← Back to Skills Marketplace

Encryption

Name: Encryption
Author: ivangdavila

by Iván · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1194

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install encryption

Description

Encrypt files, secure passwords, manage keys, and audit code for cryptographic best practices.

README (SKILL.md)

When to Use

Encrypting files, database fields, or app storage
Password hashing (bcrypt, argon2)
Key management, rotation, derivation
TLS/certificate configuration
Auditing code for crypto mistakes
Mobile secure storage (Keychain, Keystore)

Algorithm Selection

Purpose	Use	Avoid
Passwords	argon2id, bcrypt (cost≥12)	MD5, SHA1, plain SHA256
Symmetric	AES-256-GCM, ChaCha20-Poly1305	AES-ECB, DES, RC4
Asymmetric	RSA-4096+OAEP, Ed25519, P-256	RSA-1024, PKCS#1 v1.5
Key derivation	PBKDF2 (≥600k), scrypt, argon2	Single-pass hash
JWT signing	RS256, ES256	HS256 with weak secret
TLS	1.2+ only	TLS 1.0/1.1, SSLv3

Critical Rules

Never reuse IVs/nonces — AES-GCM + repeated nonce = catastrophic
Use authenticated encryption (AEAD) — Plain CBC enables padding oracles
Hash passwords, don't encrypt — Hashing is one-way
No hardcoded keys — Use env vars, KMS, or Vault
No Math.random() for crypto — Use CSPRNG only
Constant-time comparisons — Prevent timing attacks on secrets
Separate keys by purpose — Encryption ≠ signing ≠ backup

File Encryption (CLI)

# age (modern, simple)
age -p -o file.age file.txt
age -d -o file.txt file.age

# GPG
gpg -c --cipher-algo AES256 file.txt

Platform-Specific

See patterns.md for code snippets:

Password hashing (Node, Python, Go)
Envelope encryption with KMS
JWT with RS256 key rotation
Secure token generation

See mobile.md for:

iOS Keychain wrapper
Android EncryptedSharedPreferences
SQLCipher setup
Biometric auth integration
Certificate pinning

See infra.md for:

TLS certificate auto-renewal
HashiCorp Vault policies
mTLS between services
Backup encryption verification

Audit Checklist

No plaintext passwords in DB/logs/env
No secrets in git history
No hardcoded keys in source
No Math.random() for security
No deprecated algorithms (MD5, SHA1, DES)
No disabled cert validation
IVs/nonces never reused
PBKDF2 iterations ≥600k / bcrypt cost ≥12
TLS 1.2+ enforced, old protocols disabled
Key rotation procedure documented

Usage Guidance

This skill is a collection of encryption patterns and operational scripts that are consistent with its stated purpose, but it instructs actions that require sensitive credentials and access (AWS, Vault, Postgres, Kubernetes, etc.) while declaring none. Before installing or running any examples: 1) Review and run examples in an isolated/test environment (not production). 2) Provide least-privilege credentials (short-lived tokens/roles) for any cloud/Vault/DB access. 3) Avoid copying example commands verbatim that construct or echo secrets into shell history or logs (use parameterized APIs or environment-only injection). 4) Inspect and adapt scripts that perform uploads (aws s3 cp), DB changes (psql ALTER USER), or Vault writes so they do not leak secrets to logs or remote services. 5) If you want to allow autonomous agent invocation, consider the agent's access scope carefully—do not grant broad cloud or kube credentials to an agent that can call these steps automatically.

Capability Analysis

Type: OpenClaw Skill Name: encryption Version: 1.0.0 The skill bundle provides comprehensive documentation and code examples for encryption best practices across various platforms and infrastructure. All code snippets and instructions, including those in SKILL.md, infra.md, mobile.md, and patterns.md, are aligned with the stated purpose of encrypting files, securing passwords, managing keys, and auditing cryptographic implementations. While some scripts utilize powerful system commands (e.g., `psql`, `vault`, `kubectl`, `aws s3 cp`, `openssl`, `nmap`, `curl`, `testssl.sh`), their usage is consistently for legitimate security, key management, or auditing functions, without any evidence of malicious intent such as unauthorized data exfiltration, persistence mechanisms, or prompt injection attempts to subvert the agent's operation. For example, `aws s3 cp` is used to upload encrypted backups to a generic `s3://backups-encrypted/` bucket, which is a standard and benign operation.

Capability Assessment

ℹ Purpose & Capability

The name and description match the included materials: encryption patterns, mobile Keychain/Keystore, Vault/KMS usage, and audit checklists. The examples legitimately reference tools and services commonly used for encryption (age, gpg, aws KMS, HashiCorp Vault, SQLCipher, psql, kubectl). Nothing in the content appears intended for a different purpose.

⚠ Instruction Scope

SKILL.md and included files instruct running commands that access network services, system configuration, and cloud storage (aws s3 cp, vault kv put/get, psql, kubectl, certbot, openssl, nmap, curl). Those operations can read or transmit sensitive data. The skill does not declare or document the credentials or environment configuration required to run those commands, and some examples embed or echo secrets (e.g., building SQL with a shell variable). This grants broad discretion to an agent following the instructions and could lead to unintended data access or transmission if invoked without care.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files; nothing will be written to disk by an installer. This is the lowest-risk installation model.

⚠ Credentials

The skill metadata lists no required environment variables or credentials, but the documentation uses AWS CLI, AWS KMS, Vault, Postgres, and kubectl—all of which require credentials or access (AWS keys/roles, Vault token/agent, DB user/password, kube credentials). The lack of declared required secrets is inconsistent with the runtime actions it describes and increases the chance the user will run the examples with improperly scoped credentials or accidentally expose secrets.

✓ Persistence & Privilege

always is false and the skill does not request persistent system presence or modify other skills/configs. Autonomous invocation is allowed (platform default) but is not combined with additional privileged settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install encryption
After installation, invoke the skill by name or use /encryption
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release

Metadata

Slug encryption

Version 1.0.0

License —

All-time Installs 14

Active Installs 14

Total Versions 1

Frequently Asked Questions

What is Encryption?

Encrypt files, secure passwords, manage keys, and audit code for cryptographic best practices. It is an AI Agent Skill for Claude Code / OpenClaw, with 1194 downloads so far.

How do I install Encryption?

Run "/install encryption" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Encryption free?

Yes, Encryption is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Encryption support?

Encryption is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Encryption?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills