ClawHub

Redshift

v0.2.0

Manage application secrets with the Redshift CLI (https://redshiftapp.com) — decentralized, encrypted secret management built on Nostr. Use when setting, get...

0· 545·0 current·0 all-time
byAlan Colver@accolver
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (redshift), and declared optional env vars (REDSHIFT_NSEC, REDSHIFT_BUNKER, REDSHIFT_CONFIG_DIR) align with a Redshift CLI secret-management integration.
Instruction Scope
SKILL.md focuses on using the redshift CLI (setup, login, secrets get/set/upload/download, run, serve). It references reading/writing redshift.yaml and secrets files and warns about command-line secrecy and host binding. This is expected for a secret manager, but special caution is warranted around redshift run (it can inject secrets into arbitrary commands) — the skill correctly instructs to confirm commands with the user before executing.
Install Mechanism
Instruction-only skill with no install spec; requires the redshift binary to already be present. This is low risk and appropriate for a CLI wrapper skill.
Credentials
No required credentials are declared. The optional env vars the SKILL.md mentions (REDSHIFT_NSEC, REDSHIFT_BUNKER, REDSHIFT_CONFIG_DIR) are directly relevant to Redshift usage (CI auth and config). Nothing requests unrelated secrets or system credentials.
Persistence & Privilege
Skill is not always-enabled and uses normal model-invocation settings. It does not request elevated or persistent platform privileges and does not attempt to modify other skills or system-wide configs.
Assessment
This skill is coherent with the official Redshift CLI. Before installing: ensure the redshift binary on your system is the legitimate upstream release (don’t run an unknown redshift executable), avoid pasting private keys into shared shells, store REDSHIFT_NSEC/REDSHIFT_BUNKER in your CI secret store rather than local plaintext, and be cautious about allowing the agent to run redshift run since it can execute arbitrary commands with secrets injected — always confirm the exact command you want executed.

Like a lobster shell, security has layers — review code before you run it.

latestvk973f35jmcwyxra95djha35bv581btxb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsredshift

Comments