ClawHub

Secret Encrypt

v2.0.1

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Secret Encrypt concepts, best practices, and implementation patte...

0· 98·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a documentation/reference tool for 'Secret Encrypt' and the provided files (SKILL.md + a shell script that prints reference text) match that purpose. There are no unexpected env vars, binaries, or cloud credentials requested.
Instruction Scope
SKILL.md explicitly states no external API calls or credentials. The runtime script only emits heredoc help/reference text and does not read files, call network endpoints, or access environment variables. Minor issues: the script's VERSION variable (2.0.0) differs from registry version (2.0.1), and the help heredoc is single-quoted so the $VERSION variable will not expand as likely intended — these are usability bugs, not security issues.
Install Mechanism
No install spec (instruction-only with an included helper script). Nothing is downloaded or written to disk by an installer; risk from the install mechanism is low. The included script would be executed locally if the agent runs it.
Credentials
No required environment variables, credentials, or config paths are declared or accessed. The script does not read or require secrets. Requested privileges are proportional to a documentation/reference tool.
Persistence & Privilege
always:false and default model-invocation are appropriate. The skill does not attempt to modify other skills or system-wide settings. No persistent presence or elevated privileges are requested.
Assessment
This skill appears to be a simple local reference/CLI that prints documentation — it does not ask for credentials or perform network calls. If you plan to install or run it, you can: (1) inspect the script (scripts/script.sh) yourself (already provided) to confirm no unexpected commands; (2) run it in a restricted/sandboxed environment if you have any doubt; and (3) be aware of minor non-security issues (version mismatch and help text variable quoting) that affect usability but not safety. If you need guarantees, verify the upstream GitHub repo and release provenance before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk976c9b3j5t0hk0h27gmv9k9p183ghqm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments