Description

Store, retrieve, list, and manage secrets using gopass (the team password manager). Use when the user asks to save credentials, look up passwords, generate secrets, manage password entries, or interact with a gopass password store. Covers CRUD operations, secret generation, TOTP, recipients, mounting stores, and clipboard operations.

README (SKILL.md)

gopass Skill

Name: gopass
Author: erdgeclaw

gopass is a CLI password manager for teams, built on GPG and Git.

Prerequisites

gopass binary installed
GPG key available (gopass uses GPG for encryption)
Store initialized (gopass init or gopass setup)

Common Operations

List secrets

gopass ls
gopass ls -f          # flat list

Show a secret

gopass show path/to/secret           # full entry (password + metadata)
gopass show -o path/to/secret        # password only
gopass show -c path/to/secret        # copy to clipboard
gopass show path/to/secret key       # show specific field

Create / Update

gopass insert path/to/secret         # interactive
gopass edit path/to/secret           # open in $EDITOR
echo "mypassword" | gopass insert -f path/to/secret   # non-interactive

Add key-value metadata below the first line (password):

mysecretpassword
username: erdGecrawl
url: https://github.com
notes: Created 2026-01-31

Generate passwords

gopass generate path/to/secret 24           # 24-char password
gopass generate -s path/to/secret 32        # with symbols
gopass generate --xkcd path/to/secret 4     # passphrase (4 words)

Delete

gopass rm path/to/secret
gopass rm -r path/to/folder          # recursive

Move / Copy

gopass mv old/path new/path
gopass cp source/path dest/path

Search

gopass find github                   # search entry names
gopass grep "username"               # search entry contents

Store Management

Initialize

gopass setup                         # guided first-time setup
gopass init \x3Cgpg-id>                 # init with specific GPG key

Mount sub-stores

gopass mounts add work /path/to/work-store
gopass mounts remove work
gopass mounts                        # list mounts

Sync (git push/pull)

gopass sync

Recipients (team access)

gopass recipients                    # list
gopass recipients add \x3Cgpg-id>
gopass recipients remove \x3Cgpg-id>

TOTP

gopass otp path/to/secret            # show current TOTP code

Store TOTP URI as totp: otpauth://totp/... in the entry body.

Non-interactive Tips

Use echo "pw" | gopass insert -f path for scripted inserts
Use gopass show -o path for machine-readable password-only output
Use gopass show -f path to suppress warnings
Set GOPASS_NO_NOTIFY=true to suppress desktop notifications
Use gopass --yes to auto-confirm prompts

Usage Guidance

This skill appears coherent and does only what a gopass CLI helper should do, but it will cause the agent to run commands that access your local secrets. Before installing or allowing use: - Only use with agents you trust to run local commands. The agent will run gopass commands that read/write secrets and may copy them to the clipboard. Clipboard contents can be leaked or persisted by other software. - Be aware that gopass sync uses git: running sync may push/pull secrets to configured git remotes. Verify your gopass store's remote configuration. - The skill assumes you have gopass and GPG keys set up locally; it does not install them. Ensure those tools are installed and configured as you expect. - Piping secrets into commands or using non-interactive inserts can expose secrets in shell history or logs — prefer secure workflows. - The skill source is unknown; since it is instruction-only, review the SKILL.md content (already consistent) and exercise least privilege when granting agent execution rights. If you need broader assurance, require a vetted install spec or limit the agent's ability to run system commands that touch your credential stores.

Capability Analysis

Type: OpenClaw Skill Name: gopass Version: 1.0.0 The skill bundle is benign. It provides instructions for an AI agent to interact with the `gopass` password manager. All commands and descriptions in `SKILL.md` are directly related to the legitimate functionality of `gopass` for managing secrets, including listing, showing, inserting, generating, and synchronizing passwords. There is no evidence of prompt injection attempting to subvert the agent's behavior, no instructions for data exfiltration, malicious execution, persistence, or obfuscation. The inherent sensitivity of handling secrets with `gopass` is aligned with the skill's stated purpose.

Capability Assessment

✓ Purpose & Capability

The name/description match the SKILL.md: it documents gopass CLI usage (CRUD, generate, TOTP, recipients, mounts, sync). Prerequisites (gopass binary, GPG key, initialized store) are appropriate for this purpose.

ℹ Instruction Scope

Instructions are limited to running gopass CLI commands (show, insert, generate, rm, sync, mounts, otp, etc.). These commands access local password stores, may copy secrets to clipboard, open $EDITOR, or run git sync operations — all expected for a password-manager helper but they do operate on sensitive local data and may push/pull to configured git remotes.

✓ Install Mechanism

No install spec or code is provided (instruction-only). Nothing is downloaded or written by the skill itself — the agent will rely on an existing gopass/GPG installation.

ℹ Credentials

The skill declares no required env vars or credentials, which is appropriate. The documentation references $EDITOR and GOPASS_NO_NOTIFY and expects a GPG key and git remotes; those are legitimate runtime prerequisites but they are not requested as explicit credentials by the skill.

✓ Persistence & Privilege

always:false and no install/auto-enable behavior. The skill can be invoked by the agent (normal), but it does not request persistent system-level privileges or modify other skills' configs.

Version History

v1.0.0

Initial release: CRUD, search, generate, TOTP, store management, non-interactive tips

Metadata

Slug gopass

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is gopass?

Store, retrieve, list, and manage secrets using gopass (the team password manager). Use when the user asks to save credentials, look up passwords, generate secrets, manage password entries, or interact with a gopass password store. Covers CRUD operations, secret generation, TOTP, recipients, mounting stores, and clipboard operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 1675 downloads so far.

How do I install gopass?

Run "/install gopass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is gopass free?

Yes, gopass is completely free (open-source). You can download, install and use it at no cost.

Which platforms does gopass support?

gopass is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created gopass?

It is built and maintained by erdGeclaw (@erdgeclaw); the current version is v1.0.0.

More Skills

gopass