ClawHub

AgentKeys

v1.2.0

Secure credential proxy for AI agents. Make API calls through AgentKeys — real secrets never leave the vault.

1· 707·2 current·2 all-time
byAlexander Belogubov@alexandr-belogubov
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (credential proxy) matches the instructions: the SKILL.md tells the agent to call a proxy URL and optionally use an API key or proxy token. The only required env var in registry metadata is AGENTKEYS_PROXY_URL, which is appropriate. The metadata lists AGENTKEYS_API_KEY and AGENTKEYS_PROXY_TOKEN as optional credentials — consistent with a proxy model.
Instruction Scope
Instructions are scoped to routing requests through the AgentKeys proxy and do not ask the agent to read unrelated files or secrets. However, the proxy accepts an X-Target-Url header (arbitrary target) and in API-key mode can proxy any named credential the API key is permitted to use — that is functionally necessary but means a broadly-scoped API key could be abused to access many credentials or internal services if the proxy is trusted. This is a design risk to be mitigated by scoping tokens and network controls, not an incoherence in the skill itself.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. Nothing will be written to disk by the skill package itself.
Credentials
Declared required env var is only AGENTKEYS_PROXY_URL, which is minimal. SKILL.md describes using AGENTKEYS_API_KEY or AGENTKEYS_PROXY_TOKEN in practice; those are appropriate for a proxy service but are sensitive. Ensure you provide the least-privilege credential (prefer single-credential proxy tokens) and that workspace API keys are tightly scoped. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill is not always-on and does not request system-wide configuration changes or persistent installation. Autonomous invocation is allowed (platform default) but not combined with other red flags here.
Assessment
This skill appears coherent for a credential-proxy: it simply instructs the agent to send requests to a configured AgentKeys proxy. Before installing, verify you trust the proxy operator and the AGENTKEYS_PROXY_URL value, and follow these precautions: (1) Prefer issuing scoped proxy tokens (pxr_...) limited to one credential/agent instead of a workspace API key; (2) if you must use a workspace API key, ensure it has least privilege and cannot access unrelated credentials; (3) restrict which target URLs the agent may request (to avoid SSRF or exfiltration to arbitrary endpoints) and monitor the proxy's audit logs; (4) confirm network routing — if the proxy can reach internal services, consider that access risk; (5) note that this skill is instruction-only (no local code), so risk comes from the remote proxy and the credentials you provide rather than from the skill bundle itself.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvAGENTKEYS_PROXY_URL
latestvk9742tz5zr87mwd1k6s3yqtk5581fqtd
707downloads
1stars
3versions
Updated 1mo ago
v1.2.0
MIT-0
Alexander Belogubov@alexandr-belogubov
latest
Download

AgentKeys Skill

Secure credential proxy for AI agents. Route API calls through AgentKeys so your agent never sees real secrets.

Configuration

You have two options. Set these in your environment or .env:

Option A — API Key (recommended, multi-credential)

AGENTKEYS_API_KEY=ak_ws_...
AGENTKEYS_PROXY_URL=https://proxy.agentkeys.io

Use your workspace API key to proxy requests to any credential by name. Get your API key from Settings.

Option B — Direct Proxy Token (single credential)

AGENTKEYS_PROXY_TOKEN=pxr_...
AGENTKEYS_PROXY_URL=https://proxy.agentkeys.io

Use a proxy token for one specific credential. Get it by assigning a credential to an agent in the dashboard.

Usage

With API Key (Option A) — reference credentials by name

curl -X POST $AGENTKEYS_PROXY_URL/v1/proxy \
  -H "Authorization: Bearer $AGENTKEYS_API_KEY" \
  -H "X-Credential-Name: resend" \
  -H "X-Target-Url: https://api.resend.com/emails" \
  -H "Content-Type: application/json" \
  -d '{"from": "noreply@example.com", "to": "user@example.com", "subject": "Hello", "text": "Sent via AgentKeys"}'

With Proxy Token (Option B) — direct credential access

curl -X POST $AGENTKEYS_PROXY_URL/v1/proxy \
  -H "Authorization: Bearer $AGENTKEYS_PROXY_TOKEN" \
  -H "X-Target-Url: https://api.resend.com/emails" \
  -H "Content-Type: application/json" \
  -d '{"from": "noreply@example.com", "to": "user@example.com", "subject": "Hello", "text": "Sent via AgentKeys"}'

Headers

HeaderRequiredDescription
AuthorizationBearer $AGENTKEYS_API_KEY or Bearer $AGENTKEYS_PROXY_TOKEN
X-Target-UrlTarget API URL to forward to
X-Credential-Name✅ (API key mode)Name of the credential to use (case-insensitive)
Content-TypePassed through to target

How It Works

  1. Agent sends request to AgentKeys proxy with API key + credential name (or proxy token)
  2. AgentKeys finds and decrypts the real credential server-side
  3. Real credential is injected into headers
  4. Request is forwarded to the target API
  5. Response is returned to the agent
  6. Every request is logged in the audit trail

The agent never sees the real API key, OAuth token, or password.

Credential Types Supported

  • API Key — injected as Authorization: Bearer <key>
  • Basic Auth — injected as Authorization: Basic base64(user:pass)
  • Custom Headers — injected as key-value pairs
  • Query Parameters — appended to URL
  • Cookies — injected as Cookie header
  • OAuth — auto-refreshed tokens

Security

  • Credentials are AES-256-GCM encrypted at rest
  • Proxy tokens are scoped to one credential + one agent
  • API key mode still respects workspace permissions
  • Tokens can be revoked instantly from the dashboard
  • Full audit trail for every proxied request
  • Agent never has access to plaintext secrets

Links

Comments

Loading comments...