ClawHub

Secure Password Generator

v1.0.0

Generate cryptographically secure passwords, passphrases, and API keys. Supports multiple formats and entropy calculation.

0· 52·0 current·0 all-time
by@hostilespider
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script: the skill generates passwords, passphrases, API keys, pins, hex, and base64 values and correctly requires only python3. There are no unexpected binaries or credentials requested.
Instruction Scope
SKILL.md's runtime instructions are limited to running the included script (no external endpoints or file system traversal). However, the docs mention options (--clipboard, --entropy semantics) that don't fully match the script: --clipboard is documented but not implemented; entropy calculations and charset sizes in the code are approximate/incorrect (e.g., symbol charset size hard-coded as 26 in one place, apikey entropy calculation uses charset=16 while token_hex(32) produces 64 hex characters). These are implementation/documentation bugs rather than evidence of exfiltration or scope creep.
Install Mechanism
No install spec (instruction-only + included script). Nothing is downloaded or installed automatically, which is low risk.
Credentials
No environment variables, credentials, or config paths are requested. The script runs locally and does not require any secrets or cloud keys.
Persistence & Privilege
Skill is not always-enabled and does not request permanent presence or modify other skills or system-wide settings. It does not perform privileged actions.
Assessment
This skill runs locally using Python's secrets module and does not contact external services or request credentials — that's good. Before installing/using: (1) be aware the source is unknown and there's no homepage, so inspect the included script (you already have it). (2) The SKILL.md and the script have minor mismatches: --clipboard is documented but not implemented; entropy calculations in the script are approximate/inconsistent (check charset choices if you rely on the exact entropy values). (3) The default API-key prefix is "sk_" (common in some services for private keys); do not paste generated values into production services without understanding the context. If you plan to use this in sensitive contexts, run it locally, audit the code, and fix the documented/implementation discrepancies (symbol charset length, apikey entropy math, and either implement or remove the --clipboard feature).

Like a lobster shell, security has layers — review code before you run it.

latestvk975yzt32y2wtmzegcw2rza93x83t32p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔑 Clawdis
Binspython3

Comments