Vault Client
ReviewAudited by ClawScan on May 10, 2026.
Overview
The Vault client is mostly coherent, but it needs review because it stores Vault tokens/secrets on disk and its write command can accidentally replace existing secrets.
Install only if you are comfortable giving the agent access to a scoped Vault token and storing Vault-related files under ~/.openclaw. Before using it, restrict file permissions on vault.json and vault-cache.json, review the AGENTS.md startup block, avoid tls.verify:false unless you fully trust the network, and be especially careful with the put command until it safely handles existing-secret reads and overwrite protection.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Secrets retrieved from Vault may remain readable on the local machine after use, increasing exposure if the account, workspace, backups, or filesystem are accessed by others.
Fetched Vault secret data is written to a local JSON cache file in plaintext with an expiry timestamp. The visible code does not show encryption, restrictive file permissions, or deletion of expired secret values.
const CACHE_PATH = path.join(os.homedir(), '.openclaw', 'vault-cache.json'); ... function saveCache(cache) { fs.writeFileSync(CACHE_PATH, JSON.stringify(cache, null, 2)); } ... cache[ck] = { data, expires: Date.now() + ttlMs }; saveCache(cache);Use a least-privileged Vault token, keep cache TTL very short or disable caching if possible, ensure ~/.openclaw/vault*.json files are chmod 600, and clear the cache after sensitive tasks.
A write operation could unintentionally replace or remove other keys at a Vault path if the existing secret could not be read, causing credential loss or service outages.
The write command claims to merge with existing keys, but if the read of existing data returns any non-200 status, it merges against an empty object and still posts the result.
const existing = await vaultRequest(cfg, 'GET', `/v1/${mount}/data/${secretPath}`); const prev = existing.status === 200 ? (existing.body.data?.data || {}) : {}; const merged = { ...prev, ...data }; const res = await vaultRequest(cfg, 'POST', `/v1/${mount}/data/${secretPath}`, { data: merged });Change the write flow to abort on read errors other than a confirmed 404, use Vault KV patch/CAS semantics where available, and require explicit user confirmation before overwriting an existing secret.
Anyone or any process that can read the local config file may be able to use the Vault token with whatever permissions that token has.
The skill needs and locally stores a Vault token, which is expected for a Vault client but is not declared in the registry credential metadata.
Prompts for address, token, and mount. Saves to `~/.openclaw/vault.json` ... "auth": { "method": "token", "token": "hvs.xxx" }Use a Vault token scoped only to the needed paths and operations, avoid root/admin tokens, rotate it regularly, and restrict file permissions on ~/.openclaw/vault.json.
The agent environment will retain Vault-related startup behavior after setup until the AGENTS.md change is removed.
Setup modifies persistent agent startup instructions so a Vault check can run every session.
Saves to `~/.openclaw/vault.json` and appends a startup block to `AGENTS.md`.
Review the AGENTS.md block after setup and remove it if you do not want Vault checks to run in future sessions.
Users have less external provenance information to verify who maintains the skill or where updates come from.
The registry metadata does not provide a public source or homepage for provenance review, although the provided package has no npm dependencies and the visible script is included.
Source: unknown; Homepage: none
Review the bundled files before installing and prefer a version with a verifiable source repository or maintainer documentation.