1claw
v1.1.1HSM-backed secret management for AI agents — store, retrieve, rotate, and share secrets via the 1Claw vault without exposing them in context.
⭐ 0· 829·1 current·1 all-time
byKevin J@kmjones1979
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (HSM-backed secret management) matches the declared env vars (ONECLAW_AGENT_ID, ONECLAW_AGENT_API_KEY, ONECLAW_VAULT_ID), the documented API endpoints, and the npm MCP helper. Asking for an agent ID/API key and a vault ID is proportionate for a vault integration.
Instruction Scope
SKILL.md instructs the agent to call 1Claw APIs (enroll, exchange key for JWT, list/get/put/share secrets, simulate/sign txs) and to use the MCP helper or SDK. It does not instruct reading unrelated local files or exfiltrating system credentials. All runtime actions described are within the service's domain.
Install Mechanism
Install spec uses an npm package (@1claw/mcp) which is a plausible and traceable distribution mechanism for an MCP helper binary. This is a moderate-risk channel (npm packages run code), but it is expected for this functionality and not a raw URL download or obscure host.
Credentials
The env vars requested are relevant to a vault client. However, there is a minor inconsistency in metadata: some docs mark ONECLAW_AGENT_ID and ONECLAW_VAULT_ID as "optional" while other parts and the top-level requirements list them as required. Also the skill requests broad vault-related permissions (read/write/delete, policy:create, share:create, tx:sign), which are reasonable for full vault management but are high privilege — you should grant only the minimum policies required for the agent's tasks.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide config paths or to modify other skills. Autonomous invocation is allowed (the platform default) but not combined with any unusual permanent privileges.
Assessment
This skill appears to do what it says: it teaches an agent to use the 1Claw vault and requires the agent's 1Claw credentials plus a vault ID. Before installing: (1) verify the npm package (@1claw/mcp) and its source (GitHub/npm pages) to ensure it matches the vendor; (2) do not give the agent more vault permissions than necessary — avoid granting delete/policy/create/tx:sign unless needed; (3) confirm which env variable form you will use (agent API key + ID vs a static JWT) because the docs show multiple options and a minor metadata inconsistency; (4) if you need stronger assurance, create a dedicated, narrowly-scoped agent with the minimal vault path patterns and short-lived tokens rather than using an organization-wide key.Like a lobster shell, security has layers — review code before you run it.
latestvk979hmzqehfr1m9nb7r6r0w4n982m0r7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvONECLAW_AGENT_ID, ONECLAW_AGENT_API_KEY, ONECLAW_VAULT_ID
Primary envONECLAW_AGENT_ID
Install
1Claw MCP Server
Bins: 1claw-mcp
npm i -g @1claw/mcp