password-manager Security Report — Low Risk | ClawSafe

10 /100

password-manager

本地密码管理器，用于存储、查询、修改和删除账号密码

A legitimate local password manager using Fernet encryption with no malicious behavior detected - all functionality is declared and implemented correctly.

Skill Namepassword-manager

Duration29.2s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Findings 2 items

Severity	Finding	Location
Low	Unpinned dependency version Supply Chain The cryptography package has no version constraint in the documentation. While not a direct vulnerability, it could lead to unexpected behavior with future breaking changes. `pip install cryptography` → Consider pinning to a specific version: pip install cryptography>=41.0.0	`SKILL.md:158`
Low	Minor code structure anomaly Doc Mismatch The list_tags function definition appears to be accidentally duplicated inside the batch_delete function body, which could indicate a copy-paste error during development. `def list_tags(): (appears inside batch_delete)` → Remove the duplicate function definition inside batch_delete and ensure clean code structure	`password_manager.py:330`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	Uses filesystem:WRITE for password storage files (~/.openclaw/workspace/password…
Network	`NONE`	`NONE`	—	No network requests found in code
Shell	`NONE`	`NONE`	—	No subprocess or shell command execution
Environment	`NONE`	`NONE`	—	Does not access os.environ
Skill Invoke	`NONE`	`NONE`	—	No skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

1 findings

📧

Info Email 邮箱地址

[email protected]

SKILL.md:55

File Tree

2 files · 31.0 KB · 977 lines

Python 1f · 719L Markdown 1f · 258L

├─ 🔑 password_manager.py ⚠ Python 719L · 24.2 KB

└─ 📝 SKILL.md Markdown 258L · 6.8 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`cryptography`	`*`	pip	No	Version not pinned - consider adding minimum version constraint

Security Positives

✓ Uses Fernet encryption for password storage - industry standard symmetric encryption

✓ Encryption key stored with 600 permissions (read/write for owner only)

✓ Atomic file writes prevent race conditions

✓ No network requests - all data stays local

✓ No credential theft - doesn't iterate environment variables for sensitive keys

✓ No obfuscation - code is readable and well-structured

✓ No sensitive path access (no ~/.ssh, ~/.aws, .env access)

✓ CSV export creates files locally without network transmission

✓ Clear documentation matching actual implementation

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives