← 返回 Skills 市场
ivangdavila

Encryption

作者 Iván · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1194
总下载
2
收藏
14
当前安装
1
版本数
在 OpenClaw 中安装
/install encryption
功能描述
Encrypt files, secure passwords, manage keys, and audit code for cryptographic best practices.
使用说明 (SKILL.md)

When to Use

  • Encrypting files, database fields, or app storage
  • Password hashing (bcrypt, argon2)
  • Key management, rotation, derivation
  • TLS/certificate configuration
  • Auditing code for crypto mistakes
  • Mobile secure storage (Keychain, Keystore)

Algorithm Selection

Purpose Use Avoid
Passwords argon2id, bcrypt (cost≥12) MD5, SHA1, plain SHA256
Symmetric AES-256-GCM, ChaCha20-Poly1305 AES-ECB, DES, RC4
Asymmetric RSA-4096+OAEP, Ed25519, P-256 RSA-1024, PKCS#1 v1.5
Key derivation PBKDF2 (≥600k), scrypt, argon2 Single-pass hash
JWT signing RS256, ES256 HS256 with weak secret
TLS 1.2+ only TLS 1.0/1.1, SSLv3

Critical Rules

  1. Never reuse IVs/nonces — AES-GCM + repeated nonce = catastrophic
  2. Use authenticated encryption (AEAD) — Plain CBC enables padding oracles
  3. Hash passwords, don't encrypt — Hashing is one-way
  4. No hardcoded keys — Use env vars, KMS, or Vault
  5. No Math.random() for crypto — Use CSPRNG only
  6. Constant-time comparisons — Prevent timing attacks on secrets
  7. Separate keys by purpose — Encryption ≠ signing ≠ backup

File Encryption (CLI)

# age (modern, simple)
age -p -o file.age file.txt
age -d -o file.txt file.age

# GPG
gpg -c --cipher-algo AES256 file.txt

Platform-Specific

See patterns.md for code snippets:

  • Password hashing (Node, Python, Go)
  • Envelope encryption with KMS
  • JWT with RS256 key rotation
  • Secure token generation

See mobile.md for:

  • iOS Keychain wrapper
  • Android EncryptedSharedPreferences
  • SQLCipher setup
  • Biometric auth integration
  • Certificate pinning

See infra.md for:

  • TLS certificate auto-renewal
  • HashiCorp Vault policies
  • mTLS between services
  • Backup encryption verification

Audit Checklist

  • No plaintext passwords in DB/logs/env
  • No secrets in git history
  • No hardcoded keys in source
  • No Math.random() for security
  • No deprecated algorithms (MD5, SHA1, DES)
  • No disabled cert validation
  • IVs/nonces never reused
  • PBKDF2 iterations ≥600k / bcrypt cost ≥12
  • TLS 1.2+ enforced, old protocols disabled
  • Key rotation procedure documented
安全使用建议
This skill is a collection of encryption patterns and operational scripts that are consistent with its stated purpose, but it instructs actions that require sensitive credentials and access (AWS, Vault, Postgres, Kubernetes, etc.) while declaring none. Before installing or running any examples: 1) Review and run examples in an isolated/test environment (not production). 2) Provide least-privilege credentials (short-lived tokens/roles) for any cloud/Vault/DB access. 3) Avoid copying example commands verbatim that construct or echo secrets into shell history or logs (use parameterized APIs or environment-only injection). 4) Inspect and adapt scripts that perform uploads (aws s3 cp), DB changes (psql ALTER USER), or Vault writes so they do not leak secrets to logs or remote services. 5) If you want to allow autonomous agent invocation, consider the agent's access scope carefully—do not grant broad cloud or kube credentials to an agent that can call these steps automatically.
功能分析
Type: OpenClaw Skill Name: encryption Version: 1.0.0 The skill bundle provides comprehensive documentation and code examples for encryption best practices across various platforms and infrastructure. All code snippets and instructions, including those in SKILL.md, infra.md, mobile.md, and patterns.md, are aligned with the stated purpose of encrypting files, securing passwords, managing keys, and auditing cryptographic implementations. While some scripts utilize powerful system commands (e.g., `psql`, `vault`, `kubectl`, `aws s3 cp`, `openssl`, `nmap`, `curl`, `testssl.sh`), their usage is consistently for legitimate security, key management, or auditing functions, without any evidence of malicious intent such as unauthorized data exfiltration, persistence mechanisms, or prompt injection attempts to subvert the agent's operation. For example, `aws s3 cp` is used to upload encrypted backups to a generic `s3://backups-encrypted/` bucket, which is a standard and benign operation.
能力评估
Purpose & Capability
The name and description match the included materials: encryption patterns, mobile Keychain/Keystore, Vault/KMS usage, and audit checklists. The examples legitimately reference tools and services commonly used for encryption (age, gpg, aws KMS, HashiCorp Vault, SQLCipher, psql, kubectl). Nothing in the content appears intended for a different purpose.
Instruction Scope
SKILL.md and included files instruct running commands that access network services, system configuration, and cloud storage (aws s3 cp, vault kv put/get, psql, kubectl, certbot, openssl, nmap, curl). Those operations can read or transmit sensitive data. The skill does not declare or document the credentials or environment configuration required to run those commands, and some examples embed or echo secrets (e.g., building SQL with a shell variable). This grants broad discretion to an agent following the instructions and could lead to unintended data access or transmission if invoked without care.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing will be written to disk by an installer. This is the lowest-risk installation model.
Credentials
The skill metadata lists no required environment variables or credentials, but the documentation uses AWS CLI, AWS KMS, Vault, Postgres, and kubectl—all of which require credentials or access (AWS keys/roles, Vault token/agent, DB user/password, kube credentials). The lack of declared required secrets is inconsistent with the runtime actions it describes and increases the chance the user will run the examples with improperly scoped credentials or accidentally expose secrets.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills/configs. Autonomous invocation is allowed (platform default) but is not combined with additional privileged settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install encryption
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /encryption 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug encryption
版本 1.0.0
许可证
累计安装 14
当前安装数 14
历史版本数 1
常见问题

Encryption 是什么?

Encrypt files, secure passwords, manage keys, and audit code for cryptographic best practices. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1194 次。

如何安装 Encryption?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install encryption」即可一键安装,无需额外配置。

Encryption 是免费的吗?

是的,Encryption 完全免费(开源免费),可自由下载、安装和使用。

Encryption 支持哪些平台?

Encryption 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Encryption?

由 Iván(@ivangdavila)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论