← Back to Skills Marketplace

Password

Name: Password
Author: bytesagain3

by bytesagain3 · GitHub ↗ · v3.0.1 · MIT-0

cross-platform ✓ Security Clean

381

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install password

Description

Manage passwords with generation, strength checks, and storage. Use when creating credentials, auditing strength, rotating secrets, checking breaches.

Usage Guidance

This skill appears to be a local password utility and is internally consistent with that purpose. Before installing or using it: (1) inspect the remainder of scripts/script.sh (the provided content was truncated) to ensure it does not log or transmit generated or provided passwords to unexpected endpoints; (2) be aware it will create ~/.local/share/password-tool — check that it doesn't store plaintext secrets you don't want kept; (3) ensure openssl and common CLI tools (od, awk, sort, grep) are available on your system (SKILL.md only mentions curl); (4) breach checking uses Have I Been Pwned with k‑anonymity (only the first 5 chars of the SHA‑1 hash should be sent) — if you want to avoid any network calls, avoid the check-leak command. If you want higher assurance, run the script in a contained environment (VM/container) and review the full script source prior to use.

Capability Analysis

Type: OpenClaw Skill Name: password Version: 3.0.1 The 'password' skill is a legitimate utility for generating and analyzing passwords. It uses /dev/urandom for secure randomness and implements the Have I Been Pwned API using industry-standard k-anonymity (sending only the first 5 characters of a SHA-1 hash) in scripts/script.sh. No signs of data exfiltration, malicious execution, or prompt injection were found.

Capability Assessment

✓ Purpose & Capability

The name/description match the included scripts: the tool generates passwords, measures strength/entropy, and checks breaches. Requested tools (curl) and use of /dev/urandom, openssl, and common shell utilities are consistent with these functions.

ℹ Instruction Scope

SKILL.md instructs the agent to run scripts/script.sh for all commands, which is expected. The script performs local computation and an optional network call to Have I Been Pwned using k‑anonymity, which is appropriate for breach checking. Two minor scope notes: SKILL.md lists only 'curl' as a requirement but the script uses openssl and other common CLI utilities (od, awk, grep, sort) which are not declared; the script creates a data directory (~/.local/share/password-tool) — the manifest doesn't explain what (if anything) is persisted there. Review the remaining (truncated) part of the script to confirm it doesn't write sensitive data unencrypted or transmit it to unexpected endpoints.

✓ Install Mechanism

No install spec (instruction-only with a bundled script) — nothing is downloaded from external URLs during install. This is low-risk compared to remote downloads.

ℹ Credentials

The skill requests no environment credentials (none declared). It does access $HOME and creates ~/.local/share/password-tool to store data; this is plausible for a local tool but users should confirm what is stored. Network access (curl to api.pwnedpasswords.com) is limited to the breach-check feature and uses k‑anonymity; this aligns with the stated purpose.

✓ Persistence & Privilege

always is false and the skill is user-invocable only. It does not request broad platform privileges or modify other skills. Creating a per-user data directory is normal for a CLI utility, but review what it stores.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install password
After installation, invoke the skill by name or use /password
Provide required inputs per the skill's parameter spec and get structured output

Version History

v3.0.1

v3.0.1: SKILL.md rewritten to match new script commands.

v3.0.0

v3.0.0: Complete rewrite with real password functionality.

v2.0.1

update

v2.0.0

v2.5 standard: Use-when desc, homepage, source, security fix

v1.0.6

old template -> domain-specific v2.0.0

v1.0.5

old template -> domain-specific v2.0.0

v1.0.4

Quality upgrade

v1.0.3

Quality upgrade: custom functionality

v1.0.2

De-template, unique content, script cleanup

v1.0.1

Quality fix: cleaner docs, removed flags

v1.0.0

Initial release

Metadata

Slug password

Version 3.0.1

License MIT-0

All-time Installs 3

Active Installs 3

Total Versions 11

Frequently Asked Questions

What is Password?

Manage passwords with generation, strength checks, and storage. Use when creating credentials, auditing strength, rotating secrets, checking breaches. It is an AI Agent Skill for Claude Code / OpenClaw, with 381 downloads so far.

How do I install Password?

Run "/install password" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Password free?

Yes, Password is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Password support?

Password is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Password?

It is built and maintained by bytesagain3 (@bytesagain3); the current version is v3.0.1.

More Skills