← 返回 Skills 市场
ivangdavila

Publish Passwords

作者 Iván · GitHub ↗ · v1.1.0
linuxdarwinwin32 ✓ 安全检测通过
1180
总下载
2
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install passwords
功能描述
Local credential vault with OS keychain integration, encrypted storage, and session-based access control.
安全使用建议
This skill looks internally consistent for a local encrypted vault and uses reasonable primitives (age, OS keyrings). Before installing, verify: (1) you have 'age' from a trusted source; (2) the agent implementation will actually enforce the 'must not' rules (instructions here are not code); (3) network calls (k-anonymity/leak checks) go to trusted endpoints and you accept that they involve sending partial hashes off-device; (4) OS keychain permissions are understood (the agent will need access to store/retrieve session tokens); (5) recovery wording (BIP39) and TOTP options have the expected security tradeoffs — storing TOTP in the same vault reduces security. Consider testing with non-sensitive entries first and require explicit confirmation for any medium/high/critical accesses.
功能分析
Type: OpenClaw Skill Name: passwords Version: 1.1.0 The 'Passwords' skill bundle describes a robust, security-focused local credential vault. The `SKILL.md` details strong cryptographic practices (Argon2id, HKDF-SHA256, `age` encryption), secure handling of sensitive data (no command-line args, OS keychain integration, memory zeroing), and strict access control policies for the AI agent. Crucially, it includes an explicit 'What Agents Must Not Do' section, instructing the agent to avoid common insecure behaviors like logging credentials or auto-filling on domain mismatch, which actively mitigates prompt injection risks and demonstrates a strong intent for secure operation. There is no evidence of data exfiltration, malicious execution, persistence, or other harmful activities.
能力评估
Purpose & Capability
The skill describes a local credential vault with encrypted storage and OS keychain session tokens. Requiring the age binary for encryption is coherent. Minor mismatch: the registry name 'Publish Passwords' could be misleading compared to the described local vault functionality, but this is likely a naming issue rather than a capability mismatch.
Instruction Scope
SKILL.md is detailed and stays within vault behavior: key derivation, storage locations, session tokens in OS keystores, delivery methods, and access policies. It references using a k-anonymity API to check leaked passwords (network call) and instructs the agent to avoid logging secrets. These network checks and keychain access are expected for the stated purpose, but the policy rules (e.g., 'agents must not log credentials') are instructions only — they are not technically enforced by this skill because it has no code.
Install Mechanism
Instruction-only skill with no install spec; lowest installation risk. Requiring 'age' (a well-known encryption tool) is reasonable and proportionate for an encrypted vault.
Credentials
The skill requests no environment variables or external credentials. It requires access to the OS secure storage (Keychain/libsecret/Credential Manager) for session tokens, which is appropriate for a local vault. The suggested credential-delivery methods (env vars, stdin, secure IPC) are acceptable but require careful agent behavior to avoid leakage.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or other skills' configs. Agent autonomous invocation is allowed by default; the skill's policies restrict auto-access to low-sensitivity items, which is proportionate. Note: actual enforcement depends on the hosting agent honoring these instructions.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install passwords
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /passwords 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Rewritten for neutral tone, same functionality
v1.0.0
Initial release
元数据
Slug passwords
版本 1.1.0
许可证
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Publish Passwords 是什么?

Local credential vault with OS keychain integration, encrypted storage, and session-based access control. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1180 次。

如何安装 Publish Passwords?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install passwords」即可一键安装,无需额外配置。

Publish Passwords 是免费的吗?

是的,Publish Passwords 完全免费(开源免费),可自由下载、安装和使用。

Publish Passwords 支持哪些平台?

Publish Passwords 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 Publish Passwords?

由 Iván(@ivangdavila)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论