ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Htpasswd

v3.0.0

Generate htpasswd entries for Apache/Nginx basic auth password management. Use when creating credentials, managing password files, or verifying users.

0· 232·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and instructions. The script implements create/add/delete/verify/list commands for htpasswd files and only requires standard utilities (openssl, grep, sed) that are appropriate for the stated task.
Instruction Scope
Instructions and the script operate on arbitrary filesystem paths (e.g., /etc/nginx/.htpasswd), create parent directories, and change file permissions — which is expected for an htpasswd manager. Minor robustness issue: usernames are inserted directly into grep/sed patterns without escaping, which can produce unexpected behavior for unusual usernames (special regex characters, delimiter collisions). This is a functional/robustness concern, not evidence of exfiltration.
Install Mechanism
No install spec; the skill is delivered as a standalone shell script and SKILL.md. Nothing is downloaded or written during an install step by the registry metadata.
Credentials
No environment variables or credentials are required (HTPASSWD_ALGO is optional). The declared dependencies (openssl, grep, sed) align with functionality and no unrelated secrets/config paths are requested.
Persistence & Privilege
Skill is not always-enabled and has normal autonomous invocation allowed. The script will write and modify files on disk (including system paths if used); running it with agent autonomy could modify system htpasswd files if the agent has filesystem permissions. This is expected but the user should be aware of the write capability.
Assessment
This skill appears to do exactly what it says: a local htpasswd manager implemented as a bash script. Before installing or running it, review the script (already included), test in a non-production directory, and ensure openssl is installed. Be aware it will create/modify files you point it at (e.g., /etc/nginx/.htpasswd) and may require root to write system locations. If you expect to accept arbitrary usernames, consider that the script does not fully escape usernames when using grep/sed — avoid unusual characters in usernames or improve escaping. Use HTPASSWD_ALGO=sha512 for stronger hashing if compatibility allows.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxd66tvv1ymx8xywvprjjys837dqk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments