ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Credential Manager

v1.3.0

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices.

2· 4.2k·43 current·45 all-time
byMr. TeeClaw@callmedas69
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill legitimately scans, backs up, and consolidates credential files into a single .env — that aligns with its description. However the scope (mandating ALL credentials including private keys/mnemonics and service-account JSON) and the insistence that everything must live only at ~/.openclaw/.env is disproportionate: it centralizes very-high-value secrets into a single plaintext file and forbids other legitimate patterns (env injection, CI secrets, CLI args). The documentation even references a hard-coded home path in places which is suspiciously rigid.
!
Instruction Scope
Runtime instructions and scripts scan many user locations (config dirs, workspace/skills, dotfiles), back up, merge, set permissions, and remove scattered files. consolidate.py supports an auto-confirm flag (--yes) that will make changes without interactive approval, and cleanup.py can permanently delete files after confirmation. enforce.py is intended to be imported by other skills and will exit processes if the root .env is missing/insecure — that is enforcement beyond mere reporting and can disrupt unrelated components. There are also contradictory rules: CORE-PRINCIPLE says 'Never accept credentials from environment variables set in shell', yet the guidance shows sourcing ~/.openclaw/.env (which sets env vars).
Install Mechanism
No external install/download or remote code execution—this is an instruction+script package included in the skill. Scripts are local and there is no installer that fetches code from external URLs, lowering installation risk.
!
Credentials
The skill requests no explicit environment variables, but it reads and writes many user files across the home directory (credential JSON, .env files, and backups). It is designed to consolidate cloud provider service-account JSONs, wallet private keys, mnemonics and other irreversible secrets into one plaintext .env — that is not proportional for highly sensitive items (mnemonics/private-keys should not be casually moved into a single plaintext file). The enforcement policy that other skills 'Must load from ~/.openclaw/.env' and 'Never accept credentials from environment variables or CLI args' is also too rigid and incompatible with common deployment and CI practices.
Persistence & Privilege
The skill is not always: true (so not force-included), and it has no install hooks, but enforce.py encourages other skills to import it and will sys.exit() when checks fail — effectively coercing ecosystem compliance. That is a powerful enforcement mechanism (it can break or block other skills) even without always:true, so treat this as a behavioral escalation risk rather than a permissions flag.
What to consider before installing
What to consider before installing or running this skill: - Review the code first (you have it): the scripts will read many credential files, create backups, write a single plaintext file at ~/.openclaw/.env, set chmod 600, and can delete scattered files when cleanup is run. Consolidation is destructive if you accept auto-confirm flags. - Do NOT run consolidate.py --yes or cleanup.py --confirm until you have manually inspected discovered files and confirmed encrypted backups exist. The scripts create backups but do not encrypt them by default. - Be cautious about mixing crypto secrets (private keys, mnemonics) into a single plaintext .env: if those values are present, keep them in a purpose-built encrypted keystore or hardware wallet, not a plain .env file. - enforce.py will exit processes that import it if ~/.openclaw/.env is missing or has the wrong permissions — this can break CI, containers, or other skills that do not follow this strict model. Consider whether you want that behavioral enforcement in your environment. - The skill forbids reading credentials from environment variables and CLI args; that will be incompatible with many deployment/CI patterns and could require changing other tooling. - If you still want to use it: first run ./scripts/scan.py and inspect the output; create your own encrypted backup of any discovered secrets before running consolidation; prefer manual consolidation (no --yes) and validate results with ./scripts/validate.py --check permissions; consider integrating a secret manager (1Password, cloud secrets) instead of forcing everything into a single .env. - If you cannot validate provenance (author/source/homepage unknown), treat this package with additional caution — centralizing all your credentials under a tool with unknown origin magnifies risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk971dmtsjmh8m5avxbnn07zy3180q46w
4.2kdownloads
2stars
4versions
Updated 7h ago
v1.3.0
MIT-0
Mr. TeeClaw@callmedas69
latest
Download

Credential Manager

STATUS: MANDATORY SECURITY FOUNDATION

Consolidate scattered API keys and credentials into a secure, centralized .env file.

⚠️ This Is Not Optional

Centralized .env credential management is a core requirement for OpenClaw security. If your credentials are scattered across multiple files, stop and consolidate them now.

THE RULE: All credentials MUST be in ~/.openclaw/.env ONLY. No workspace, no skills, no scripts directories.

See:

The Foundation

Every OpenClaw deployment MUST have:

~/.openclaw/.env (mode 600)

This is your single source of truth for all credentials. No exceptions.

Why?

  • Single location = easier to secure
  • File mode 600 = only you can read
  • Git-ignored = won't accidentally commit
  • Validated format = catches errors
  • Audit trail = know what changed

Scattered credentials = scattered attack surface. This skill fixes that.

What This Skill Does

  1. Scans for credentials in common locations
  2. Backs up existing credential files (timestamped)
  3. Consolidates into ~/.openclaw/.env
  4. Secures with proper permissions (600)
  5. Validates security and format
  6. Enforces best practices
  7. Cleans up old files after migration

Detection Parameters

The skill automatically detects credentials by scanning for:

File Patterns:

  • credentials.json files in config directories
  • .env files
  • Memory files with -creds or credentials in the name

Sensitive Key Patterns:

  • API keys, access tokens, bearer tokens
  • Secrets, passwords, passphrases
  • OAuth consumer keys
  • Private keys, signing keys, wallet keys
  • Mnemonics and seed phrases

Security Checks:

  • File permissions (must be 600)
  • Git-ignore protection
  • Format validation

Quick Start

Full Migration (Recommended)

# Scan for credentials
./scripts/scan.py

# Review and consolidate
./scripts/consolidate.py

# Validate security
./scripts/validate.py

Individual Operations

# Scan only
./scripts/scan.py

# Consolidate specific service
./scripts/consolidate.py --service x

# Backup without removing
./scripts/consolidate.py --backup-only

# Clean up old files
./scripts/cleanup.py --confirm

Common Credential Locations

The skill scans these locations:

~/.config/*/credentials.json
~/.openclaw/workspace/memory/*-creds.json
~/.openclaw/workspace/memory/*credentials*.json
~/.env (if exists, merges)

Security Features

File permissions: Sets .env to mode 600 (owner only) ✅ Git protection: Creates/updates .gitignoreBackups: Timestamped backups before changes ✅ Validation: Checks format, permissions, and duplicates ✅ Template: Creates .env.example (safe to share)

Output Structure

After migration:

~/.openclaw/
├── .env                     # All credentials (secure)
├── .env.example             # Template (safe)
├── .gitignore               # Protects .env
├── CREDENTIALS.md           # Documentation
└── backups/
    └── credentials-old-YYYYMMDD/  # Backup of old files

Supported Services

Common services auto-detected:

  • X (Twitter): OAuth 1.0a credentials
  • Molten: Agent intent matching
  • Moltbook: Agent social network
  • Botchan/4claw: Net Protocol
  • OpenAI, Anthropic, Google: AI providers
  • GitHub, GitLab: Code hosting
  • Generic: API_KEY, *_TOKEN, *_SECRET patterns

See references/supported-services.md for full list.

Security Best Practices

See references/security.md for detailed security guidelines.

Quick checklist:

  • .env has 600 permissions
  • .env is git-ignored
  • ✅ No credentials in code or logs
  • ✅ Rotate keys periodically
  • ✅ Use separate keys per environment

Scripts

All scripts support --help for detailed usage.

scan.py

# Scan and report
./scripts/scan.py

# Include custom paths
./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds

# JSON output
./scripts/scan.py --format json

consolidate.py

# Interactive mode (prompts before changes)
./scripts/consolidate.py

# Auto-confirm (no prompts)
./scripts/consolidate.py --yes

# Backup only
./scripts/consolidate.py --backup-only

# Specific service
./scripts/consolidate.py --service molten

validate.py

# Full validation
./scripts/validate.py

# Check permissions only
./scripts/validate.py --check permissions

# Fix issues automatically
./scripts/validate.py --fix

cleanup.py

# Dry run (shows what would be deleted)
./scripts/cleanup.py

# Actually delete old files
./scripts/cleanup.py --confirm

# Keep backups
./scripts/cleanup.py --confirm --keep-backups

Migration Workflow

Step 1: Discovery

./scripts/scan.py

Review output to see what will be migrated.

Step 2: Backup & Consolidate

./scripts/consolidate.py

Creates backups, builds .env, sets permissions.

Step 3: Validation

./scripts/validate.py

Ensures everything is secure and correct.

Step 4: Test Test your applications/skills with the new .env file.

Step 5: Cleanup

./scripts/cleanup.py --confirm

Removes old credential files (backups remain).

For Skill Developers: Enforce This Standard

Other OpenClaw skills MUST validate credentials are secure before using them:

Python Skills

#!/usr/bin/env python3
import sys
from pathlib import Path

# Add credential-manager scripts to path
sys.path.insert(0, str(Path.home() / '.openclaw/skills/credential-manager/scripts'))

# Enforce secure .env (exits if not compliant)
from enforce import require_secure_env, get_credential

require_secure_env()

# Now safe to load credentials
api_key = get_credential('SERVICE_API_KEY')

Bash Skills

#!/usr/bin/env bash
set -euo pipefail

# Validate .env exists and is secure
if ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then
    exit 1
fi

# Now safe to load
source ~/.openclaw/.env

This creates a fail-fast system: If credentials aren't properly secured, skills refuse to run. Users are forced to fix it.

Loading Credentials

After migration, load from .env:

Python

import os
from pathlib import Path

# Load .env
env_file = Path.home() / '.openclaw' / '.env'
with open(env_file) as f:
    for line in f:
        if '=' in line and not line.strip().startswith('#'):
            key, val = line.strip().split('=', 1)
            os.environ[key] = val

# Use credentials
api_key = os.getenv('SERVICE_API_KEY')

Bash

# Load .env
set -a
source ~/.openclaw/.env
set +a

# Use credentials
echo "$SERVICE_API_KEY"

Using Existing Loaders

If you migrated using OpenClaw scripts:

from load_credentials import get_credentials
creds = get_credentials('x')

Adding New Credentials

Edit ~/.openclaw/.env:

# Add new service
NEW_SERVICE_API_KEY=your_key_here
NEW_SERVICE_SECRET=your_secret_here

Update template too:

# Edit .env.example
NEW_SERVICE_API_KEY=your_key_here
NEW_SERVICE_SECRET=your_secret_here

Rollback

If something goes wrong:

# Find your backup
ls -la ~/.openclaw/backups/

# Restore specific file
cp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \
   ~/.config/x/credentials.json

Notes

  • Non-destructive by default: Original files backed up before removal
  • Idempotent: Safe to run multiple times
  • Extensible: Add custom credential patterns in scripts
  • Secure: Never logs full credentials, only metadata

Comments

Loading comments...