← 返回 Skills 市场

Passwordstore Broker

Name: Passwordstore Broker
Author: bieggerm

作者 Marius · GitHub ↗ · v1.1.1

cross-platform ✓ 安全检测通过

750

总下载

当前安装

版本数

在 OpenClaw 中安装

/install passwordstore-broker

功能描述

Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environm...

安全使用建议

This skill appears coherent and implements a local/LAN one-time intake flow that stores secrets into your pass store and injects them into commands without putting secret values in chat. Before installing, verify you are comfortable with: (1) installing and using pass/gpg on the host; (2) the fact that the skill runs a temporary local HTTPS server (ensure you run it on trusted networks and do not expose the intake URL in public channels); (3) storing the TOTP enrollment secret in ~/.passwordstore-broker/totp.secret and treating that file as sensitive (the project warns not to transmit it); and (4) any commands executed via run_with_secret.sh will run with the secret available to that process (so ensure those commands are trusted). If you need higher assurance, review the full get_password_from_user.py contents (it runs the local HTTPS server, LAN autodetection, and TOTP checks) and test in an isolated environment first.

功能分析

Type: OpenClaw Skill Name: passwordstore-broker Version: 1.1.1 The skill bundle is designed for secure secret handling, acting as a broker between an AI agent and a `pass` password store. All scripts (`run_with_secret.sh`, `vault.sh`, `get_password_from_user.py`, `setup_totp_enrollment.py`) demonstrate strong security practices, including robust input sanitization, safe subprocess execution (e.g., passing secrets via stdin, using `--` for `pass` commands, `exec env` for environment injection), and strict network access controls (e.g., `get_password_from_user.py` explicitly checks for private IPs and restricts access to local or private networks). The `SKILL.md` and `references/SETUP.md` documentation includes explicit guardrails for the AI agent, instructing it never to leak secrets or expose sensitive information. There is no evidence of intentional malicious behavior, data exfiltration, or unauthorized actions; instead, the code actively implements measures to prevent such risks.

能力评估

✓ Purpose & Capability

Name/description claim collecting secrets and storing in pass; included scripts implement TOTP enrollment, a local HTTPS intake form, pass-backed vault operations, and an env-injection wrapper. Declared binary dependencies (pass, gpg, openssl, python3, qrencode) match the implementation.

✓ Instruction Scope

SKILL.md explicitly restricts behavior to local/LAN intake, TOTP validation, storing/retrieving secrets via scripts/vault.sh, and executing commands via run_with_secret.sh. The runtime instructions do not request unrelated files, external endpoints, or unrelated credentials. They do require the agent to present the generated local/LAN URL to the user (expected for the one-time intake flow).

✓ Install Mechanism

No install spec; this is an instruction-first skill with bundled scripts. Nothing is downloaded from external URLs and no archives are extracted. Risk from install-time network downloads is therefore minimal.

✓ Credentials

The skill requests no environment variables or external credentials. It relies on locally-installed tools (pass/gpg) rather than asking for tokens. The number and type of required tools are proportionate to the stated functionality.

✓ Persistence & Privilege

always is false and the skill does not request elevated or system-wide privileges. It writes only into its own directory under the user's home (e.g., ~/.passwordstore-broker) and uses the user's pass store; it does not modify other skills or global agent configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install passwordstore-broker
安装完成后，直接呼叫该 Skill 的名称或使用 /passwordstore-broker 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.1

- Added a metadata section describing compatibility requirements: pass, gpg, openssl, python3, qrencode, and local HTTPS network access. - No other changes to workflow or logic.

v1.1.0

- Added LAN mode option (--access lan) to scripts/get_password_from_user.py for secret collection on private networks. - Updated documentation to describe LAN mode usage, including requirement for users to submit both secret values and TOTP codes via the web form. - No changes to the overall workflow or core guardrails; local and LAN secret intakes are now both supported.

v1.0.3

passwordstore-broker 1.0.3 - Tightened TOTP setup: now requires both `~/.passwordstore-broker/totp.secret` and `~/.passwordstore-broker/setup_completed_at.txt` before LAN-mode intake. - Made TOTP secret rotation stricter: agents must never rotate or retransmit `totp.secret`; only manual user rotation is permitted. - Improved initial enrollment flow by recording and trusting `setup_completed_at` timestamp. - No code changes; documentation update only.

v1.0.2

- Added TOTP (Time-based One-Time Password) enrollment support for LAN-based secret intake; setup is required before first LAN use. - Introduced a new setup script: scripts/setup_totp_enrollment.py for TOTP provisioning. - Updated intake workflow: LAN mode now supports secret submission from other devices with TOTP validation. - Expanded SKILL.md protocol: includes preflight checks for TOTP, LAN mode details, and revised security guardrails.

v1.0.1

- Updates intake process to restrict all secret submissions strictly to localhost; network/remote intake is no longer allowed. - Adds explicit guardrails in documentation to prohibit exposing the intake form on public or network interfaces. - Clarifies that intake URL must remain localhost-only, removing previous guidance on using tunnels or host/IP overrides.

v1.0.0

Initial release enforcing safe secret handling for agent workflows: - Prevents users from pasting raw secrets (passwords, API keys) into chat. - Brokers secret collection via browser link through `scripts/get_password_from_user` and stores using `pass` via `scripts/vault.sh`. - Injects secrets into tool commands via environment variables with `scripts/run_with_secret`; secrets never enter chat, context, or logs. - Defines workflow steps, naming rules, and operational guardrails to prevent secret leakage. - Provides instructions for secret management, injection, and rotation.

元数据

Slug passwordstore-broker

版本 1.1.1

许可证 —

累计安装 0

当前安装数 0

历史版本数 6

常见问题

Passwordstore Broker 是什么？

Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environm... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 750 次。

如何安装 Passwordstore Broker？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install passwordstore-broker」即可一键安装，无需额外配置。

Passwordstore Broker 是免费的吗？

是的，Passwordstore Broker 完全免费（开源免费），可自由下载、安装和使用。

Passwordstore Broker 支持哪些平台？

Passwordstore Broker 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Passwordstore Broker？

由 Marius（@bieggerm）开发并维护，当前版本 v1.1.1。