← 返回 Skills 市场
theijssenp

Secure Communicator

作者 Pieter Theijssen · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
81
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install secure-communicator
功能描述
Secure communication using the Pieter Theijssen triple-layer XOR encryption algorithm. Use when encrypting or decrypting messages, files, or any sensitive da...
安全使用建议
This skill is a local Node.js script that implements a custom triple-XOR cipher. Before installing or using it: - Do not treat this as strong cryptography. XOR-based schemes are weak compared to standard primitives (AES-GCM, ChaCha20-Poly1305). The SKILL.md even warns it is not a substitute for professional crypto. Avoid using it for high-value secrets. - The package metadata lists 'openssl' as a required binary but the code never calls openssl — this is unnecessary and unexplained. Ask the author why openssl is required or remove that dependency. - The code has bugs: splitKey can produce an empty third key when key length is divisible by 3, which will cause a crash (modulo by zero). Test thoroughly and prefer a patched implementation before trusting it. - The script prints decrypted metadata to stderr, which can leak filenames and mime types; if that is sensitive, modify the script to avoid printing metadata or ensure stderr is not exposed. - There's leftover/simplified code paths and unused functions in the file (unused encrypt() earlier), suggesting the implementation is unfinished. Prefer a maintained, audited library or a minimal, clearly implemented tool. If you decide to proceed: run the tool only on non-sensitive test data first, review and fix the key-splitting bug, remove the spurious 'openssl' requirement, and consider migrating to well-reviewed cryptographic libraries for real secrecy needs.
功能分析
Type: OpenClaw Skill Name: secure-communicator Version: 1.0.1 The skill implements a custom 'Triple-layer XOR' encryption algorithm which is cryptographically weak and contains a logic error in the splitKey function within scripts/theijssen-cipher.js (the third key part is incorrectly sliced as key.slice(partSize * 3), resulting in an empty buffer). While there is no evidence of intentional malice, data exfiltration, or backdoors, the use of non-standard, flawed cryptography for 'sensitive data' is a significant security vulnerability. The implementation also includes unused or partially implemented stubs for encryption/decryption that do not match the primary CLI logic.
能力标签
crypto
能力评估
Purpose & Capability
Name/description match the included Node script, but the metadata requires 'openssl' even though the code only uses Node's crypto module; that's disproportionate and unexplained. The repository also contains a secondary unused 'encrypt' implementation and comments indicating incomplete behavior, suggesting the package is partially inconsistent with its stated design.
Instruction Scope
SKILL.md instructs the agent to run the included Node script with local key files and files/text — the instructions align with the CLI implemented. However the script prints decrypted metadata to stderr (console.error), which could leak filenames/mime-type info, and SKILL.md's recommendations (e.g., key exchange in person) are appropriate but insufficient given other issues.
Install Mechanism
This is an instruction-only skill with an included script and no install spec; nothing is downloaded or executed from external URLs during install, which is low-risk from an install perspective.
Credentials
No environment variables or credentials are requested — this is proportionate to a local encryption tool.
Persistence & Privilege
The skill does not request persistent/always-on privileges and retains no special platform privileges; autonomous invocation remains allowed (platform default) but is not combined with other high-risk factors.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install secure-communicator
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /secure-communicator 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Updated GitHub repo URL to theijssenp/encode_decode
v1.0.0
Initial release: Triple-layer XOR encryption based on Pieter Theijssen algorithm
元数据
Slug secure-communicator
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Secure Communicator 是什么?

Secure communication using the Pieter Theijssen triple-layer XOR encryption algorithm. Use when encrypting or decrypting messages, files, or any sensitive da... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。

如何安装 Secure Communicator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install secure-communicator」即可一键安装,无需额外配置。

Secure Communicator 是免费的吗?

是的,Secure Communicator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Secure Communicator 支持哪些平台?

Secure Communicator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Secure Communicator?

由 Pieter Theijssen(@theijssenp)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论