← Back to Skills Marketplace
750
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install passwordstore-broker
Description
Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environm...
Usage Guidance
This skill appears coherent and implements a local/LAN one-time intake flow that stores secrets into your pass store and injects them into commands without putting secret values in chat. Before installing, verify you are comfortable with: (1) installing and using pass/gpg on the host; (2) the fact that the skill runs a temporary local HTTPS server (ensure you run it on trusted networks and do not expose the intake URL in public channels); (3) storing the TOTP enrollment secret in ~/.passwordstore-broker/totp.secret and treating that file as sensitive (the project warns not to transmit it); and (4) any commands executed via run_with_secret.sh will run with the secret available to that process (so ensure those commands are trusted). If you need higher assurance, review the full get_password_from_user.py contents (it runs the local HTTPS server, LAN autodetection, and TOTP checks) and test in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill
Name: passwordstore-broker
Version: 1.1.1
The skill bundle is designed for secure secret handling, acting as a broker between an AI agent and a `pass` password store. All scripts (`run_with_secret.sh`, `vault.sh`, `get_password_from_user.py`, `setup_totp_enrollment.py`) demonstrate strong security practices, including robust input sanitization, safe subprocess execution (e.g., passing secrets via stdin, using `--` for `pass` commands, `exec env` for environment injection), and strict network access controls (e.g., `get_password_from_user.py` explicitly checks for private IPs and restricts access to local or private networks). The `SKILL.md` and `references/SETUP.md` documentation includes explicit guardrails for the AI agent, instructing it never to leak secrets or expose sensitive information. There is no evidence of intentional malicious behavior, data exfiltration, or unauthorized actions; instead, the code actively implements measures to prevent such risks.
Capability Assessment
Purpose & Capability
Name/description claim collecting secrets and storing in pass; included scripts implement TOTP enrollment, a local HTTPS intake form, pass-backed vault operations, and an env-injection wrapper. Declared binary dependencies (pass, gpg, openssl, python3, qrencode) match the implementation.
Instruction Scope
SKILL.md explicitly restricts behavior to local/LAN intake, TOTP validation, storing/retrieving secrets via scripts/vault.sh, and executing commands via run_with_secret.sh. The runtime instructions do not request unrelated files, external endpoints, or unrelated credentials. They do require the agent to present the generated local/LAN URL to the user (expected for the one-time intake flow).
Install Mechanism
No install spec; this is an instruction-first skill with bundled scripts. Nothing is downloaded from external URLs and no archives are extracted. Risk from install-time network downloads is therefore minimal.
Credentials
The skill requests no environment variables or external credentials. It relies on locally-installed tools (pass/gpg) rather than asking for tokens. The number and type of required tools are proportionate to the stated functionality.
Persistence & Privilege
always is false and the skill does not request elevated or system-wide privileges. It writes only into its own directory under the user's home (e.g., ~/.passwordstore-broker) and uses the user's pass store; it does not modify other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install passwordstore-broker - After installation, invoke the skill by name or use
/passwordstore-broker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
- Added a metadata section describing compatibility requirements: pass, gpg, openssl, python3, qrencode, and local HTTPS network access.
- No other changes to workflow or logic.
v1.1.0
- Added LAN mode option (--access lan) to scripts/get_password_from_user.py for secret collection on private networks.
- Updated documentation to describe LAN mode usage, including requirement for users to submit both secret values and TOTP codes via the web form.
- No changes to the overall workflow or core guardrails; local and LAN secret intakes are now both supported.
v1.0.3
passwordstore-broker 1.0.3
- Tightened TOTP setup: now requires both `~/.passwordstore-broker/totp.secret` and `~/.passwordstore-broker/setup_completed_at.txt` before LAN-mode intake.
- Made TOTP secret rotation stricter: agents must never rotate or retransmit `totp.secret`; only manual user rotation is permitted.
- Improved initial enrollment flow by recording and trusting `setup_completed_at` timestamp.
- No code changes; documentation update only.
v1.0.2
- Added TOTP (Time-based One-Time Password) enrollment support for LAN-based secret intake; setup is required before first LAN use.
- Introduced a new setup script: scripts/setup_totp_enrollment.py for TOTP provisioning.
- Updated intake workflow: LAN mode now supports secret submission from other devices with TOTP validation.
- Expanded SKILL.md protocol: includes preflight checks for TOTP, LAN mode details, and revised security guardrails.
v1.0.1
- Updates intake process to restrict all secret submissions strictly to localhost; network/remote intake is no longer allowed.
- Adds explicit guardrails in documentation to prohibit exposing the intake form on public or network interfaces.
- Clarifies that intake URL must remain localhost-only, removing previous guidance on using tunnels or host/IP overrides.
v1.0.0
Initial release enforcing safe secret handling for agent workflows:
- Prevents users from pasting raw secrets (passwords, API keys) into chat.
- Brokers secret collection via browser link through `scripts/get_password_from_user` and stores using `pass` via `scripts/vault.sh`.
- Injects secrets into tool commands via environment variables with `scripts/run_with_secret`; secrets never enter chat, context, or logs.
- Defines workflow steps, naming rules, and operational guardrails to prevent secret leakage.
- Provides instructions for secret management, injection, and rotation.
Metadata
Frequently Asked Questions
What is Passwordstore Broker?
Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environm... It is an AI Agent Skill for Claude Code / OpenClaw, with 750 downloads so far.
How do I install Passwordstore Broker?
Run "/install passwordstore-broker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Passwordstore Broker free?
Yes, Passwordstore Broker is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Passwordstore Broker support?
Passwordstore Broker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Passwordstore Broker?
It is built and maintained by Marius (@bieggerm); the current version is v1.1.1.
More Skills