Local-Passwords-Manager

Key issues to consider before installing/using: - Path mismatch: SKILL.md commands reference scripts/password_manager.py but the included file is password_manager.py. Confirm the correct entrypoint before running. This mismatch could cause confusion or lead you to run an unintended script. - Likely runtime bugs: the source contains an apparent stray character and truncated code section (e.g., a stray 'i' in add_tag) which will cause Python syntax/runtime errors. The skill may not work as described until fixed. - Encryption fallback: if the cryptography package is missing, the code will store passwords in plaintext (it prints a warning). Make sure cryptography is installed and test that encryption/decryption works before trusting it with real secrets. - Data exposure: the CLI prints decrypted passwords to stdout. If an agent runs this skill autonomously, outputs may be logged or sent to other systems. Consider how outputs are handled and avoid automated exposure of plaintext secrets. - Local key handling: the symmetric key is stored in ~/.openclaw/workspace/.password_key with permissions set to 600 — this is expected for a simple local manager but store/backup policies are your responsibility. If an attacker can read that file they can decrypt all entries. Recommendations: 1) Do not import or store high-value secrets until the path mismatch and code errors are resolved. 2) Ask the publisher to fix the scripts path and any syntax/runtime bugs, and to implement/clarify clipboard/export behaviors. 3) Run the script in an isolated/test environment first, inspect the created files (~/.openclaw/workspace/passwords.json and .password_key), and verify that passwords are encrypted and decrypted correctly. 4) Review the full import/export implementation (CSV handling) to ensure it encrypts stored passwords on import. 5) If you need a production-grade password manager, prefer a well-audited, actively maintained solution.