← 返回 Skills 市场
ohernandez-dev-blossom

Cert Decode

作者 Omar Hernandez · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
140
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cert-decode
功能描述
Decode and inspect X.509 SSL/TLS certificates. Use when the user asks to read a certificate, parse a PEM file, check certificate expiry, inspect a TLS cert,...
使用说明 (SKILL.md)

Cert Decode

Parse and display human-readable details from X.509 PEM certificates using openssl.

Input

  • PEM certificate content (text starting with -----BEGIN CERTIFICATE-----) pasted directly, OR
  • Path to a .pem or .crt file, OR
  • Hostname to fetch the live certificate from (e.g., example.com)

Output

  • Subject (CN, O, OU, C)
  • Issuer (CA name, organization)
  • Validity: Not Before / Not After (expiry date)
  • Serial number
  • Subject Alternative Names (SANs)
  • Public key algorithm and size
  • Signature algorithm
  • Whether the cert is expired or expiring soon

Instructions

  1. Determine input type: pasted PEM text, file path, or hostname.

  2. From pasted PEM text: Write the PEM content to a temp file, then:

    echo "PEM_CONTENT" | openssl x509 -text -noout

    Or use process substitution if available.

  3. From a file path:

    openssl x509 -text -noout -in /path/to/cert.pem

  4. From a live hostname (port 443):

    echo | openssl s_client -connect HOSTNAME:443 -servername HOSTNAME 2>/dev/null | openssl x509 -text -noout

  5. Extract and present key fields from the openssl x509 -text output in a clean, readable format:

    • Subject: parse Subject: line
    • Issuer: parse Issuer: line
    • Valid From: parse Not Before:
    • Valid Until: parse Not After :
    • Serial: parse Serial Number:
    • SANs: parse X509v3 Subject Alternative Name: block for all DNS: and IP Address: entries
    • Key: parse Public Key Algorithm: and key size (e.g., RSA Public-Key: (2048 bit))
    • Signature Algorithm: parse Signature Algorithm:

  6. Calculate whether the certificate is:

    • Already expired (Not After is in the past)
    • Expiring within 30 days (warn the user)
    • Valid (show days remaining)

  7. If openssl is not found, tell the user:

    "This skill requires openssl. Install with: brew install openssl (macOS) or sudo apt install openssl (Linux)."

Examples

From file: Command: openssl x509 -text -noout -in /etc/ssl/cert.pem

From hostname: Command: echo | openssl s_client -connect github.com:443 -servername github.com 2>/dev/null | openssl x509 -text -noout

Sample parsed output:

Subject:    CN=github.com, O=GitHub, Inc., C=US
Issuer:     CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1, O=DigiCert Inc, C=US
Valid From: 2024-03-07
Valid Until: 2025-03-06  ⚠ Expires in 14 days
Serial:     0a:bc:12:...
SANs:       github.com, www.github.com
Key:        EC 256-bit (prime256v1)
Signature:  ecdsa-with-SHA384

Error Handling

  • openssl not found → tell user to install it
  • Input is not valid PEM → openssl will error with unable to load certificate; tell user the input does not appear to be a valid PEM certificate
  • Hostname unreachable → openssl s_client will fail; report connection error and suggest checking the hostname or network
  • DER format instead of PEM → tell user to convert first with: openssl x509 -inform DER -in cert.der -out cert.pem
  • Certificate chain (multiple certs) → only the first cert is parsed; inform user if they need a specific cert from the chain
安全使用建议
This skill runs local openssl commands and may open an outbound TLS connection to a hostname you provide to fetch a live cert. It does not request credentials or persist configuration. Before using it: (1) do not paste or provide private keys—only certificate (public) material; (2) be aware that providing a hostname causes a network connection to that host on port 443; (3) ensure openssl is installed from your OS package manager (brew/apt) if you follow the install hint; and (4) review the SKILL.md if you want to confirm exactly which commands will run locally.
功能分析
Type: OpenClaw Skill Name: cert-decode Version: 1.0.0 The skill is a straightforward utility for decoding X.509 certificates using the system's `openssl` binary. The instructions in `SKILL.md` correctly describe how to parse PEM data from strings, files, or remote hostnames (via `s_client`) and extract standard fields like Subject, Issuer, and Expiry. No evidence of malicious intent, data exfiltration, or prompt injection was found.
能力评估
Purpose & Capability
Name/description (decoding X.509 certs) match the declared requirement of the openssl binary and the SKILL.md instructions; no unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions only describe writing/passing certificate text, reading a user-specified certificate file, or fetching a cert from a hostname via openssl s_client; they do not direct reading other system files, other env vars, or sending data to unexpected external endpoints. They do advise connecting to target hostnames on port 443, which is expected for live-certificate fetching.
Install Mechanism
No install spec (instruction-only). This is low risk; the SKILL.md merely instructs the user how to install openssl via standard package managers if missing.
Credentials
No credentials or environment variables are requested; the skill only needs the openssl binary and optional access to user-provided certificate files or hostnames—proportionate to its functionality.
Persistence & Privilege
always:false and no special privileges or persistent system modifications are requested. The skill does not attempt to modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cert-decode
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cert-decode 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of cert-decode: Decode and inspect X.509 SSL/TLS certificates using openssl. - Accepts PEM content, file path, or hostname as input. - Parses and presents key certificate details (subject, issuer, validity, serial, SANs, key, signature algorithm). - Checks certificate expiry status; warns about expiration or shows days remaining. - Handles errors for missing openssl, invalid input, unsupported formats, connection issues, and certificate chains. - Clear instructions and example commands included.
元数据
Slug cert-decode
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Cert Decode 是什么?

Decode and inspect X.509 SSL/TLS certificates. Use when the user asks to read a certificate, parse a PEM file, check certificate expiry, inspect a TLS cert,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 140 次。

如何安装 Cert Decode?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cert-decode」即可一键安装,无需额外配置。

Cert Decode 是免费的吗?

是的,Cert Decode 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Cert Decode 支持哪些平台?

Cert Decode 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cert Decode?

由 Omar Hernandez(@ohernandez-dev-blossom)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论