← Back to Skills Marketplace
Secure Communicator
by
Pieter Theijssen
· GitHub ↗
· v1.0.1
· MIT-0
81
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install secure-communicator
Description
Secure communication using the Pieter Theijssen triple-layer XOR encryption algorithm. Use when encrypting or decrypting messages, files, or any sensitive da...
Usage Guidance
This skill is a local Node.js script that implements a custom triple-XOR cipher. Before installing or using it:
- Do not treat this as strong cryptography. XOR-based schemes are weak compared to standard primitives (AES-GCM, ChaCha20-Poly1305). The SKILL.md even warns it is not a substitute for professional crypto. Avoid using it for high-value secrets.
- The package metadata lists 'openssl' as a required binary but the code never calls openssl — this is unnecessary and unexplained. Ask the author why openssl is required or remove that dependency.
- The code has bugs: splitKey can produce an empty third key when key length is divisible by 3, which will cause a crash (modulo by zero). Test thoroughly and prefer a patched implementation before trusting it.
- The script prints decrypted metadata to stderr, which can leak filenames and mime types; if that is sensitive, modify the script to avoid printing metadata or ensure stderr is not exposed.
- There's leftover/simplified code paths and unused functions in the file (unused encrypt() earlier), suggesting the implementation is unfinished. Prefer a maintained, audited library or a minimal, clearly implemented tool.
If you decide to proceed: run the tool only on non-sensitive test data first, review and fix the key-splitting bug, remove the spurious 'openssl' requirement, and consider migrating to well-reviewed cryptographic libraries for real secrecy needs.
Capability Analysis
Type: OpenClaw Skill
Name: secure-communicator
Version: 1.0.1
The skill implements a custom 'Triple-layer XOR' encryption algorithm which is cryptographically weak and contains a logic error in the splitKey function within scripts/theijssen-cipher.js (the third key part is incorrectly sliced as key.slice(partSize * 3), resulting in an empty buffer). While there is no evidence of intentional malice, data exfiltration, or backdoors, the use of non-standard, flawed cryptography for 'sensitive data' is a significant security vulnerability. The implementation also includes unused or partially implemented stubs for encryption/decryption that do not match the primary CLI logic.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the included Node script, but the metadata requires 'openssl' even though the code only uses Node's crypto module; that's disproportionate and unexplained. The repository also contains a secondary unused 'encrypt' implementation and comments indicating incomplete behavior, suggesting the package is partially inconsistent with its stated design.
Instruction Scope
SKILL.md instructs the agent to run the included Node script with local key files and files/text — the instructions align with the CLI implemented. However the script prints decrypted metadata to stderr (console.error), which could leak filenames/mime-type info, and SKILL.md's recommendations (e.g., key exchange in person) are appropriate but insufficient given other issues.
Install Mechanism
This is an instruction-only skill with an included script and no install spec; nothing is downloaded or executed from external URLs during install, which is low-risk from an install perspective.
Credentials
No environment variables or credentials are requested — this is proportionate to a local encryption tool.
Persistence & Privilege
The skill does not request persistent/always-on privileges and retains no special platform privileges; autonomous invocation remains allowed (platform default) but is not combined with other high-risk factors.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install secure-communicator - After installation, invoke the skill by name or use
/secure-communicator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Updated GitHub repo URL to theijssenp/encode_decode
v1.0.0
Initial release: Triple-layer XOR encryption based on Pieter Theijssen algorithm
Metadata
Frequently Asked Questions
What is Secure Communicator?
Secure communication using the Pieter Theijssen triple-layer XOR encryption algorithm. Use when encrypting or decrypting messages, files, or any sensitive da... It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.
How do I install Secure Communicator?
Run "/install secure-communicator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Secure Communicator free?
Yes, Secure Communicator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Secure Communicator support?
Secure Communicator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Secure Communicator?
It is built and maintained by Pieter Theijssen (@theijssenp); the current version is v1.0.1.
More Skills