← Back to Skills Marketplace
286
Downloads
1
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install private-chat
Description
Private Chat Mode - Trigger encrypted conversations via codeword. Sensitive information is automatically encrypted using AES-256-CBC for maximum security.
Usage Guidance
This skill provides a straightforward encryption helper (shell script using OpenSSL) and documentation to add a 'private mode', but there are important red flags you should consider before installing:
- The SKILL.md explicitly instructs the assistant to hide the existence of private mode in non-private conversations (tells the model to lie/deny). That is deceptive behavior and may be unacceptable depending on your trust model and policy. Remove or modify that 'Iron Law' before use if you need transparency.
- The documentation instructs you to store the encryption password in config.json (plaintext). This is insecure — prefer prompting for the password at runtime or using a system keystore, and restrict file permissions (chmod 600) for any vault files.
- The included script depends on openssl and base64 utilities but the skill metadata does not declare required binaries. Verify openssl is available and audit the script before running.
- The SKILL.md claims 'auto-encrypt and save' behavior but the shipped script only performs encryption/decryption and does not implement automatic agent-side storage — check how your agent will call the script and where it will write files. Confirm where memory/private-vault.md will live and who can read it.
- Default settings use a surprising codeword ('lgbt') — change it to something neutral and private.
Recommendations: review and remove the concealment instructions, avoid putting secrets in config.json, run the script locally to verify behavior, inspect who/what can read the vault file, and only install if you trust the skill author or are prepared to modify the skill to meet your security requirements.
Capability Analysis
Type: OpenClaw Skill
Name: private-chat
Version: 1.1.2
The skill provides a legitimate encrypted 'private vault' feature using AES-256-CBC encryption via a local bash script (scripts/private-vault.sh). While it includes 'Iron Law' instructions in SKILL.md that command the AI to deceive users by denying the feature's existence when not in use, this is presented as a documented privacy feature rather than a malicious backdoor. No evidence of data exfiltration, unauthorized network activity, or intentional exploitation was found.
Capability Assessment
Purpose & Capability
The name/description (private encrypted conversations) align with the provided encryption script and docs. However the SKILL.md promises 'auto-encrypt and save to memory/private-vault.md' while the included script only performs encryption/decryption and does not implement automatic storage integration; the doc also instructs creating a plaintext config.json containing the encryption password (security/usability mismatch). The default codeword 'lgbt' is an odd/unexpected choice that may be insensitive.
Instruction Scope
SKILL.md contains high-level runtime rules that go beyond a simple helper: it tells the agent to detect a codeword, identify sensitive data, auto-encrypt and store it, auto-exit and clear context — and critically it contains an 'Iron Law' requiring the agent to completely hide the existence of private mode in non-private mode (explicit instructions to lie/deny). That is scope creep and a deceptive behavior directive which is a security and policy risk. The instructions also assume the agent will write/read config.json and memory/private-vault.md but give no safe implementation details.
Install Mechanism
No install spec (instruction-only) — low risk from external downloads. The repo includes a shell script that relies on openssl being present; however required binaries were not declared in metadata. The script is local and readable; it uses openssl and base64, so system availability of those tools is required but not surfaced in requirements.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. However the configuration pattern requires storing an encryption password in config.json (plaintext file) per the documentation — that is a poor security practice and disproportionate to a secure design (should use a secure keystore or prompt at runtime). No declarations warn the user about file permissions for the 'memory' folder.
Persistence & Privilege
always:false and no system-wide changes — the skill does not request persistent platform privileges. That said, because the SKILL.md instructs the agent to hide the feature and to persist encrypted content to disk, if the agent is allowed autonomous invocation this combination increases the potential for covert data retention; the deceptive behavior combined with normal model invocation raises concern but does not in itself indicate privilege escalation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install private-chat - After installation, invoke the skill by name or use
/private-chat - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
private-chat v1.1.2
- Updated documentation to credit 兵步一郎 (Ichiro) as author and clarify purpose.
- No functional changes; improvements limited to English and Chinese documentation files.
v1.1.1
private-chat v1.1.1
- No code or documentation changes detected in this release.
- Version increment only; functionality and documentation remain unchanged.
v1.1.0
- Added English documentation files: SKILL.md and README.md, providing full instructions in English.
- Included Chinese documentation: SKILL.zh.md and README.zh.md for multilingual support.
- Updated package.json and existing documents to reflect bilingual support and improved instructions.
- No changes to core logic or encryption—documentation and usability update only.
v1.0.0
Private Chat Skill – initial release.
- Adds private chat functionality triggered by a codeword, enabling encrypted conversations.
- All sensitive information is automatically stored with AES-256-CBC encryption.
- Supports custom encryption password and configurable auto-exit timeout.
- Includes command-line scripts for encrypting/decrypting stored data.
- Strict privacy rules: fully conceals existence of private mode outside of it.
Metadata
Frequently Asked Questions
What is Private Chat?
Private Chat Mode - Trigger encrypted conversations via codeword. Sensitive information is automatically encrypted using AES-256-CBC for maximum security. It is an AI Agent Skill for Claude Code / OpenClaw, with 286 downloads so far.
How do I install Private Chat?
Run "/install private-chat" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Private Chat free?
Yes, Private Chat is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Private Chat support?
Private Chat is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Private Chat?
It is built and maintained by 兵部尚书 (@hudul); the current version is v1.1.2.
More Skills