Agentvault
v1.0.2Encrypted credential vault and persistent memory for AI agents. Install from npm, sandbox agent access to secrets, store and query encrypted memory, run an M...
⭐ 0· 98·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name and description (encrypted credential vault, sandboxing, persistent memory) match the runtime instructions to use the @inflectiv-ai/agentvault npm CLI and its commands. It does not request unrelated credentials or hidden binaries. Minor concerns: SKILL.md repeatedly asserts "100% local — no external API calls, no telemetry, no network communication" while also documenting an MCP server with transports including SSE and a default port (3100) and integrations with other tools — starting an MCP server implies a local network endpoint and increases attack surface. The SKILL.md also references a web homepage and npm package but the skill metadata shows 'Source: unknown' and 'Homepage: none', which means you should verify the actual package source before installing.
Instruction Scope
The included SKILL.md is specific about what commands to run and explicitly limits autonomous actions to a short list of read-only commands. All write/modify commands (install, init, secret import, memory store, mcp start, vault export, audit clear, revoke, etc.) are explicitly marked as requiring user approval. The instructions do include reading/importing a user's .env file and wrapping processes to filter environment variables — these are expected for a vault but are sensitive operations and the skill correctly requires confirmation.
Install Mechanism
This is an instruction-only skill (no install spec or code files). It instructs the agent to run npm install -g or npx for the official package, and recommends auditing the tarball with `npm pack` beforehand. Because it does not auto-install anything and points to npm (a known registry) the install mechanism risk is moderate-to-low, but you should still inspect the package before installing.
Credentials
The skill does not declare required environment variables or primary credentials, which is appropriate. However, its purpose inherently involves reading and manipulating environment variables, .env files, and secrets. The SKILL.md calls out sensitive actions (importing .env, wrapping processes, exporting vaults) and marks them as requiring explicit user approval — that proportionality is correct. Verify any secret imports or wrap commands before approving, since those operations expose potentially many secrets.
Persistence & Privilege
always:false (not force-included) and disable-model-invocation:false (agent may invoke when allowed) are appropriate. The skill allows autonomous read-only queries but requires approval for write actions. The primary persistence/privilege concern is the optional MCP server: if started it opens a local endpoint (stdio/SSE) and exposes MCP tools which increases attack surface — starting it should require explicit user consent and source verification.
Assessment
This skill appears to be what it says — a local CLI-driven encrypted vault — but take these precautions before installing or allowing operations: 1) Verify the npm package and publisher identity (run `npm pack @inflectiv-ai/agentvault` and inspect the code, check the package's repository and signatures). 2) Never allow write or import commands (agentvault init, secret import, memory store, mcp start, vault export, audit clear, revoke, etc.) without your explicit approval; these modify or expose secrets and can open local services. 3) Be cautious about starting the MCP server (opens a local port/endpoint); only start it if you trust the environment and the package source. 4) Prefer auditing the package and running it in an isolated/containerized environment if you plan to import sensitive .env files. 5) If you need higher assurance, request the package's source repo URL and a reproducible build or checksum before installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97f8efkh8x3z9afrv8t20km81836w55
License
MIT-0
Free to use, modify, and redistribute. No attribution required.