← 返回 Skills 市场
SnapPwd Secure Secret Sharing
作者
fantaclaw-ai
· GitHub ↗
· v1.0.1
· MIT-0
259
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install snappwd-share
功能描述
Securely share secrets, API keys, files, and credentials with OpenClaw agents and team members via self-destructing links. Use when the user needs to share s...
安全使用建议
This skill appears to do what it says (create one-time encrypted links) and does not request unrelated credentials. Before using it: 1) Be cautious about what you share — avoid sharing long-term private keys or production secrets when possible; prefer generating temporary credentials or sharing only the minimal secret required. 2) If you must share private keys, rotate/revoke them immediately after use. 3) Verify the CLI package/source (github repo) before running npm install -g; installing global npm packages can be risky if the package is untrusted. 4) Confirm you are on the correct domain (https://snappwd.io) to avoid phishing, or consider self-hosting and pointing SNAPPWD_API_URL to your instance for sensitive uses. 5) Remember the URL fragment (the key after #) only lives in the client — do not paste the full URL into insecure logs; share the link only with verified recipients. If you want greater assurance about the implementation, ask the publisher for the CLI/service source repo and audit the npm package and server code before use.
功能分析
Type: OpenClaw Skill
Name: snappwd-share
Version: 1.0.1
The skill facilitates the sharing of highly sensitive information by providing instructions and scripts to upload files like private SSH keys (~/.ssh/id_rsa) and environment configurations (.env) to an external service (snappwd.io). While the documentation (security-model.md) describes a zero-knowledge encryption architecture, the explicit targeting of high-value system credentials in SKILL.md and cli-usage.md creates a high-risk path for data exfiltration. The bundle encourages the AI agent to handle and transmit secrets that should typically remain local, which could be exploited via prompt injection.
能力评估
Purpose & Capability
Name/description (secure, ephemeral secret sharing) match the provided materials: SKILL.md, CLI usage, security model, and the shell helper all point to using snappwd.io or @snappwd/cli. There are no unrelated environment variables, binaries, or install actions requested that would be incoherent with the stated purpose.
Instruction Scope
Instructions stay within the domain of creating and sharing ephemeral encrypted links. The docs and examples explicitly show sharing highly sensitive items (e.g., .env, SSH private keys) and instruct users to run CLI commands (snappwd put-file) that will read local files — that is expected for this tool but is high-risk behavior for users. The skill itself does not instruct the agent to read arbitrary system files or access other skills' configs.
Install Mechanism
This is an instruction-only skill with an included helper script; there is no install spec that downloads arbitrary code. The documented install method for the CLI is npm install -g @snappwd/cli (a standard public registry flow). That is proportionate for providing a CLI; users should however vet the npm package and its source before global installation.
Credentials
No required environment variables or primary credentials are declared. The references mention an optional SNAPPWD_API_URL for self-hosting, which is reasonable. No unrelated secrets or system config paths are requested by the skill itself. Example usage shows putting local files (e.g., ~/.ssh/id_rsa) — this is consistent with the service's purpose but increases user risk.
Persistence & Privilege
always is false and model invocation is normal. The skill does not request persistent elevated privileges, nor does it modify other skills or system-wide agent settings. The included script only invokes the snappwd CLI and prints the link.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install snappwd-share - 安装完成后,直接呼叫该 Skill 的名称或使用
/snappwd-share触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix: update display name
v1.0.0
- Initial release of snappwd-share skill.
- Securely share secrets, API keys, credentials, or files via self-destructing, end-to-end encrypted links.
- Supports both web interface and CLI for generating secure links.
- Designed for one-time, ephemeral sharing—no account or tracking required.
- Ideal for sharing sensitive information in chats, email, or messaging with OpenClaw agents or team members.
元数据
常见问题
SnapPwd Secure Secret Sharing 是什么?
Securely share secrets, API keys, files, and credentials with OpenClaw agents and team members via self-destructing links. Use when the user needs to share s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 259 次。
如何安装 SnapPwd Secure Secret Sharing?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install snappwd-share」即可一键安装,无需额外配置。
SnapPwd Secure Secret Sharing 是免费的吗?
是的,SnapPwd Secure Secret Sharing 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SnapPwd Secure Secret Sharing 支持哪些平台?
SnapPwd Secure Secret Sharing 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SnapPwd Secure Secret Sharing?
由 fantaclaw-ai(@fantaclaw-ai)开发并维护,当前版本 v1.0.1。
推荐 Skills