janjaszczak/keepass
skills/keepass/SKILL.md
KeePassXC cursor.kdbx — natywny keyring per OS, keepass-db.path bez fallbacków, agent instaluje brakujące narzędzia.
data-ai
Updated Jun 5, 2026
$ install --global
skillsauthnpx skillsauth add janjaszczak/cursor keepassInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 5, 2026, 7:01 AM30.2s1 file scanned
SKILL.md
- name:
- keepass
- description:
- KeePassXC cursor.kdbx — natywny keyring per OS, keepass-db.path bez fallbacków, agent instaluje brakujące narzędzia.
Skill: keepass
Wywołanie: /keepass
Baza cursor.kdbx (sync: OneDrive / Google Drive) + keyring = tylko hasło master. Wszystkie sekrety w KeePass — nie w repo / .env.
Zasady (agent)
- Natywny keyring danego OS — nie mieszaj mechanizmów między systemami.
- Brakuje narzędzia → doinstaluj (patrz tabela); przy
sudopoproś użytkownika. - Brak
~/.cursor/keepass-db.path→ poproś użytkownika o ścieżkę (jedna linia absolutna). Nie zgaduj ścieżek. - Nie loguj wartości sekretów.
Krok 1 — Ścieżka bazy
test -f ~/.cursor/keepass-db.path && head -1 ~/.cursor/keepass-db.path
test -f "$(grep -v '^#' ~/.cursor/keepass-db.path | head -1)"
Jeśli pliku brak lub pusty → stop i poproś:
Utwórz
~/.cursor/keepass-db.pathz jedną linią: absolutna ścieżka docursor.kdbx(OneDrive lub Google Drive). Wzór:keepass-db.path.example.
WSL: ten sam plik może być w ~/.cursor/ (Linux home) albo /mnt/c/Users/<user>/.cursor/keepass-db.path (Windows home) — skrypt sprawdza oba.
WSL + Cursor Remote: agent często czyta /home/<user>/.cursor, nie C:\Users\...\. Po zmianach na Windows uruchom:
wsl bash /mnt/c/Users/janja/.cursor/scripts/sync-keepass-to-wsl-home.sh
Opcjonalnie na sesję: export KEEPASS_DB_PATH="/pełna/ścieżka/cursor.kdbx".
Przykłady ścieżek (użytkownik wybiera jedną)
| Sync | Windows | WSL | Linux |
|------|---------|-----|-------|
| OneDrive | C:\Users\<u>\OneDrive\...\cursor.kdbx | /mnt/c/Users/<u>/OneDrive/.../cursor.kdbx | ~/OneDrive/.../cursor.kdbx |
| Google Drive | ...\Google Drive\My Drive\...\cursor.kdbx | /mnt/c/.../Google Drive/My Drive/... | ~/Google Drive/My Drive/... |
Krok 2 — Platforma i natywny keyring
| Gdzie agent pracuje | Natywny keyring | Skrypt odczytu | Setup (jednorazowo) |
|---------------------|-----------------|----------------|---------------------|
| Windows (PowerShell) | SecretStore KeePassXC-Cursor-DB | get-keepass-secret.ps1 | setup-keepass-keyring.ps1 |
| Linux / WSL (bash) | secret-tool (service=keepassxc, attribute=cursor-db) | get-keepass-secret.sh | setup-keepass-keyring-linux.sh |
WSL = Linux → używaj bash + secret-tool, nie powershell.exe / Windows SecretStore.
Brak narzędzia — agent instaluje
| OS | Pakiet / moduł | Komenda |
|----|----------------|---------|
| Linux / WSL | libsecret-tools, gnome-keyring, dbus-x11 | sudo apt install -y libsecret-tools gnome-keyring dbus-x11 |
| Linux / WSL | keepassxc-cli | sudo apt install -y keepassxc |
| Windows | Microsoft.PowerShell.SecretManagement, .SecretStore | Install-Module -Name Microsoft.PowerShell.SecretManagement -Scope CurrentUser (+ SecretStore) |
Skrypt bash: lib/keepass-platform.sh → keepass_ensure_secret_tool (próbuje sudo -n, inaczej prośba do użytkownika).
Krok 3 — Test
| OS | Komenda |
|----|---------|
| Linux / WSL | ~/.cursor/scripts/test-keepass-read.sh |
| Windows | .\get-keepass-secret.ps1 "hosts/euk-sl01/janja" "Password" (bez echo hasła w logu) |
Oczekiwane: odczyt bez promptu. Jeśli błąd keyringa → KEEPASS_DB_PASSWORD='…' + odpowiedni setup-*.
Krok 4 — Sekrety
# Linux / WSL
~/.cursor/scripts/get-keepass-secret.sh "EurekaCloud/poc/SL01/janja-sudo" "Password"
# Windows
.\get-keepass-secret.ps1 "EurekaCloud/poc/SL01/janja-sudo" "Password"
Check-before-add: keepassxc-cli search "$KEEPASS_DB_PATH" "term" → mkdir / add / edit.
Struktura wpisów
| Typ | Ścieżka |
|-----|---------|
| Host | hosts/<hostname>/<username> |
| Projekt | <project>/<env>/<title> |
| Eureka POC | EurekaCloud/poc/SL01/janja-sudo, .../paperclip-ceo-api-key, … |
Skrypty
| Skrypt | OS |
|--------|-----|
| lib/keepass-db-path.sh / .ps1 | rozwiązywanie ścieżki (wymagany plik) |
| lib/keepass-db-password.sh | Linux/WSL → secret-tool |
| lib/keepass-secretstore.ps1 | Windows → SecretStore |
| get-keepass-secret.sh | Linux / WSL |
| get-keepass-secret.ps1 | Windows |
| save-keepass-password-to-keyring.sh | Linux / WSL |
| save-keepass-password-to-keyring.ps1 | Windows |
| setup-keepass-keyring-linux.sh | Linux / WSL |
| setup-keepass-keyring.ps1 | Windows |
| add-host-entry.sh | nowy host (bash) |
| keepass_ops.py | get/add/update |
Runbook: ~/.cursor/doc/keepass.md
Architektura
- Keyring = tylko hasło master
cursor.kdbx - KeePass = wszystkie sekrety aplikacji
- Brak fallbacków ścieżki i brak plikowych kopii haseł w
~/.cursor
Related Skills
janjaszczak/vanilla-web
development
VerifiedTrustedCommunity
Build or modify plain HTML/CSS/JavaScript (no framework) using modular ES modules (ESM), SRP, minimal global state, and shippable runnable files with lightweight verification. Use for static pages, small UI widgets, vanilla JS refactors, and quick prototypes without React/Vue/Angular.
SKILL.mdUpdated May 5, 2026
janjaszczak/troubleshooting-rca
testing
VerifiedTrustedCommunity
Perform root-cause analysis for bugs/errors/regressions using logs, repro steps, and hypothesis testing. Use when the user reports “nie działa”, stack traces, failing tests, or regressions.
SKILL.mdUpdated May 5, 2026
janjaszczak/task-planning-shrimp
tools
VerifiedTrustedCommunity
Plan, split, and track multi-step work using Shrimp Task Manager MCP (or equivalent). Use for multi-file refactors, migrations, or any work that benefits from task tracking.
SKILL.mdUpdated May 5, 2026
janjaszczak/structured-delivery
testing
VerifiedTrustedCommunity
Provide structured outputs (plan/report/checklist/table) optimized for readability and reuse. Use when user requests a plan, report, checklist, template, or when high-risk requires explicit verification steps.
SKILL.mdUpdated May 5, 2026