← 返回 Skills 市场
ohernandez-dev-blossom

Bcrypt Generate

作者 Omar Hernandez · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
101
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install bcrypt-generate
功能描述
Hash passwords using bcrypt or verify a password against a bcrypt hash. Use when the user asks to bcrypt a password, generate a bcrypt hash, check if a passw...
使用说明 (SKILL.md)

Bcrypt Generate

Hash passwords with bcrypt or verify existing hashes using Python's bcrypt library.

Input

For hashing:

  • Password string to hash
  • Cost/rounds (default: 10, range: 4–31)

For verification:

  • Password string
  • Existing bcrypt hash string (starts with $2b$ or $2a$)

Output

  • Bcrypt hash string (for hashing mode)
  • True/False result (for verification mode)

Instructions

  1. Determine mode: hash a new password, or verify against an existing hash.

  2. Hashing a password:

    python3 -c "import bcrypt; print(bcrypt.hashpw(b'PASSWORD', bcrypt.gensalt(rounds=ROUNDS)).decode())"

    Replace PASSWORD with the actual password and ROUNDS with the cost factor (default 10).

  3. Verifying a password against a hash:

    python3 -c "import bcrypt; print(bcrypt.checkpw(b'PASSWORD', b'HASH'))"

    Replace PASSWORD and HASH with the actual values.

  4. Check if bcrypt Python package is available before running:

    python3 -c "import bcrypt" 2>&1

    If it fails with ModuleNotFoundError, tell the user:

    "This skill requires the Python bcrypt package. Install with: pip3 install bcrypt."

  5. If python3 is not found at all, tell the user:

    "This skill requires python3. Install with: brew install python3 (macOS) or sudo apt install python3 (Linux)."

  6. Present the hash output on its own line. For verification, report clearly: "Password MATCHES the hash" or "Password does NOT match the hash."

Examples

Hash password "mysecret" with cost 10: Command: python3 -c "import bcrypt; print(bcrypt.hashpw(b'mysecret', bcrypt.gensalt(rounds=10)).decode())" Output: $2b$10$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW

Hash password "admin" with cost 12: Command: python3 -c "import bcrypt; print(bcrypt.hashpw(b'admin', bcrypt.gensalt(rounds=12)).decode())" Output: $2b$12$... (60-char bcrypt hash)

Verify "mysecret" against $2b$10$abc...: Command: python3 -c "import bcrypt; print(bcrypt.checkpw(b'mysecret', b'\$2b\$10\$abc...'))" Output: True

Error Handling

  • python3 not found → tell user to install Python 3
  • bcrypt module not found → tell user to run pip3 install bcrypt
  • Password contains single quotes → escape them or note that the command must be adjusted; prefer using a temp Python script file for complex passwords
  • Hash string malformed (does not start with $2b$ or $2a$) → warn the user the hash appears invalid before running
  • High cost factor (>= 14) → warn the user this will be slow (intentional for security)
安全使用建议
This skill appears to do what it claims and asks for nothing unrelated. Primary practical concern: the example commands place plaintext passwords on the command line, which can be recorded in shell history or visible to other local users via process listings. To avoid this, prefer a short Python script that reads the password from stdin or uses getpass.getpass(), or accept the password via a secure prompt/file, instead of embedding it in the -c string. Only install the bcrypt package from PyPI (pip3 install bcrypt) if you trust your environment. Avoid pasting real production passwords into chat or logs.
功能分析
Type: OpenClaw Skill Name: bcrypt-generate Version: 1.0.0 The skill provides legitimate bcrypt hashing and verification functionality but is vulnerable to shell injection. The instructions in SKILL.md direct the agent to construct shell commands by inserting user-provided passwords and hashes directly into `python3 -c` strings, which could lead to arbitrary code execution if the inputs contain shell metacharacters (e.g., backticks or command substitutions).
能力评估
Purpose & Capability
Name/description match the requested artifacts: the skill is instruction-only and requires only python3 to run bcrypt commands. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
Instructions are narrowly focused on hashing and verification using Python's bcrypt library. However, the provided commands embed plaintext passwords directly on the shell command line (python3 -c '...b"PASSWORD"...'), which can expose secrets to shell history and to other local users via process listings on some systems. The SKILL.md does acknowledge complex-password issues and suggests using a temp Python script; it would be safer to recommend reading passwords via stdin or getpass.getpass() to avoid command-line exposure.
Install Mechanism
No install spec is present (instruction-only), so nothing is downloaded or written to disk by the skill itself. The doc correctly instructs the user to pip-install the bcrypt package if missing, which is expected.
Credentials
The skill requests no environment variables, credentials, or config paths. Its needs (python3 and the bcrypt package) are proportional to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills/configs. Autonomous invocation is enabled (the platform default) but is not combined with broad access or unusual privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bcrypt-generate
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bcrypt-generate 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — securely hash and verify passwords using bcrypt via Python. - Hashes passwords with customizable cost (rounds) via Python’s bcrypt library. - Verifies if a password matches an existing bcrypt hash. - Clear instructions and command examples for both hashing and verification modes. - Handles missing python3 or bcrypt module with actionable install guidance. - Warnings for malformed hashes, complex passwords, and slow high-cost factors.
元数据
Slug bcrypt-generate
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Bcrypt Generate 是什么?

Hash passwords using bcrypt or verify a password against a bcrypt hash. Use when the user asks to bcrypt a password, generate a bcrypt hash, check if a passw... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。

如何安装 Bcrypt Generate?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bcrypt-generate」即可一键安装,无需额外配置。

Bcrypt Generate 是免费的吗?

是的,Bcrypt Generate 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Bcrypt Generate 支持哪些平台?

Bcrypt Generate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bcrypt Generate?

由 Omar Hernandez(@ohernandez-dev-blossom)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论