← Back to Skills Marketplace
ohernandez-dev-blossom

Bcrypt Generate

by Omar Hernandez · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
101
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install bcrypt-generate
Description
Hash passwords using bcrypt or verify a password against a bcrypt hash. Use when the user asks to bcrypt a password, generate a bcrypt hash, check if a passw...
README (SKILL.md)

Bcrypt Generate

Hash passwords with bcrypt or verify existing hashes using Python's bcrypt library.

Input

For hashing:

  • Password string to hash
  • Cost/rounds (default: 10, range: 4–31)

For verification:

  • Password string
  • Existing bcrypt hash string (starts with $2b$ or $2a$)

Output

  • Bcrypt hash string (for hashing mode)
  • True/False result (for verification mode)

Instructions

  1. Determine mode: hash a new password, or verify against an existing hash.

  2. Hashing a password:

    python3 -c "import bcrypt; print(bcrypt.hashpw(b'PASSWORD', bcrypt.gensalt(rounds=ROUNDS)).decode())"

    Replace PASSWORD with the actual password and ROUNDS with the cost factor (default 10).

  3. Verifying a password against a hash:

    python3 -c "import bcrypt; print(bcrypt.checkpw(b'PASSWORD', b'HASH'))"

    Replace PASSWORD and HASH with the actual values.

  4. Check if bcrypt Python package is available before running:

    python3 -c "import bcrypt" 2>&1

    If it fails with ModuleNotFoundError, tell the user:

    "This skill requires the Python bcrypt package. Install with: pip3 install bcrypt."

  5. If python3 is not found at all, tell the user:

    "This skill requires python3. Install with: brew install python3 (macOS) or sudo apt install python3 (Linux)."

  6. Present the hash output on its own line. For verification, report clearly: "Password MATCHES the hash" or "Password does NOT match the hash."

Examples

Hash password "mysecret" with cost 10: Command: python3 -c "import bcrypt; print(bcrypt.hashpw(b'mysecret', bcrypt.gensalt(rounds=10)).decode())" Output: $2b$10$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW

Hash password "admin" with cost 12: Command: python3 -c "import bcrypt; print(bcrypt.hashpw(b'admin', bcrypt.gensalt(rounds=12)).decode())" Output: $2b$12$... (60-char bcrypt hash)

Verify "mysecret" against $2b$10$abc...: Command: python3 -c "import bcrypt; print(bcrypt.checkpw(b'mysecret', b'\$2b\$10\$abc...'))" Output: True

Error Handling

  • python3 not found → tell user to install Python 3
  • bcrypt module not found → tell user to run pip3 install bcrypt
  • Password contains single quotes → escape them or note that the command must be adjusted; prefer using a temp Python script file for complex passwords
  • Hash string malformed (does not start with $2b$ or $2a$) → warn the user the hash appears invalid before running
  • High cost factor (>= 14) → warn the user this will be slow (intentional for security)
Usage Guidance
This skill appears to do what it claims and asks for nothing unrelated. Primary practical concern: the example commands place plaintext passwords on the command line, which can be recorded in shell history or visible to other local users via process listings. To avoid this, prefer a short Python script that reads the password from stdin or uses getpass.getpass(), or accept the password via a secure prompt/file, instead of embedding it in the -c string. Only install the bcrypt package from PyPI (pip3 install bcrypt) if you trust your environment. Avoid pasting real production passwords into chat or logs.
Capability Analysis
Type: OpenClaw Skill Name: bcrypt-generate Version: 1.0.0 The skill provides legitimate bcrypt hashing and verification functionality but is vulnerable to shell injection. The instructions in SKILL.md direct the agent to construct shell commands by inserting user-provided passwords and hashes directly into `python3 -c` strings, which could lead to arbitrary code execution if the inputs contain shell metacharacters (e.g., backticks or command substitutions).
Capability Assessment
Purpose & Capability
Name/description match the requested artifacts: the skill is instruction-only and requires only python3 to run bcrypt commands. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
Instructions are narrowly focused on hashing and verification using Python's bcrypt library. However, the provided commands embed plaintext passwords directly on the shell command line (python3 -c '...b"PASSWORD"...'), which can expose secrets to shell history and to other local users via process listings on some systems. The SKILL.md does acknowledge complex-password issues and suggests using a temp Python script; it would be safer to recommend reading passwords via stdin or getpass.getpass() to avoid command-line exposure.
Install Mechanism
No install spec is present (instruction-only), so nothing is downloaded or written to disk by the skill itself. The doc correctly instructs the user to pip-install the bcrypt package if missing, which is expected.
Credentials
The skill requests no environment variables, credentials, or config paths. Its needs (python3 and the bcrypt package) are proportional to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills/configs. Autonomous invocation is enabled (the platform default) but is not combined with broad access or unusual privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bcrypt-generate
  3. After installation, invoke the skill by name or use /bcrypt-generate
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — securely hash and verify passwords using bcrypt via Python. - Hashes passwords with customizable cost (rounds) via Python’s bcrypt library. - Verifies if a password matches an existing bcrypt hash. - Clear instructions and command examples for both hashing and verification modes. - Handles missing python3 or bcrypt module with actionable install guidance. - Warnings for malformed hashes, complex passwords, and slow high-cost factors.
Metadata
Slug bcrypt-generate
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Bcrypt Generate?

Hash passwords using bcrypt or verify a password against a bcrypt hash. Use when the user asks to bcrypt a password, generate a bcrypt hash, check if a passw... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.

How do I install Bcrypt Generate?

Run "/install bcrypt-generate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bcrypt Generate free?

Yes, Bcrypt Generate is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Bcrypt Generate support?

Bcrypt Generate is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bcrypt Generate?

It is built and maintained by Omar Hernandez (@ohernandez-dev-blossom); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments