Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
password-manager
v1.0.0本地密码管理技能,支持添加、编辑、删除、搜索密码,支持分类管理、备注添加,数据存储在本地,支持导入导出和备份。当用户提到密码、账号、密码管理、保存密码、查找密码时使用此技能。
⭐ 0· 74·0 current·0 all-time
bylining@liningg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and provided code align with a local password manager (adding/editing/searching, local JSON storage). However the SKILL.md/README claim encrypted storage in examples (data structure shows "encrypted_password") while the included password_manager.py stores the password field directly (no encryption). SKILL.md and README also list several supporting scripts (password_analyzer.py, backup_manager.py, import_export.py, security_checker.py, duplicate_detector.py) that are referenced but not present in the file manifest; this mismatch suggests the package is incomplete or documentation is inaccurate.
Instruction Scope
Runtime instructions are focused on local password management and reference the local default path (~/.workbuddy/data/passwords.json). They do not instruct network exfiltration or access to unrelated secrets. However the instructions/documentation present functionality (encryption, extra analyzer/backup modules) that the shipped code does not implement, granting the skill broader implied capabilities than are actually present and creating risk if users assume encryption exists. The SKILL.md also instructs the agent to trigger on any user mention of '密码/账号' — expected, but be aware this means the skill may be invoked frequently when dealing with sensitive data.
Install Mechanism
No install spec; this is an instruction+script bundle. Nothing is downloaded from external URLs and no installers are run, reducing supply-chain risk. The files are static and local.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond writing to a subdirectory of the user's home (~/.workbuddy/data). These permissions are proportionate for a local password manager. Note: writing plaintext password data and automated backups to the user's filesystem is still a sensitive privilege.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill writes its own data and backups under ~/.workbuddy/data and creates backup files in ~/.workbuddy/data/backups; it does not request system-wide config changes or modify other skills. Persistent file writes are expected for this functionality but should be considered sensitive because they store passwords locally (and currently in plaintext).
What to consider before installing
Do not trust this skill with real passwords until the issues below are addressed: 1) Code audit: the included password_manager.py stores the "password" field directly in JSON (no encryption). SKILL.md/README sometimes show "encrypted_password" — confirm whether encryption is implemented and, if missing, require the author to add well-known encryption (e.g., user-supplied master password-derived key, OS keystore integration) before using. 2) Missing files: the documentation references multiple helper modules that are not present; ask the author for the complete package or a clear list of implemented features. 3) Backups: the skill auto-creates backup files in ~/.workbuddy/data/backups; ensure backups are stored encrypted or in a secure location. 4) Testing: run the code in an isolated environment, inspect saved JSON contents, and verify there is no network activity. 5) Alternatives: consider established, audited password managers or require encryption tied to a master secret before storing sensitive accounts. If you decide to proceed temporarily, only store non-critical/test accounts and keep manual encrypted backups elsewhere.Like a lobster shell, security has layers — review code before you run it.
latestvk97czryh7wdt9wcy6rp66dthr583h3pg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.