ClawHub

gopass

Store, retrieve, list, and manage secrets using gopass (the team password manager). Use when the user asks to save credentials, look up passwords, generate secrets, manage password entries, or interact with a gopass password store. Covers CRUD operations, secret generation, TOTP, recipients, mounting stores, and clipboard operations.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.4k · 0 current installs · 0 all-time installs
by@erdGeclaw
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md: it documents gopass CLI usage (CRUD, generate, TOTP, recipients, mounts, sync). Prerequisites (gopass binary, GPG key, initialized store) are appropriate for this purpose.
Instruction Scope
Instructions are limited to running gopass CLI commands (show, insert, generate, rm, sync, mounts, otp, etc.). These commands access local password stores, may copy secrets to clipboard, open $EDITOR, or run git sync operations — all expected for a password-manager helper but they do operate on sensitive local data and may push/pull to configured git remotes.
Install Mechanism
No install spec or code is provided (instruction-only). Nothing is downloaded or written by the skill itself — the agent will rely on an existing gopass/GPG installation.
Credentials
The skill declares no required env vars or credentials, which is appropriate. The documentation references $EDITOR and GOPASS_NO_NOTIFY and expects a GPG key and git remotes; those are legitimate runtime prerequisites but they are not requested as explicit credentials by the skill.
Persistence & Privilege
always:false and no install/auto-enable behavior. The skill can be invoked by the agent (normal), but it does not request persistent system-level privileges or modify other skills' configs.
Assessment
This skill appears coherent and does only what a gopass CLI helper should do, but it will cause the agent to run commands that access your local secrets. Before installing or allowing use: - Only use with agents you trust to run local commands. The agent will run gopass commands that read/write secrets and may copy them to the clipboard. Clipboard contents can be leaked or persisted by other software. - Be aware that gopass sync uses git: running sync may push/pull secrets to configured git remotes. Verify your gopass store's remote configuration. - The skill assumes you have gopass and GPG keys set up locally; it does not install them. Ensure those tools are installed and configured as you expect. - Piping secrets into commands or using non-interactive inserts can expose secrets in shell history or logs — prefer secure workflows. - The skill source is unknown; since it is instruction-only, review the SKILL.md content (already consistent) and exercise least privilege when granting agent execution rights. If you need broader assurance, require a vetted install spec or limit the agent's ability to run system commands that touch your credential stores.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk975cvp3vt5sag95sw5nj55q2x808f4a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

gopass Skill

gopass is a CLI password manager for teams, built on GPG and Git.

Prerequisites

  • gopass binary installed
  • GPG key available (gopass uses GPG for encryption)
  • Store initialized (gopass init or gopass setup)

Common Operations

List secrets

gopass ls
gopass ls -f          # flat list

Show a secret

gopass show path/to/secret           # full entry (password + metadata)
gopass show -o path/to/secret        # password only
gopass show -c path/to/secret        # copy to clipboard
gopass show path/to/secret key       # show specific field

Create / Update

gopass insert path/to/secret         # interactive
gopass edit path/to/secret           # open in $EDITOR
echo "mypassword" | gopass insert -f path/to/secret   # non-interactive

Add key-value metadata below the first line (password):

mysecretpassword
username: erdGecrawl
url: https://github.com
notes: Created 2026-01-31

Generate passwords

gopass generate path/to/secret 24           # 24-char password
gopass generate -s path/to/secret 32        # with symbols
gopass generate --xkcd path/to/secret 4     # passphrase (4 words)

Delete

gopass rm path/to/secret
gopass rm -r path/to/folder          # recursive

Move / Copy

gopass mv old/path new/path
gopass cp source/path dest/path

Search

gopass find github                   # search entry names
gopass grep "username"               # search entry contents

Store Management

Initialize

gopass setup                         # guided first-time setup
gopass init <gpg-id>                 # init with specific GPG key

Mount sub-stores

gopass mounts add work /path/to/work-store
gopass mounts remove work
gopass mounts                        # list mounts

Sync (git push/pull)

gopass sync

Recipients (team access)

gopass recipients                    # list
gopass recipients add <gpg-id>
gopass recipients remove <gpg-id>

TOTP

gopass otp path/to/secret            # show current TOTP code

Store TOTP URI as totp: otpauth://totp/... in the entry body.

Non-interactive Tips

  • Use echo "pw" | gopass insert -f path for scripted inserts
  • Use gopass show -o path for machine-readable password-only output
  • Use gopass show -f path to suppress warnings
  • Set GOPASS_NO_NOTIFY=true to suppress desktop notifications
  • Use gopass --yes to auto-confirm prompts

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…