Cn Password Generator V2
WarnAudited by ClawScan on May 14, 2026.
Overview
The skill does not show data theft or persistence, but it claims secure password generation while using a non-cryptographic random generator.
This skill appears simple and local, but its security claim is inaccurate. Avoid using its output for real passwords or tokens unless the code is fixed to use Python's `secrets` module.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Passwords or tokens generated by this skill may be weaker or more predictable than users expect, which could put accounts or API keys at risk if used in production.
The documentation tells users the skill uses cryptographic randomness and is suitable for passwords, API keys, and tokens, but the implementation uses Python's general-purpose random module, which is not appropriate for cryptographic secrets.
SKILL.md: "Uses Python's `secrets` module for cryptographic randomness"; scripts/pwd_gen_v2.py: "import argparse, json, sys, random, string" and "random.choice(chars)"
Do not use generated values for real passwords, API keys, or tokens until the script is changed to use `secrets.choice` or another cryptographically secure random source and the documentation matches the implementation.