ClawHub

Secrets

v1.0.0

Deep workflow for secrets lifecycle—classification, storage (Vault/KMS/cloud), rotation, least privilege, developer ergonomics, audit, and incident response....

0· 60·0 current·0 all-time
by@mike47512
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: the SKILL.md is a structured, multi-stage secrets governance workflow. It does not request unrelated binaries, credentials, or system access.
Instruction Scope
Instructions are advisory (questions to ask, design choices, runbooks). The guide recommends 'hunting' for secrets in repos, wikis, tickets, Slack, laptops and building inventories — which is appropriate for the purpose, but could lead to collection of sensitive artifacts if the agent or user attempts automated access. The skill itself does not include commands to read files or exfiltrate data.
Install Mechanism
No install spec or code files; instruction-only skills are lowest-risk from install perspective.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance discusses credentials conceptually but does not request or require secrets or tokens to operate.
Persistence & Privilege
Flags show default autonomy (agent invocation allowed) but not always:true and the skill makes no requests to persist itself or modify other skills. No elevated persistence or system-wide changes are requested.
Assessment
This skill is coherent and appears to be a structured advisory workflow rather than executable code, but before using it: (1) Do not paste real secrets or private keys into the chat — redact or provide examples. (2) If you want the agent to 'hunt' for secrets, prefer giving it access to sanitized artifacts or run scanning tools yourself and share the findings. (3) The publisher/source is unknown and there is no homepage; although the content is benign, prefer skills with known provenance for sensitive topics. (4) Use human review and organizational policy when following any remediation steps the skill suggests (rotations, revocations, break-glass), since those actions can cause outages if misapplied.

Like a lobster shell, security has layers — review code before you run it.

latestvk97731q81qv8rq8dwwaj7bqy6583phth

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments