Compass
Your personal Compass assistant. Track, analyze, and manage all your security needs from the command line.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 21 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and tags (encryption, protection, privacy, compliance) imply secure handling, encryption, and secret storage. The provided script primarily appends plain text entries to log files under ~/.local/share/compass and exposes export commands that write unencrypted files. There is no evidence in the visible code that sensitive data is encrypted, access-controlled, or protected — this is disproportionate to the advertised 'security' capabilities.
Instruction Scope
SKILL.md instructs CLI usage and local exports and states 'Works entirely offline — your data never leaves your machine', which is consistent with the script (no network calls observed). However, SKILL.md does not warn users that data is stored in plain text in the data directory, nor does it explain encryption or secure storage, despite advertising encryption-related functionality.
Install Mechanism
There is no install spec; the skill is instruction/code-only. That reduces installer risk because nothing is downloaded from external URLs during install. The only shipped code is a local shell script.
Credentials
The skill requests no special environment variables or credentials (good). It implicitly uses HOME to create ~/.local/share/compass and will create/append to files there. Given its advertised purpose (secret and security management), storing potentially sensitive inputs in plaintext under the user's home directory is disproportionate to the stated security/privacy purpose.
Persistence & Privilege
always:false and no indication the skill modifies other skills or system-wide configs. It only writes to its own data directory under the user's home; no elevated privileges or persistent platform-level privileges are requested.
What to consider before installing
This tool runs locally and does not appear to contact external servers, but it stores all inputs as plain text logs under ~/.local/share/compass. If you plan to store secrets (API keys, passwords, private keys), do NOT rely on this tool as a secure vault until you can confirm it encrypts data. Recommended actions before installing or using: 1) Inspect the full script (including the truncated portion) to confirm there are no network calls, telemetry, or hidden behavior. 2) Search the code for any crypto routines (sane use of a standard library or openssl) and validate they actually encrypt data at rest. 3) If you must use it, run it in a sandbox and avoid entering real secrets; consider pointing DATA_DIR to an encrypted filesystem or using a separate secure credential manager. 4) Ask the publisher for source verification, a homepage, and documentation proving encryption/compliance capabilities. Because of the mismatch between the advertised security features and the visible behavior, proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
Current versionv2.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Compass
Your personal Compass assistant. Track, analyze, and manage all your security needs from the command line.
Why Compass?
- Works entirely offline — your data never leaves your machine
- Simple command-line interface, no GUI needed
- Export to JSON, CSV, or plain text anytime
- Automatic history and activity logging
Getting Started
# See what you can do
compass help
# Check current status
compass status
# View your statistics
compass stats
Commands
| Command | What it does |
|---|---|
compass generate | Generate |
compass check-strength | Check Strength |
compass rotate | Rotate |
compass audit | Audit |
compass store | Store |
compass retrieve | Retrieve |
compass expire | Expire |
compass policy | Policy |
compass report | Report |
compass hash | Hash |
compass verify | Verify |
compass revoke | Revoke |
compass stats | Summary statistics |
compass export | <fmt> Export (json |
compass search | <term> Search entries |
compass recent | Recent activity |
compass status | Health check |
compass help | Show this help |
compass version | Show version |
compass $name: | $c entries |
compass Total: | $total entries |
compass Data | size: $(du -sh "$DATA_DIR" 2>/dev/null |
compass Version: | v2.0.0 |
compass Data | dir: $DATA_DIR |
compass Entries: | $(cat "$DATA_DIR"/*.log 2>/dev/null |
compass Disk: | $(du -sh "$DATA_DIR" 2>/dev/null |
compass Last: | $(tail -1 "$DATA_DIR/history.log" 2>/dev/null |
compass Status: | OK |
compass [Compass] | generate: $input |
compass Saved. | Total generate entries: $total |
compass [Compass] | check-strength: $input |
compass Saved. | Total check-strength entries: $total |
compass [Compass] | rotate: $input |
compass Saved. | Total rotate entries: $total |
compass [Compass] | audit: $input |
compass Saved. | Total audit entries: $total |
compass [Compass] | store: $input |
compass Saved. | Total store entries: $total |
compass [Compass] | retrieve: $input |
compass Saved. | Total retrieve entries: $total |
compass [Compass] | expire: $input |
compass Saved. | Total expire entries: $total |
compass [Compass] | policy: $input |
compass Saved. | Total policy entries: $total |
compass [Compass] | report: $input |
compass Saved. | Total report entries: $total |
compass [Compass] | hash: $input |
compass Saved. | Total hash entries: $total |
compass [Compass] | verify: $input |
compass Saved. | Total verify entries: $total |
compass [Compass] | revoke: $input |
compass Saved. | Total revoke entries: $total |
Data Storage
All data is stored locally at ~/.local/share/compass/. Each action is logged with timestamps. Use export to back up your data anytime.
Feedback
Found a bug or have a suggestion? Let us know: https://bytesagain.com/feedback/
Powered by BytesAgain | bytesagain.com | hello@bytesagain.com
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…