← 返回 Skills 市场
Htpasswd
作者
bytesagain-lab
· GitHub ↗
· v3.0.0
· MIT-0
341
总下载
0
收藏
1
当前安装
7
版本数
在 OpenClaw 中安装
/install htpasswd
功能描述
Generate htpasswd entries for Apache/Nginx basic auth password management. Use when creating credentials, managing password files, or verifying users.
使用说明 (SKILL.md)
HtPasswd
A real htpasswd file manager for Apache/Nginx HTTP basic authentication. Create password files, add/remove users, verify passwords, and list users. Supports apr1 (Apache MD5), SHA-256, and SHA-512 hash algorithms via openssl.
Commands
| Command | Description |
|---|---|
htpasswd create \x3Cfile> \x3Cuser> \x3Cpassword> |
Create a new htpasswd file with the first user (fails if file exists) |
htpasswd add \x3Cfile> \x3Cuser> \x3Cpassword> |
Add a user to an existing file (or update password if user exists) |
htpasswd delete \x3Cfile> \x3Cuser> |
Remove a user from the htpasswd file |
htpasswd verify \x3Cfile> \x3Cuser> \x3Cpassword> |
Verify a user's password (supports apr1, sha256, sha512, sha1, crypt) |
htpasswd list \x3Cfile> |
List all users with their hash algorithm type |
htpasswd version |
Show version |
htpasswd help |
Show available commands and usage |
Configuration
| Variable | Default | Description |
|---|---|---|
HTPASSWD_ALGO |
apr1 |
Hash algorithm: apr1, sha256, or sha512 |
Requirements
- Bash 4+ (
set -euo pipefail) openssl— for password hashing and verificationgrep,sed— standard text utilities- No external dependencies or API keys
When to Use
- Setting up basic auth —
htpasswd create /etc/nginx/.htpasswd admin secretto create a new file - Managing users —
htpasswd addto add users,htpasswd deleteto remove them - Password verification —
htpasswd verifyto check if a password is correct - Security audits —
htpasswd listshows all users and their hash types - Stronger hashing — Set
HTPASSWD_ALGO=sha512for SHA-512 instead of default apr1
Examples
# Create a new htpasswd file
htpasswd create /etc/nginx/.htpasswd admin MySecretPass
# Add another user
htpasswd add /etc/nginx/.htpasswd editor AnotherPass
# Use SHA-512 for stronger hashing
HTPASSWD_ALGO=sha512 htpasswd add /etc/nginx/.htpasswd secure_user StrongPass
# List all users
htpasswd list /etc/nginx/.htpasswd
# Verify a password
htpasswd verify /etc/nginx/.htpasswd admin MySecretPass
# Delete a user
htpasswd delete /etc/nginx/.htpasswd editor
Example Output
$ htpasswd create /tmp/.htpasswd admin secret123
┌──────────────────────────────────────────────────┐
│ htpasswd File Created │
├──────────────────────────────────────────────────┤
│ File: /tmp/.htpasswd │
│ User: admin │
│ Algo: apr1 │
│ Perms: 640 (owner rw, group r) │
├──────────────────────────────────────────────────┤
│ ✅ File created with 1 user │
└──────────────────────────────────────────────────┘
$ htpasswd list /tmp/.htpasswd
┌──────────────────────────────────────────────────┐
│ htpasswd Users │
├──────────────────────────────────────────────────┤
│ File: /tmp/.htpasswd │
│ Users: 2 │
├──────────────────────────────────────────────────┤
│ 1. admin [apr1 (MD5) ] │
│ 2. editor [sha512 ] │
└──────────────────────────────────────────────────┘
$ htpasswd verify /tmp/.htpasswd admin secret123
┌──────────────────────────────────────────────────┐
│ Password Verification │
├──────────────────────────────────────────────────┤
│ File: /tmp/.htpasswd │
│ User: admin │
│ Result: ✅ Password CORRECT │
└──────────────────────────────────────────────────┘
Security Notes
- Files are created with
640permissions (owner read/write, group read) - Default algorithm is
apr1(Apache MD5) — widely compatible - Use
HTPASSWD_ALGO=sha512for stronger hashing on modern systems - Usernames cannot contain
:or whitespace characters - Existing users get their password replaced when using
add
Powered by BytesAgain | bytesagain.com | [email protected]
安全使用建议
This skill appears to do exactly what it says: a local htpasswd manager implemented as a bash script. Before installing or running it, review the script (already included), test in a non-production directory, and ensure openssl is installed. Be aware it will create/modify files you point it at (e.g., /etc/nginx/.htpasswd) and may require root to write system locations. If you expect to accept arbitrary usernames, consider that the script does not fully escape usernames when using grep/sed — avoid unusual characters in usernames or improve escaping. Use HTPASSWD_ALGO=sha512 for stronger hashing if compatibility allows.
功能分析
Type: OpenClaw Skill
Name: htpasswd
Version: 3.0.0
The skill provides a utility for managing htpasswd files but contains several security vulnerabilities in scripts/script.sh. It lacks input sanitization for the 'user' variable, which is used directly in sed and grep commands, allowing for regex or delimiter injection. Additionally, passwords are handled as command-line arguments, exposing them in the system's process list, and are passed to openssl without protection against flag injection (e.g., if a password starts with a hyphen).
能力评估
Purpose & Capability
Name/description match the included code and instructions. The script implements create/add/delete/verify/list commands for htpasswd files and only requires standard utilities (openssl, grep, sed) that are appropriate for the stated task.
Instruction Scope
Instructions and the script operate on arbitrary filesystem paths (e.g., /etc/nginx/.htpasswd), create parent directories, and change file permissions — which is expected for an htpasswd manager. Minor robustness issue: usernames are inserted directly into grep/sed patterns without escaping, which can produce unexpected behavior for unusual usernames (special regex characters, delimiter collisions). This is a functional/robustness concern, not evidence of exfiltration.
Install Mechanism
No install spec; the skill is delivered as a standalone shell script and SKILL.md. Nothing is downloaded or written during an install step by the registry metadata.
Credentials
No environment variables or credentials are required (HTPASSWD_ALGO is optional). The declared dependencies (openssl, grep, sed) align with functionality and no unrelated secrets/config paths are requested.
Persistence & Privilege
Skill is not always-enabled and has normal autonomous invocation allowed. The script will write and modify files on disk (including system paths if used); running it with agent autonomy could modify system htpasswd files if the agent has filesystem permissions. This is expected but the user should be aware of the write capability.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install htpasswd - 安装完成后,直接呼叫该 Skill 的名称或使用
/htpasswd触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
v3.0.0: Real htpasswd manager.
v1.0.5
old template -> domain-specific v2.0.0
v1.0.4
old template -> domain-specific v2.0.0
v1.0.3
Quality upgrade
v1.0.2
Quality upgrade: custom functionality
v1.0.1
De-template, unique content, script cleanup
v1.0.0
Initial release
元数据
常见问题
Htpasswd 是什么?
Generate htpasswd entries for Apache/Nginx basic auth password management. Use when creating credentials, managing password files, or verifying users. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 341 次。
如何安装 Htpasswd?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install htpasswd」即可一键安装,无需额外配置。
Htpasswd 是免费的吗?
是的,Htpasswd 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Htpasswd 支持哪些平台?
Htpasswd 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Htpasswd?
由 bytesagain-lab(@bytesagain-lab)开发并维护,当前版本 v3.0.0。
推荐 Skills