← Back to Skills Marketplace

Publish Passwords

Name: Publish Passwords
Author: ivangdavila

by Iván · GitHub ↗ · v1.1.0

linuxdarwinwin32 ✓ Security Clean

1180

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install passwords

Description

Local credential vault with OS keychain integration, encrypted storage, and session-based access control.

Usage Guidance

This skill looks internally consistent for a local encrypted vault and uses reasonable primitives (age, OS keyrings). Before installing, verify: (1) you have 'age' from a trusted source; (2) the agent implementation will actually enforce the 'must not' rules (instructions here are not code); (3) network calls (k-anonymity/leak checks) go to trusted endpoints and you accept that they involve sending partial hashes off-device; (4) OS keychain permissions are understood (the agent will need access to store/retrieve session tokens); (5) recovery wording (BIP39) and TOTP options have the expected security tradeoffs — storing TOTP in the same vault reduces security. Consider testing with non-sensitive entries first and require explicit confirmation for any medium/high/critical accesses.

Capability Analysis

Type: OpenClaw Skill Name: passwords Version: 1.1.0 The 'Passwords' skill bundle describes a robust, security-focused local credential vault. The `SKILL.md` details strong cryptographic practices (Argon2id, HKDF-SHA256, `age` encryption), secure handling of sensitive data (no command-line args, OS keychain integration, memory zeroing), and strict access control policies for the AI agent. Crucially, it includes an explicit 'What Agents Must Not Do' section, instructing the agent to avoid common insecure behaviors like logging credentials or auto-filling on domain mismatch, which actively mitigates prompt injection risks and demonstrates a strong intent for secure operation. There is no evidence of data exfiltration, malicious execution, persistence, or other harmful activities.

Capability Assessment

✓ Purpose & Capability

The skill describes a local credential vault with encrypted storage and OS keychain session tokens. Requiring the age binary for encryption is coherent. Minor mismatch: the registry name 'Publish Passwords' could be misleading compared to the described local vault functionality, but this is likely a naming issue rather than a capability mismatch.

ℹ Instruction Scope

SKILL.md is detailed and stays within vault behavior: key derivation, storage locations, session tokens in OS keystores, delivery methods, and access policies. It references using a k-anonymity API to check leaked passwords (network call) and instructs the agent to avoid logging secrets. These network checks and keychain access are expected for the stated purpose, but the policy rules (e.g., 'agents must not log credentials') are instructions only — they are not technically enforced by this skill because it has no code.

✓ Install Mechanism

Instruction-only skill with no install spec; lowest installation risk. Requiring 'age' (a well-known encryption tool) is reasonable and proportionate for an encrypted vault.

✓ Credentials

The skill requests no environment variables or external credentials. It requires access to the OS secure storage (Keychain/libsecret/Credential Manager) for session tokens, which is appropriate for a local vault. The suggested credential-delivery methods (env vars, stdin, secure IPC) are acceptable but require careful agent behavior to avoid leakage.

✓ Persistence & Privilege

always is false and the skill does not request persistent system-wide changes or other skills' configs. Agent autonomous invocation is allowed by default; the skill's policies restrict auto-access to low-sensitivity items, which is proportionate. Note: actual enforcement depends on the hosting agent honoring these instructions.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install passwords
After installation, invoke the skill by name or use /passwords
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

Rewritten for neutral tone, same functionality

v1.0.0

Initial release

Metadata

Slug passwords

Version 1.1.0

License —

All-time Installs 1

Active Installs 1

Total Versions 2

Frequently Asked Questions

What is Publish Passwords?

Local credential vault with OS keychain integration, encrypted storage, and session-based access control. It is an AI Agent Skill for Claude Code / OpenClaw, with 1180 downloads so far.

How do I install Publish Passwords?

Run "/install passwords" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Publish Passwords free?

Yes, Publish Passwords is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Publish Passwords support?

Publish Passwords is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Publish Passwords?

It is built and maintained by Iván (@ivangdavila); the current version is v1.1.0.

More Skills