← Back to Skills Marketplace
110
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install password-manager-pro
Description
本地密码管理技能,支持添加、编辑、删除、搜索密码,支持分类管理、备注添加,数据存储在本地,支持导入导出和备份。当用户提到密码、账号、密码管理、保存密码、查找密码时使用此技能。
Usage Guidance
Do not trust this skill with real passwords until the issues below are addressed: 1) Code audit: the included password_manager.py stores the "password" field directly in JSON (no encryption). SKILL.md/README sometimes show "encrypted_password" — confirm whether encryption is implemented and, if missing, require the author to add well-known encryption (e.g., user-supplied master password-derived key, OS keystore integration) before using. 2) Missing files: the documentation references multiple helper modules that are not present; ask the author for the complete package or a clear list of implemented features. 3) Backups: the skill auto-creates backup files in ~/.workbuddy/data/backups; ensure backups are stored encrypted or in a secure location. 4) Testing: run the code in an isolated environment, inspect saved JSON contents, and verify there is no network activity. 5) Alternatives: consider established, audited password managers or require encryption tied to a master secret before storing sensitive accounts. If you decide to proceed temporarily, only store non-critical/test accounts and keep manual encrypted backups elsewhere.
Capability Analysis
Type: OpenClaw Skill
Name: password-manager-pro
Version: 1.0.0
The skill bundle implements a password manager that stores all user credentials in plain text in a predictable local file (~/.workbuddy/data/passwords.json). While the documentation in SKILL.md and README.md explicitly acknowledges the lack of encryption, this design represents a critical security vulnerability that facilitates credential theft by any local process. No evidence of intentional data exfiltration or hidden backdoors was found in the provided code (scripts/password_manager.py and scripts/password_generator.py), but the high-risk nature of the data handled combined with the absence of basic security controls warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description and provided code align with a local password manager (adding/editing/searching, local JSON storage). However the SKILL.md/README claim encrypted storage in examples (data structure shows "encrypted_password") while the included password_manager.py stores the password field directly (no encryption). SKILL.md and README also list several supporting scripts (password_analyzer.py, backup_manager.py, import_export.py, security_checker.py, duplicate_detector.py) that are referenced but not present in the file manifest; this mismatch suggests the package is incomplete or documentation is inaccurate.
Instruction Scope
Runtime instructions are focused on local password management and reference the local default path (~/.workbuddy/data/passwords.json). They do not instruct network exfiltration or access to unrelated secrets. However the instructions/documentation present functionality (encryption, extra analyzer/backup modules) that the shipped code does not implement, granting the skill broader implied capabilities than are actually present and creating risk if users assume encryption exists. The SKILL.md also instructs the agent to trigger on any user mention of '密码/账号' — expected, but be aware this means the skill may be invoked frequently when dealing with sensitive data.
Install Mechanism
No install spec; this is an instruction+script bundle. Nothing is downloaded from external URLs and no installers are run, reducing supply-chain risk. The files are static and local.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond writing to a subdirectory of the user's home (~/.workbuddy/data). These permissions are proportionate for a local password manager. Note: writing plaintext password data and automated backups to the user's filesystem is still a sensitive privilege.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill writes its own data and backups under ~/.workbuddy/data and creates backup files in ~/.workbuddy/data/backups; it does not request system-wide config changes or modify other skills. Persistent file writes are expected for this functionality but should be considered sensitive because they store passwords locally (and currently in plaintext).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install password-manager-pro - After installation, invoke the skill by name or use
/password-manager-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Major overhaul: Password-manager skill migrated from an advanced English local password manager with encryption and CLI tooling to a Chinese-focused, plaintext, local password recording tool.
- Added comprehensive Chinese documentation detailing core features, user scenarios, data structure, and usage recommendations.
- Changed storage model: passwords are now stored unencrypted by default, with a warning to use system encryption if needed.
- Replaced previous JS/Node-based code with new Python scripts: `password_manager.py` and `password_generator.py`.
- Removed extensive prior configuration, encryption, audit, and OpenClaw integration files and features.
- Added new guides, data schema, and resource directory for reference and best practices.
Metadata
Frequently Asked Questions
What is password-manager?
本地密码管理技能,支持添加、编辑、删除、搜索密码,支持分类管理、备注添加,数据存储在本地,支持导入导出和备份。当用户提到密码、账号、密码管理、保存密码、查找密码时使用此技能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.
How do I install password-manager?
Run "/install password-manager-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is password-manager free?
Yes, password-manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does password-manager support?
password-manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created password-manager?
It is built and maintained by lining (@liningg); the current version is v1.0.0.
More Skills