ClawHub

Local Password Generator & Strength Check

v1.0.0

Generate secure random passwords and check password strength. Supports custom length and character types (uppercase, lowercase, numbers, symbols). Pure local...

0· 76·0 current·0 all-time
by@alone86136
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included files and runtime instructions. The two scripts implement generation and checking logic; no unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md instructs running the local Python scripts and explicitly states operations stay local. The scripts only read their CLI arguments and use standard library modules (secrets, string, math); they do not read system files, environment variables, or send data externally.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded or written by an installer. The runtime uses only Python standard library modules (no third-party packages).
Credentials
The skill declares no environment variables, credentials, or config paths and the code does not access any. No secret/material exfiltration mechanisms are present.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not modify agent configuration or other skills. It is user-invocable only.
Assessment
This skill appears to do exactly what it says: locally generate passwords and estimate strength. The code is small and uses only Python standard libraries. Notes: (1) check.py has a minor bug path where calculating entropy may return 0 instead of the expected tuple if no character categories are detected, which can cause a runtime error for empty input — this is a correctness issue, not malicious behavior. (2) Entropy and crack-time estimates are heuristic (assumes 10B guesses/sec and approximates symbol count); treat them as guidance, not absolute guarantees. (3) As with any password tool, avoid running it on shared or untrusted machines if you will type or generate real sensitive passwords there, and do not paste generated/checked secrets into untrusted channels. If you want extra assurance, review the two scripts locally or run them in an isolated environment before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbqj51mvxhr89zd92tf6f4s83g2cg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments