ClawHub

Openclaw Vault

Credential lifecycle security for agent workspaces. Audit credential exposure, detect misconfigured permissions, inventory all secrets, and identify stale credentials needing rotation. Free alert layer — upgrade to openclaw-vault-pro for automated remediation, credential rotation, and access control.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
5 · 1.2k · 4 current installs · 4 all-time installs
by@AtlasPA
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (credential lifecycle auditing) matches the shipped script's capabilities (scanning permissions, history, git, configs, docker, staleness). Requiring only python3 is proportionate. However the repository and README advertise additional remediation/automation features and the included script exposes commands to change files (fix-permissions, quarantine, protect) that go beyond the read-only audit commands shown in SKILL.md's Commands section — this inconsistency should be explained by the author.
!
Instruction Scope
SKILL.md instructs running audit/exposure/inventory/status and documents local-only operation. The script itself (vault.py) includes additional subcommands that can modify or move files (fix-permissions, quarantine, unquarantine, protect, rotate-check, gitguard). The skill auto-detects a workspace via OPENCLAW_WORKSPACE / cwd / ~/.openclaw/workspace and will scan sensitive locations (shell histories, git, configs) — this is expected for an auditor but is invasive. SKILL.md does not declare OPENCLAW_WORKSPACE as a required env var, and the docs differ between README, SKILL.md, and the code, which increases the chance an agent or user will run a modifying command unintentionally.
Install Mechanism
No install spec — instruction-only with an included Python script. That is low-risk relative to arbitrary network installs. The code claims to use only Python stdlib and the file headers/imports shown are consistent with local-only operation (no obvious network libraries).
Credentials
The skill declares no required credentials or env vars. It does optionally read OPENCLAW_WORKSPACE for workspace auto-detection (documented in SKILL.md), which is reasonable. No unexpected cloud credentials or unrelated secrets are requested.
Persistence & Privilege
always:false (no forced persistent inclusion). The script can write to the filesystem (quarantine, fix-permissions, protect); those side-effectful commands are appropriate for remediation features but increase risk if invoked inadvertently. There's no evidence the skill modifies other skills or global agent configs.
What to consider before installing
This skill appears to implement credential discovery and remediation and runs locally with only Python. However: 1) the code contains modifying operations (fix-permissions, quarantine, protect) that are not fully reflected in the SKILL.md Commands section — treat those as potentially destructive until you inspect them; 2) it will scan sensitive files (shell histories, keys, git history) in whatever workspace it targets (defaulting to OPENCLAW_WORKSPACE, cwd, or ~/.openclaw/workspace) — point it only at a safe copy or test workspace first; 3) review scripts/vault.py (especially the implementations of quarantine, fix-permissions, protect, gitguard, rotate-check) before running to confirm behavior and where it writes/moves files; 4) run read-only commands (audit, exposure, inventory, status) first and do not run remediation commands until you have backups and understand what changes will be made; 5) prefer obtaining this skill from a known repository/author or verify the code hash if you must install it. If you want, I can scan the remainder of vault.py for specific filesystem operations and show the exact lines that perform moves/permission changes and where quarantined files are stored.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97abbz42fhwx2gc7kfw22bpj9811hst

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
OSmacOS · Linux · Windows
Binspython3

SKILL.md

OpenClaw Vault

Protects your credential lifecycle — not just finding secrets in source code (that's what Sentry does), but tracking how credentials are exposed through services, permissions, history, configs, containers, and time.

Why This Matters

Credentials don't just leak through source code. They leak through:

  • Permissions — .env files readable by every user on the system
  • Shell history — passwords and tokens visible in .bash_history
  • Git config — credentials embedded in remote URLs
  • Config files — hardcoded secrets in JSON/YAML/TOML/INI configs
  • Log files — tokens accidentally logged during debugging
  • Docker configs — secrets baked into container images
  • Staleness — credentials that haven't been rotated in months

This skill watches the full credential lifecycle. Sentry finds secrets in files. Vault finds secrets that are exposed.

Commands

Full Credential Audit

Comprehensive credential exposure audit: permission checks, shell history, git config, config file scanning, log file scanning, gitignore coverage, and staleness detection.

python3 {baseDir}/scripts/vault.py audit --workspace /path/to/workspace

Exposure Check

Detect credential exposure vectors: misconfigured permissions, public directory exposure, git history risks, Docker credential embedding, shell alias leaks, and URL query parameter credentials in code.

python3 {baseDir}/scripts/vault.py exposure --workspace /path/to/workspace

Credential Inventory

Build a structured inventory of all credential files in the workspace. Categorizes by type (API key, database URI, token, certificate, SSH key, password), tracks age, and flags stale or exposed credentials.

python3 {baseDir}/scripts/vault.py inventory --workspace /path/to/workspace

Quick Status

One-line summary: credential count, exposure count, staleness warnings.

python3 {baseDir}/scripts/vault.py status --workspace /path/to/workspace

Workspace Auto-Detection

If --workspace is omitted, the script tries:

  1. OPENCLAW_WORKSPACE environment variable
  2. Current directory (if AGENTS.md exists)
  3. ~/.openclaw/workspace (default)

What It Checks

CategoryDetails
Permissions.env files with world-readable or group-readable permissions
Shell HistoryCredentials in .bash_history, .zsh_history, .python_history, etc.
Git ConfigCredentials embedded in git remote URLs, plaintext credential helpers
Config FilesHardcoded secrets in JSON, YAML, TOML, INI config files
Log FilesCredentials accidentally logged in .log files
GitignoreMissing patterns for .env, *.pem, *.key, credentials.json, etc.
StalenessCredential files older than 90 days that may need rotation
Public DirsCredential files in public/, static/, www/, dist/, build/
Git HistoryCredential files in git repos that may be committed
DockerSecrets hardcoded in Dockerfile and docker-compose configs
Shell RCCredentials in .bashrc, .zshrc, .profile aliases
URL ParamsAPI keys/tokens passed in URL query strings in code

Exit Codes

  • 0 — Clean, no issues
  • 1 — Warnings detected (review needed)
  • 2 — Critical exposure detected (action needed)

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…