Complete guide for using pass, the standard Unix password manager. Use this skill whenever the user asks about pass, password-store, managing passwords from...
Security Analysis
high confidenceThis is a coherent, instruction-only user guide for the 'pass' password manager and its common workflows; it does not request unrelated credentials or install arbitrary code.
The name and description match the SKILL.md content: the document is a practical guide to installing, configuring, and using pass (including GPG and git workflows). All required actions (GPG key generation/import, initializing the store, git sync, pass-otp, pass-import) are expected for this purpose.
The instructions stay within the scope of managing a pass password store, but they include highly sensitive, high-impact operations (e.g., importing a private GPG key, initializing/pushing a git remote, running pass grep which decrypts entries). These are appropriate for a pass guide but are operations that will affect and potentially expose secrets if executed without care.
No install specification or remote downloads are present — the skill is instruction-only and only recommends installing packages via standard OS package managers or brew/pip, which is proportionate for this guide.
The skill requests no environment variables, credentials, or config paths. It references typical user artifacts (e.g., ~/.password-store, private-key.asc, git remotes, SSH keys) that are expected for using pass; it does not demand access to unrelated services or secrets.
The skill does not request persistent or elevated platform privileges (always is false). It's an on-demand guide and does not modify other skills or system-wide agent settings.
Guidance
This skill is essentially documentation and appears consistent with its purpose. Before running any of the commands shown: (1) review them line-by-line and understand their effects (especially git push, gpg --import, pass rm, and pass grep which decrypts data); (2) back up your store and private keys before making changes; (3) never paste your GPG private key or decrypted passwords into untrusted places; (4) ensure any remote repo you push to is private and you intend to host secrets there; and (5) if an automated agent attempts to execute these commands on your behalf, do not grant it access to your GPG private key or to the filesystem holding ~/.password-store unless you explicitly trust the agent and environment.
Latest Release
v1.0.0
Pass 1.0.0 — Initial Release - Complete beginner-to-advanced guide for the pass CLI, including installation, store setup, and daily usage. - Covers GPG key management, entry formats, and organizing secrets hierarchically. - Step-by-step instructions for inserting, generating, copying, searching, editing, moving, and removing passwords. - Detailed section on integrating pass with git for syncing and backup. - Usage and setup for popular extensions: pass-otp (TOTP), pass-import, and pass-update. - Environment variable reference and troubleshooting tips included.
More by @bastos
Published by @bastos on ClawHub
