Password Generator
v1.1.0生成随机安全密码。长度12-16位随机(默认),包含大小写字母、数字、符号。当用户要求生成密码、创建密码、随机密码时使用此技能。
⭐ 0· 505·6 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the included script: the skill generates random passwords with the stated character classes and length. Minor mismatch: SKILL.md says save to 'memory/passwords.md' (relative), but the script writes to an absolute path '/root/.openclaw/workspace/memory/passwords.md'. That may be incorrect or cause failures on non-root systems.
Instruction Scope
SKILL.md instructs running scripts/generate_password.py and saving to memory/passwords.md. The script does this but also prints the generated password to stdout and unconditionally appends the plaintext password to a file under an absolute root path. Printing to logs and appending plaintext passwords to disk are broader/sensitive actions beyond merely generating a password and create clear privacy/security risks. The script does not offer an opt-out for saving, nor does it choose a per-user safe path.
Install Mechanism
Instruction-only skill with a small Python script and no install spec. Nothing is downloaded or installed by the skill itself.
Credentials
No credentials or environment variables are requested (good), but the script writes secrets to a hardcoded location under /root and prints them to stdout. While no external credentials are requested, the choice to store plaintext passwords in a world-accessible location (and under root) is disproportionate and risky for a simple generator.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. However, it writes persistent data to disk (appending passwords to a file). That persistence is normal for 'save password' behavior but should be considered a sensitive side-effect because the file contains plaintext secrets.
What to consider before installing
This skill generates passwords as advertised, but I recommend caution before installing or using it as-is:
- The script uses Python's random module (not cryptographically secure). Prefer the 'secrets' module (secrets.choice or secrets.token_urlsafe) for generating passwords.
- It prints the password to stdout (may end up in logs) and always appends the password in plaintext to '/root/.openclaw/workspace/memory/passwords.md'. That path is hardcoded and may not exist or may expose secrets to other users/processes. Consider changing to a per-user secure location and setting restrictive file permissions (e.g., 600).
- The SKILL.md refers to 'memory/passwords.md' (relative), but the code writes to an absolute /root path — verify and correct the intended storage location.
- Consider adding an option to not save passwords, to encrypt stored entries, or to integrate with a secure password manager instead of writing plaintext files.
If you still want to use this skill: run it in an isolated environment, inspect and modify the script to use the 'secrets' module, change the save location to a secure per-user path, and restrict file permissions before generating real secrets. If you cannot review or edit the script yourself, avoid installing it because it currently exposes generated passwords in plaintext.Like a lobster shell, security has layers — review code before you run it.
latestvk977pnhvnm741rh14g3bxcfkg5820vv6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.