OpenClaw Key Management
WarnAudited by ClawScan on May 10, 2026.
Overview
This credential-management skill is purpose-aligned, but the reviewed artifacts show incomplete and unsafe secret-handling that users should not trust with real credentials yet.
Do not store real API keys or passwords in this skill until the missing helper is resolved, dynamic temp-code secret handling is removed, passphrase and permission controls are actually implemented, and workspace migration is made explicit and reviewable.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your credentials could be processed by code that was not included in the reviewed package, or the tool may fail in unpredictable ways.
The CLI imports key_vault_simple.js from the workspace scripts directory for secret operations, but the provided manifest includes scripts/key_vault.js and no key_vault_simple.js. Secret handling would therefore depend on missing or pre-existing unreviewed code.
const SecureKeyVault = require('$WORKSPACE_DIR/scripts/key_vault_simple.js');Do not use this with real secrets until the package includes the referenced helper or updates the CLI to use the reviewed vault module under the skill directory.
A secret you enter may briefly exist in plaintext on disk, and specially formed input could execute unintended local JavaScript.
The script generates and executes a temporary JavaScript file containing raw secret names and values. This writes plaintext secrets to disk and can break or alter the generated code if inputs contain quotes, newlines, or JavaScript syntax.
TEMP_SCRIPT=$(mktemp) ... await vault.setSecret('$SECRET_NAME', '$SECRET_VALUE', {type: 'manual'}); ... node "$TEMP_SCRIPT"Pass secrets to reviewed code via stdin, environment-safe channels, or structured JSON with proper escaping; avoid generating executable code from secret values.
Users may believe their credentials have stronger protection than the included code actually provides.
The reviewed implementation does not substantiate these assurances: key_vault.js loads config but always derives the master key from system identifiers, no passphrase prompt or memory locking is implemented, and secureZero only zeros a copied buffer for strings.
High-Security Mode: User passphrase required at each session start ... Memory locking to prevent swapping to disk ... Automatic secure zeroing of plaintext credentials
Treat the security claims as unverified until passphrase mode, memory locking, credential zeroing, and logging controls are implemented and tested in the provided code.
Any code or skill that can call the vault module may be able to retrieve stored API keys or tokens.
The visible retrieval path returns decrypted credentials by name without an artifact-backed caller check, approval prompt, per-skill grant, or access policy.
async getSecret(name) { ... const decrypted = await this.decryptCredential(encryptedData, this.masterKey); ... return decrypted; }Add explicit user approval, per-skill access grants, audit logging, and least-privilege secret scopes before exposing decrypted credentials to other skills.
If a memory file is edited or poisoned, it could cause the agent to request or use a stored secret unexpectedly.
Persistent memory placeholders are described as automatic triggers for secret resolution, but the artifacts do not describe validation of who added the placeholder or prompting before a secret is resolved.
Secure references like `{SECRET:api_key_name}` in memory files ... The system automatically intercepts these references and provides the decrypted value at runtime.Require confirmation and access checks before resolving {SECRET:...} references, especially when they come from persistent memory or shared workspace files.
Running migration from a different workspace could modify the wrong OpenClaw memory file.
The migration command can rewrite MEMORY.md, but it is hard-coded to one workspace path rather than the install path or current workspace.
WORKSPACE_DIR="$HOME/.openclaw/zhaining" ... fs.writeFileSync('$WORKSPACE_DIR/MEMORY.md', memoryContent);Derive the workspace from the install location or an explicit user argument, show a diff, and ask for confirmation before modifying MEMORY.md.