Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

$pwd:

password-reset

Name: Password Reset
Author: colonelpanic8

// Use when the user wants to reset or rotate a website or service password end-to-end, including finding the right `pass` entry, generating a new password with `xkcdpassgen`, retrieving reset emails through `gws gmail` or a local mail CLI, completing the reset in the browser with Chrome DevTools MCP, and updating the password store safely without losing entry metadata.

In Manus ausführen

$ git log --oneline --stat

stars:215

forks:21

updated:15. April 2026 um 19:39

Datei-Explorer

2 Dateien

SKILL.md

readonly

name	password-reset
description	Use when the user wants to reset or rotate a website or service password end-to-end, including finding the right `pass` entry, generating a new password with `xkcdpassgen`, retrieving reset emails through `gws gmail` or a local mail CLI, completing the reset in the browser with Chrome DevTools MCP, and updating the password store safely without losing entry metadata.

Password Reset

Overview

Handle password resets end-to-end. Prefer gws gmail for reset-email retrieval, Chrome DevTools MCP for website interaction, and the local xkcdpassgen helper for password generation.

Tool Priorities

Prefer gws gmail over opening Gmail in the browser.
If gws is unavailable, use an installed Gmail CLI or IMAP-based mail tool if one exists locally. Inspect the environment first instead of guessing command names.
Prefer Chrome DevTools MCP for all browser interaction.
Use pass find and pass show before asking the user for credentials or account details.

Password Generation

The local password generator is xkcdpassgen, defined in dotfiles/lib/functions/xkcdpassgen and available in shell as an autoloaded function.

xkcdpassgen <pass-entry-name>

Behavior:

Generates xkcdpass -n 3 | tr -d ' ' as the base password.
Appends one uppercase letter, one digit, and one symbol by default.
Supports:
- -U to omit uppercase
- -N to omit number
- -S to omit symbol
  
  Do not substitute a different password generator ungless the user explicitly asks.

Safe `pass` Update Pattern

xkcdpassgen writes directly to the pass entry it is given. Do not run it against the canonical entry before the reset succeeds, because:

it would overwrite the current password immediately
it would replace any extra metadata lines in a multiline pass entry

Use this pattern instead:

entry="service/example"
tmp_entry="${entry}-password-reset-tmp"

existing_contents="$(pass show "$entry" 2>/dev/null || true)"
metadata="$(printf '%s\n' "$existing_contents" | tail -n +2)"

xkcdpassgen "$tmp_entry"
new_password="$(pass show "$tmp_entry" | head -1)"

# ... use $new_password in the reset flow ...

if [ -n "$metadata" ]; then
  printf '%s\n%s\n' "$new_password" "$metadata" | pass insert -m -f "$entry"
else
  printf '%s\n' "$new_password" | pass insert -m -f "$entry"
fi

pass rm -f "$tmp_entry"

If the site rejects the password because of policy constraints, keep the canonical entry unchanged, delete or reuse the temp entry, and generate another candidate with different flags only if needed.

Reset Workflow

Identify the account and canonical pass entry.
Run pass find <service> and inspect likely matches with pass show.
Capture existing metadata before generating a new password.
Generate the candidate password into a temporary pass entry with xkcdpassgen.
Start the reset flow in Chrome DevTools MCP:
- navigate to the login or account page
- use the site's "forgot password" flow, or
- sign in and navigate to security settings if the user asked for a rotation rather than a reset
Use gws gmail to retrieve the reset email when needed:
- search recent mail by sender domain, subject, or reset-related keywords
- open the message and extract the reset link
- navigate to that link in Chrome DevTools MCP
Fill the new password from the temporary pass entry and complete the form.
Verify success:
- confirmation page, or
- successful login with the new password
Promote the temp password into the canonical pass entry while preserving metadata, then remove the temp entry.

Email Guidance

Prefer gws gmail for reset-email handling. Typical pattern:

list recent messages with gws gmail users messages list --params '{"userId":"me","q":"from:service.example newer_than:7d"}'
bias toward reset keywords such as reset, password, security, verify, or signin
read shortlisted messages with gws gmail users messages get --params '{"userId":"me","id":"MESSAGE_ID","format":"full"}' rather than browsing Gmail manually

If gws is unavailable, use an installed Gmail CLI or local mail helper only as a fallback. Keep that discovery lightweight and local to the current environment.

Browser Guidance

Use Chrome DevTools MCP to complete the reset flow directly:

navigate to the reset or security page
take snapshots to identify the relevant inputs and buttons
click, fill, and submit through the site UI
verify the success state before updating the canonical pass entry

Prefer MCP interaction over describing steps for the user to perform manually.

Credentials And Account Data

Search pass before asking the user for usernames, recovery emails, or OTP-related entries.
Preserve existing metadata lines in multiline pass entries whenever possible.
Never print the new password in the final response unless the user explicitly asks for it.

Failure Handling

If account discovery is ambiguous, ask a short clarifying question only after checking pass.
If the reset email does not arrive, search spam or alternate senders before giving up.
If login or reset requires another secret that is not in pass, then ask the user.
If the reset flow fails after temp-password generation, leave the canonical entry untouched.

related-skills.json

gleiches Repository

bump-overlay-versions.md

from "colonelpanic8/dotfiles"

Use when user asks to bump, update, or upgrade claude-code or codex versions in overlay.nix, or when checking if newer versions are available

2026-05-30215

disk-space-cleanup.md

from "colonelpanic8/dotfiles"

Investigate and safely reclaim disk space on this machine, especially on NixOS systems with heavy Nix, Rust/Haskell, Docker, and Podman usage. Use when disk is low, builds fail with no-space errors, /nix/store appears unexpectedly large, or the user asks for easy cleanup wins without deleting important data.

2026-05-30215

taffybar-nixos-flake-chain.md

from "colonelpanic8/dotfiles"

Use when doing NixOS rebuilds involving taffybar, or when flake.lock updates are needed after changing taffybar ecosystem packages. Also use when debugging stale taffybar versions after `just switch`.

2026-05-11215

email-unsubscribe-check.md

from "colonelpanic8/dotfiles"

Use when user wants to find promotional or unwanted recurring emails to unsubscribe from, or when doing periodic inbox hygiene to identify senders worth unsubscribing from

2026-04-25215

nixpkgs-review.md

from "colonelpanic8/dotfiles"

Review or prepare nixpkgs package changes and PRs using a checklist distilled from review feedback on Ivan Malison's own NixOS/nixpkgs pull requests. Use when working in nixpkgs on package inits, updates, packaging fixes, or before opening or reviewing a nixpkgs PR.

2026-03-27215

org-agenda-api-production.md

from "colonelpanic8/dotfiles"

Use when investigating production org-agenda-api state, testing endpoints, or debugging production issues

2026-02-18215

package.json

"author": "colonelpanic8"

"repository": "colonelpanic8/dotfiles"

GitHub-Repository öffnen Creator-Repositorys ansehen

$ install --global

$ download --local

In Manus ausführen

$ useful --forSOC

InformationssicherheitsanalystenInformatik- und Mathematikberufe15-1212L4

name	password-reset
description	Use when the user wants to reset or rotate a website or service password end-to-end, including finding the right `pass` entry, generating a new password with `xkcdpassgen`, retrieving reset emails through `gws gmail` or a local mail CLI, completing the reset in the browser with Chrome DevTools MCP, and updating the password store safely without losing entry metadata.

Password Reset

Overview

Handle password resets end-to-end. Prefer gws gmail for reset-email retrieval, Chrome DevTools MCP for website interaction, and the local xkcdpassgen helper for password generation.

Tool Priorities

Prefer gws gmail over opening Gmail in the browser.
If gws is unavailable, use an installed Gmail CLI or IMAP-based mail tool if one exists locally. Inspect the environment first instead of guessing command names.
Prefer Chrome DevTools MCP for all browser interaction.
Use pass find and pass show before asking the user for credentials or account details.

Password Generation

The local password generator is xkcdpassgen, defined in dotfiles/lib/functions/xkcdpassgen and available in shell as an autoloaded function.

xkcdpassgen <pass-entry-name>

Behavior:

Generates xkcdpass -n 3 | tr -d ' ' as the base password.
Appends one uppercase letter, one digit, and one symbol by default.
Supports:
- -U to omit uppercase
- -N to omit number
- -S to omit symbol
  
  Do not substitute a different password generator ungless the user explicitly asks.

Safe `pass` Update Pattern

xkcdpassgen writes directly to the pass entry it is given. Do not run it against the canonical entry before the reset succeeds, because:

it would overwrite the current password immediately
it would replace any extra metadata lines in a multiline pass entry

Use this pattern instead:

entry="service/example"
tmp_entry="${entry}-password-reset-tmp"

existing_contents="$(pass show "$entry" 2>/dev/null || true)"
metadata="$(printf '%s\n' "$existing_contents" | tail -n +2)"

xkcdpassgen "$tmp_entry"
new_password="$(pass show "$tmp_entry" | head -1)"

# ... use $new_password in the reset flow ...

if [ -n "$metadata" ]; then
  printf '%s\n%s\n' "$new_password" "$metadata" | pass insert -m -f "$entry"
else
  printf '%s\n' "$new_password" | pass insert -m -f "$entry"
fi

pass rm -f "$tmp_entry"

If the site rejects the password because of policy constraints, keep the canonical entry unchanged, delete or reuse the temp entry, and generate another candidate with different flags only if needed.

Reset Workflow

Identify the account and canonical pass entry.
Run pass find <service> and inspect likely matches with pass show.
Capture existing metadata before generating a new password.
Generate the candidate password into a temporary pass entry with xkcdpassgen.
Start the reset flow in Chrome DevTools MCP:
- navigate to the login or account page
- use the site's "forgot password" flow, or
- sign in and navigate to security settings if the user asked for a rotation rather than a reset
Use gws gmail to retrieve the reset email when needed:
- search recent mail by sender domain, subject, or reset-related keywords
- open the message and extract the reset link
- navigate to that link in Chrome DevTools MCP
Fill the new password from the temporary pass entry and complete the form.
Verify success:
- confirmation page, or
- successful login with the new password
Promote the temp password into the canonical pass entry while preserving metadata, then remove the temp entry.

Email Guidance

Prefer gws gmail for reset-email handling. Typical pattern:

list recent messages with gws gmail users messages list --params '{"userId":"me","q":"from:service.example newer_than:7d"}'
bias toward reset keywords such as reset, password, security, verify, or signin
read shortlisted messages with gws gmail users messages get --params '{"userId":"me","id":"MESSAGE_ID","format":"full"}' rather than browsing Gmail manually

If gws is unavailable, use an installed Gmail CLI or local mail helper only as a fallback. Keep that discovery lightweight and local to the current environment.

Browser Guidance

Use Chrome DevTools MCP to complete the reset flow directly:

navigate to the reset or security page
take snapshots to identify the relevant inputs and buttons
click, fill, and submit through the site UI
verify the success state before updating the canonical pass entry

Prefer MCP interaction over describing steps for the user to perform manually.

Credentials And Account Data

Search pass before asking the user for usernames, recovery emails, or OTP-related entries.
Preserve existing metadata lines in multiline pass entries whenever possible.
Never print the new password in the final response unless the user explicitly asks for it.

Failure Handling

If account discovery is ambiguous, ask a short clarifying question only after checking pass.
If the reset email does not arrive, search spam or alternate senders before giving up.
If login or reset requires another secret that is not in pass, then ask the user.
If the reset flow fails after temp-password generation, leave the canonical entry untouched.

password-reset

Password Reset

Overview

Tool Priorities

Password Generation

Safe pass Update Pattern

Reset Workflow

Email Guidance

Browser Guidance

Credentials And Account Data

Failure Handling

Mehr aus diesem Repository

Password Reset

Overview

Tool Priorities

Password Generation

Safe pass Update Pattern

Reset Workflow

Email Guidance

Browser Guidance

Credentials And Account Data

Failure Handling

Mehr aus diesem Repository

Safe `pass` Update Pattern

Safe `pass` Update Pattern