SecretClaw

The 'secretclaw' skill provides a secure mechanism for users to input sensitive API keys into OpenClaw without exposing them in chat logs. It implements a temporary local HTTP server (scripts/secret_server.py) exposed via a Cloudflare Quick Tunnel, utilizing one-time tokens and immediate self-destruction after the secret is saved via the 'openclaw' CLI. The implementation is transparent, follows its documented purpose, and lacks any indicators of malicious intent or data exfiltration.