zipcracker
CTF-oriented ZIP cracking and recovery with the bundled ZipCracker engine. Use when Codex or OpenClaw needs to analyze or recover an encrypted ZIP in authorized contexts, including pseudo-encryption repair, default dictionary attacks, custom wordlists, mask attacks, short-plaintext CRC32 recovery, known-plaintext attacks, bkcrack workflows, template KPA, WinZip AES triage, or large-dictionary handling. Trigger on requests mentioning zip password, encrypted zip, ZIP challenge, 压缩包破解, ZIP 爆破, 伪加密, 掩码, 四位数字密码, 字典跑一下, 已知明文, 明文攻击, bkcrack, CRC32, AES ZIP, 看起来像 png/exe/pcapng/zip 模板, 这个压缩包打不开, or ClawHub/OpenClaw ZIP solving.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/asaotomo/zipcrackerZipCracker
Use this skill as a self-contained ZIP cracking package. Always prefer the bundled wrapper in scripts/openclaw_zipcracker.py over assuming the original repository still exists somewhere else.
Only use it for CTF, self-owned archives, or authorized security work. If the request sounds like unauthorized access to third-party data, refuse.
Quick Start
- Collect the minimum inputs before running anything:
- Target ZIP path.
- Whether the user already has a dictionary, a password pattern, a known plaintext file, a passwordless reference ZIP, or only a file signature guess.
- Whether the user wants the original ZIP password itself, or only wants extraction/recovery.
- Whether the archive is clearly ZIP-specific; do not force this skill onto
raror7z.
- In ambiguous cases, inspect first:
python3 <skill-dir>/scripts/openclaw_zipcracker.py --profile <zip>
Use the profile mode to surface pseudo-encryption, AES vs ZipCrypto mix, short-plaintext candidates, template KPA candidates, and recommended next commands.
- Run the bundled wrapper:
python3 <skill-dir>/scripts/openclaw_zipcracker.py <zip> ...
- Prefer the wrapper flags over ad-hoc environment variables:
--auto-crcfor short-plaintext CRC32 prompts.--auto-template-kpato let the bundled engine follow up on template-KPA suggestions automatically.--auto-large-maskonly when the user explicitly accepts a very large mask search.--skip-dict-countfor huge wordlists.--skip-orig-password-recoverywhen the user only cares about extraction speed after abkcrack-based recovery.--allow-install-promptsonly when the user explicitly wants interactive dependency installation attempts.
- Keep the current working directory as the project directory that contains the target ZIP. The bundled engine resolves its own built-in dictionary relative to the skill, so custom relative paths for the target, plaintext, or dictionary still behave naturally.
Decision Tree
1. Start with the least-assumption path
When the user only says "crack this ZIP" or "analyze this archive", inspect first, then begin with the default flow:
python3 <skill-dir>/scripts/openclaw_zipcracker.py --profile <zip>
Then:
python3 <skill-dir>/scripts/openclaw_zipcracker.py --auto-template-kpa <zip>
This preserves the original ZipCracker mindset:
- Try pseudo-encryption repair before brute force.
- Warn about AES and missing
pyzipper. - Use the built-in dictionary first.
- Fall back to the generated 1-6 digit numeric dictionary.
- Offer template-based KPA when the archive structure strongly suggests it.
Add --auto-crc only when short-plaintext recovery is likely relevant or when the user explicitly asks to try CRC32-style recovery.
2. Choose the main attack based on the best clue
- If the user has a custom dictionary file or dictionary directory:
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-asaotomo-zipcracker": {
"enabled": true,
"auto_update": true
}
}
}