Generate secure random strings, passwords, and cryptographic tokens using OpenSSL. Use when creating passwords, API keys, secrets, or any secure random data.
Security Analysis
high confidenceThe skill's instructions match its stated purpose (generating random secrets with OpenSSL) and it is instruction-only, but the metadata omits required binaries and there are a few practical/security caveats in the commands.
The name, description, and SKILL.md all describe generating secure random strings with OpenSSL — that is coherent. However, the skill metadata declares no required binaries even though the instructions explicitly call external utilities (openssl, tr, head, xxd, od). The metadata should list these as required binaries so callers know runtime dependencies.
The SKILL.md is narrowly scoped to running openssl rand and small text transformations; it does not request files, environment secrets, or external network calls. Caveats: piping through 'tr -dc' to restrict character sets can reduce or bias entropy and may produce shorter outputs (requiring loops to reach intended length). The PIN-generation pipeline is complex and depends on several utilities; it may behave unpredictably across platforms.
There is no install spec and no code files (instruction-only), so nothing is written to disk by the skill itself. This is the lowest-risk install posture.
The skill requests no environment variables or credentials, which is appropriate for its purpose (local random generation).
The skill is not always-enabled and does not request persistent privileges or modify other skills/configuration. Agent autonomous invocation is allowed (platform default) but not combined with other risky requests.
Guidance
This skill is coherent for generating random data, but review these points before installing: 1) Metadata omission: the SKILL.md runs external programs (openssl, tr, head, xxd, od); the skill should declare required binaries so you know the agent must have them on PATH. 2) Entropy caution: filtering base64 with 'tr -dc' or truncating output can reduce or bias entropy and may yield shorter strings than expected — prefer deterministic methods (e.g., openssl rand -hex for raw key material) and verify lengths. 3) Portability: some pipelines (xxd, od) may behave differently on non-Linux platforms. 4) Safety: the skill runs local commands but does not exfiltrate data; nevertheless ensure your agent runs in a secure environment and that any generated secrets are handled/stored securely. If you plan to use these commands programmatically (in services or client code), consider using a vetted cryptography library in your runtime language rather than shelling out to openssl plus filters.
Latest Release
v1.0.0
Initial release of the openssl skill for secure random data generation. - Provides commands to generate passwords, API keys, tokens, and secrets with OpenSSL. - Includes examples for different character sets and output lengths. - Offers guidance on common use cases and best practices for cryptographic security. - Details how to adjust output character sets and explains output sizing for base64 and hex.
More by @Asleep123
Published by @Asleep123 on ClawHub
