← 返回 Skills 市场
110
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install password-manager-pro
功能描述
本地密码管理技能,支持添加、编辑、删除、搜索密码,支持分类管理、备注添加,数据存储在本地,支持导入导出和备份。当用户提到密码、账号、密码管理、保存密码、查找密码时使用此技能。
安全使用建议
Do not trust this skill with real passwords until the issues below are addressed: 1) Code audit: the included password_manager.py stores the "password" field directly in JSON (no encryption). SKILL.md/README sometimes show "encrypted_password" — confirm whether encryption is implemented and, if missing, require the author to add well-known encryption (e.g., user-supplied master password-derived key, OS keystore integration) before using. 2) Missing files: the documentation references multiple helper modules that are not present; ask the author for the complete package or a clear list of implemented features. 3) Backups: the skill auto-creates backup files in ~/.workbuddy/data/backups; ensure backups are stored encrypted or in a secure location. 4) Testing: run the code in an isolated environment, inspect saved JSON contents, and verify there is no network activity. 5) Alternatives: consider established, audited password managers or require encryption tied to a master secret before storing sensitive accounts. If you decide to proceed temporarily, only store non-critical/test accounts and keep manual encrypted backups elsewhere.
功能分析
Type: OpenClaw Skill
Name: password-manager-pro
Version: 1.0.0
The skill bundle implements a password manager that stores all user credentials in plain text in a predictable local file (~/.workbuddy/data/passwords.json). While the documentation in SKILL.md and README.md explicitly acknowledges the lack of encryption, this design represents a critical security vulnerability that facilitates credential theft by any local process. No evidence of intentional data exfiltration or hidden backdoors was found in the provided code (scripts/password_manager.py and scripts/password_generator.py), but the high-risk nature of the data handled combined with the absence of basic security controls warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description and provided code align with a local password manager (adding/editing/searching, local JSON storage). However the SKILL.md/README claim encrypted storage in examples (data structure shows "encrypted_password") while the included password_manager.py stores the password field directly (no encryption). SKILL.md and README also list several supporting scripts (password_analyzer.py, backup_manager.py, import_export.py, security_checker.py, duplicate_detector.py) that are referenced but not present in the file manifest; this mismatch suggests the package is incomplete or documentation is inaccurate.
Instruction Scope
Runtime instructions are focused on local password management and reference the local default path (~/.workbuddy/data/passwords.json). They do not instruct network exfiltration or access to unrelated secrets. However the instructions/documentation present functionality (encryption, extra analyzer/backup modules) that the shipped code does not implement, granting the skill broader implied capabilities than are actually present and creating risk if users assume encryption exists. The SKILL.md also instructs the agent to trigger on any user mention of '密码/账号' — expected, but be aware this means the skill may be invoked frequently when dealing with sensitive data.
Install Mechanism
No install spec; this is an instruction+script bundle. Nothing is downloaded from external URLs and no installers are run, reducing supply-chain risk. The files are static and local.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond writing to a subdirectory of the user's home (~/.workbuddy/data). These permissions are proportionate for a local password manager. Note: writing plaintext password data and automated backups to the user's filesystem is still a sensitive privilege.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill writes its own data and backups under ~/.workbuddy/data and creates backup files in ~/.workbuddy/data/backups; it does not request system-wide config changes or modify other skills. Persistent file writes are expected for this functionality but should be considered sensitive because they store passwords locally (and currently in plaintext).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install password-manager-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/password-manager-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Major overhaul: Password-manager skill migrated from an advanced English local password manager with encryption and CLI tooling to a Chinese-focused, plaintext, local password recording tool.
- Added comprehensive Chinese documentation detailing core features, user scenarios, data structure, and usage recommendations.
- Changed storage model: passwords are now stored unencrypted by default, with a warning to use system encryption if needed.
- Replaced previous JS/Node-based code with new Python scripts: `password_manager.py` and `password_generator.py`.
- Removed extensive prior configuration, encryption, audit, and OpenClaw integration files and features.
- Added new guides, data schema, and resource directory for reference and best practices.
元数据
常见问题
password-manager 是什么?
本地密码管理技能,支持添加、编辑、删除、搜索密码,支持分类管理、备注添加,数据存储在本地,支持导入导出和备份。当用户提到密码、账号、密码管理、保存密码、查找密码时使用此技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 password-manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install password-manager-pro」即可一键安装,无需额外配置。
password-manager 是免费的吗?
是的,password-manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
password-manager 支持哪些平台?
password-manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 password-manager?
由 lining(@liningg)开发并维护,当前版本 v1.0.0。
推荐 Skills