/decrypt action, and avoid letting the agent probe your key directory or environment variables. If you prefer lower risk, use the browser-based alternative described and interact manually or via your own trusted browser automation with careful controls.
Capability Analysis
Type: OpenClaw Skill Name: safe-encryption-skill Version: 0.1.0 The skill is classified as suspicious due to several high-risk behaviors and instructions to the AI agent. Most critically, the `SKILL.md` instructs the agent to automatically download and install a binary from `https://thesafe.dev` using `sudo` without user confirmation, posing a significant supply chain and privilege escalation risk. Furthermore, the skill directs the agent to use a tool (`safe`) that automatically discovers and attempts to use SSH private keys from `~/.ssh/`, granting access to highly sensitive credentials. The skill also explicitly instructs the agent to bypass user confirmation for both installation and encryption/decryption operations, reducing security safeguards.
Capability Assessment
Purpose & Capability
The name/description (encrypt/decrypt/manage keys) aligns with the runtime instructions. However, the SKILL.md instructs aggressive behaviors that go beyond a passive helper: auto-installing a system binary (using sudo/mv), auto-generating and auto-storing keys in ~/.safe/, and 'Just do it. Don't ask for confirmation.' Those actions are plausible for a CLI helper but are higher-impact than the description implies.
Instruction Scope
Instructions tell the agent to (a) auto-install a binary from thesafe.dev without asking, (b) auto-generate keys and store them in ~/.safe/, and (c) for decryption, automatically try all keys in ~/.safe/keys/ if no key is specified. The skill also references using SAFE_PASSPHRASE and 'env:VARNAME' for automation although no envs are declared. Directives to auto-run cryptographic operations without user confirmation and to probe local key files are scope creep and sensitive.
Install Mechanism
Installation is via curl from https://thesafe.dev/downloads/... and a sudo mv into /usr/local/bin. This is a direct binary download from an external site (not a known package manager or signed release flow in the SKILL.md). The doc lists SHA‑256 checksums on the same domain (better than nothing) but no detached signature or independent verification is provided. Automatic, unattended curl|chmod|sudo moves are higher-risk.
Credentials
Registry metadata declares no required env vars, but SKILL.md mentions SAFE_PASSPHRASE and using -p env:VARNAME for automation. The skill will read or expect passphrases and local key files (~/.safe/...). Asking the agent to probe and try all local keys can expose many local secrets. The requested environment/credential access is not fully reflected in the declared requirements and is higher-sensitivity than the metadata suggests.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform privileges. However, the install instructions write a system-wide binary to /usr/local/bin (requires sudo), which is a system-level change. This is legitimate for a CLI but increases privilege impact and should be performed with user approval rather than automatically.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install safe-encryption-skill
  3. After installation, invoke the skill by name or use /safe-encryption-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of safe-encryption-skill — modern GPG alternative with post-quantum support. - Encrypt, decrypt, and manage keys using the SAFE CLI and web interface fallback. - Automatically installs `safe` binary on supported platforms or uses https://thesafe.dev if unavailable. - Guides interactive password entry, environment variable use, and recipient handling. - Provides browser automation ARIA labels for web UI integration. - Enforces secure defaults: absolute file paths, piped data, no temp files.
Metadata
Slug safe-encryption-skill
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Safe Encryption?

Encrypt, decrypt, and manage keys with the SAFE CLI — a modern GPG alternative with post-quantum support. It is an AI Agent Skill for Claude Code / OpenClaw, with 698 downloads so far.

How do I install Safe Encryption?

Run "/install safe-encryption-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Safe Encryption free?

Yes, Safe Encryption is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Safe Encryption support?

Safe Encryption is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Safe Encryption?

It is built and maintained by Nick Sullivan (@grittygrease); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments