Star0

Skill audit report

Extract Otp Secrets audit report.

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.

REVIEWED · REVIEWSafe to tryGenerated Jun 17, 2026Heuristic metadata audit
94
Audit
93
Trust
100
Quality
86
Security
100
Maintain
92
Install

OpenAgentSkill Trust Score

93
Production candidate

Stars, maintenance, license, docs, install safety, permission surface, and installability.

The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.

GitHub adoption

PASS

86

1.6K GitHub stars

Stars/forks activity

INFO

77

1.6K stars, 157 forks; issue activity unavailable in current metadata

Recent maintenance

PASS

100

1d since push

License clarity

PASS

86

GPL-3.0

README/SKILL.md completeness

PASS

90

Metadata includes enough usage and workflow context

Dependency/runtime risk

PASS

90

no major dependency risk hints in public metadata

Install availability

PASS

92

npx skills add scito/extract_otp_secrets

Install command safety

PASS

92

standard package or runtime install path

Permission surface

WARN

60

secrets or environment access, filesystem or document access

Repository evidence

PASS

86

https://github.com/scito/extract_otp_secrets

Review status

PASS

88

AI review data available

Checks

Install and adoption review

9 passed · 5 review

Install path

92

PASS

npx skills add scito/extract_otp_secrets

Repository

88

PASS

https://github.com/scito/extract_otp_secrets

License

86

PASS

GPL-3.0

Maintenance

100

PASS

1d since push

AI review

88

PASS

Approved with no listed issues

README/SKILL.md completeness

90

PASS

Usable description available

Dependency risk

90

PASS

no major dependency risk hints in public metadata

Install command safety

92

PASS

standard package or runtime install path

Permission surface

60

CHECK

secrets or environment access, filesystem or document access

Stars/forks activity

77

CHECK

1.6K stars, 157 forks; issue activity unavailable in current metadata

Adoption

88

PASS

1.6K GitHub stars

Warnings

  • Permission surface may require sandboxing
  • Permission surface needs review: secrets or environment access, filesystem or document access
  • Permission surface: secrets or environment access, filesystem or document access

Method

This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.

Compare nearby options

Related skills to audit next

D3

Bring data to life with SVG, Canvas and HTML. :bar_chart::chart_with_upwards_trend::tada:

113K stars · Audit report

Grafana

The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.

74K stars · Audit report

Superset

Apache Superset is a Data Visualization and Data Exploration Platform

73K stars · Audit report