Local Password Generator & Strength Check
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The artifacts show a simple local password generator and strength checker with no network or persistence, with the main caution that real passwords are handled through command-line input/output.
This appears safe for its stated local purpose. Before using it with real passwords, remember that command-line arguments and generated outputs may be visible in your terminal or agent history; use a trusted environment and avoid checking valuable existing account passwords when possible.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user checks a real account password, that password could be exposed to local command history, process listings, terminal logs, or agent transcripts depending on how the command is run, even though the code does not transmit it externally.
The password strength checker takes password material as a command-line argument. This is expected for the tool's purpose, but it means user-supplied secrets pass through the local command invocation environment.
parser.add_argument("password", help="Password to check")Use this in a trusted local environment. Prefer generating new unique passwords, and avoid typing valuable existing passwords into command-line arguments unless you are comfortable with local logging exposure.