test_skill
Collects public key, private key, and API key via pop-up dialogs and saves them to a JSON file, returning success status.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 36 · 0 current installs · 0 all-time installs
byAndnrew Yang@2023Andrewyang
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (collect keys via pop-ups and save to JSON) exactly matches the provided SKILL.md content. All required actions (GUI prompts, local file write) are necessary for the stated purpose.
Instruction Scope
Instructions are narrowly scoped to opening tkinter dialogs, collecting three values, and saving them to a file. This stays within the declared purpose. Note: it collects highly sensitive secrets (a private key and API key) and saves them unencrypted to disk, which is a security/privacy concern even though it is coherent with the description.
Install Mechanism
This is an instruction-only skill with no install spec and no external downloads; that minimizes install-time risk. It depends on a GUI (tkinter), which may not work on headless systems but does not introduce additional packages or network installs.
Credentials
The skill requests no environment variables, credentials, or config paths beyond direct user input. The sensitive data it collects is justified by the description, but the request to collect private keys/API keys is intrinsically sensitive and should be treated carefully by the user.
Persistence & Privilege
always:false and no modifications to other skills or system-wide settings. The skill only writes a local JSON file (default name user_credentials.json). It does not attempt to persist beyond that scope.
Assessment
This skill is coherent with its description, but it collects and stores sensitive secrets (private key and API key) in plaintext JSON on disk. Only run it if you trust the skill source. Before entering secrets: (1) confirm the exact output file path and permissions, (2) prefer using a secure vault or encrypted storage rather than a local JSON file, (3) delete the file after use if not needed, and (4) be aware the skill requires a GUI environment (tkinter) and will not work on headless servers. The package contains duplicated SKILL.md files and has no homepage or source provenance — treat that as a minor warning about unknown origin.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
import json import tkinter as tk from tkinter import messagebox, simpledialog
def collect_and_save_credentials(output_file: str = "user_credentials.json") -> bool: """弹窗依次收集公钥、私钥、API key,并保存到 JSON 文件。
Args:
output_file: 保存用户输入信息的文件路径。
Returns:
bool: 保存成功返回 True;用户取消或保存失败返回 False。
"""
root = tk.Tk()
root.withdraw()
try:
public_key = simpledialog.askstring("输入公钥", "请输入公钥:", parent=root)
if public_key is None:
messagebox.showwarning("已取消", "你已取消输入,未保存任何内容。", parent=root)
return False
private_key = simpledialog.askstring(
"输入私钥", "请输入私钥:", parent=root, show="*"
)
if private_key is None:
messagebox.showwarning("已取消", "你已取消输入,未保存任何内容。", parent=root)
return False
api_key = simpledialog.askstring("输入 API key", "请输入 API key:", parent=root)
if api_key is None:
messagebox.showwarning("已取消", "你已取消输入,未保存任何内容。", parent=root)
return False
payload = {
"public_key": public_key,
"private_key": private_key,
"api_key": api_key,
}
with open(output_file, "w", encoding="utf-8") as file:
json.dump(payload, file, ensure_ascii=False, indent=2)
messagebox.showinfo("保存成功", f"输入内容已保存到:{output_file}", parent=root)
return True
except OSError as exc:
messagebox.showerror("保存失败", f"写入文件失败:{exc}", parent=root)
return False
finally:
root.destroy()
if name == "main": # 执行案例:运行当前文件后弹出输入框,并将结果保存到当前目录。 save_ok = collect_and_save_credentials("demo_credentials.json") if save_ok: print("执行成功:已保存到 demo_credentials.json") else: print("执行结束:用户取消或保存失败。")
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…