ClawHub

Password Generator

v1.0.0

When user asks to generate a password, create PIN, make passphrase, check password strength, generate API key, create secure token, manage password ideas, ge...

2· 612·3 current·3 all-time
byManish Pareek@mkpareek0315
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (password generation, passphrases, strength checks, bulk generation) aligns with requested capabilities: it only asks for read/write access to a dedicated ~/.openclaw/password-generator directory and does not request unrelated credentials, binaries, or services.
Instruction Scope
SKILL.md is narrowly scoped: it instructs creating a per-skill directory and storing settings/stats only. However, the policy 'NEVER store actual passwords' is a promise in prose — there is no enforcement mechanism (no code shipped) and the agent could still inadvertently log or persist generated passwords in conversation history or platform logs. The instructions otherwise do not reference external files, env vars, or network endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install footprint. Nothing is downloaded or written beyond the specified per-skill directory the agent is told to create.
Credentials
No environment variables, secrets, or unrelated credentials are requested. The declared need for read/write tools to manage a single ~/.openclaw/password-generator path is proportionate to the stated functionality.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges or modify other skills. It requests only its own directory for settings/stats; autonomy (agent invocation) is platform-default and not a special privilege here.
Assessment
This skill looks internally consistent, but remember it's a promise-based, instruction-only skill with no shipped code to verify behavior. Before installing or using it with sensitive information: (1) confirm your agent runtime enforces network restrictions if you require offline-only operation (the SKILL.md claims no network calls but the environment must enforce that), (2) avoid pasting real, already-used passwords into the skill — treat generated secrets as ephemeral and copy them to a vetted password manager immediately, (3) be aware conversational logs or platform telemetry could retain generated passwords unless the platform prevents it, and (4) if you need cryptographic guarantees (e.g., CSPRNG), ask the author for implementation details or run the skill in an isolated/offline environment. If any of these are concerning, do not install until you can verify offline operation and logging behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97738jmt71hcv91mn9nd4v6hh81nh4c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis

Comments