ClawHub

A2A Vault

v2.0.0

Zero-knowledge secrets management via PassBox — store, retrieve, rotate, and inject credentials securely.

0· 439·0 current·0 all-time
byLê Minh Hiếu@paparusi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (zero-knowledge secrets management) align with the listed passbox_* tools (store, retrieve, list, rotate, import .env, inject into executions). The install spec (npm package @a2a/openclaw-plugin) plausibly provides those tools.
!
Instruction Scope
SKILL.md explicitly instructs the agent to "Read your local .env file" and to perform bulk retrievals (passbox_get_environment) and automated injection (a2a_secure_execute). The skill declares no required config paths or file permissions, and does not constrain how retrieved plaintext secrets may be handled or transmitted. Asking the agent to read local files and resolve placeholders increases the risk of unintended exfiltration and is not declared in the metadata.
Install Mechanism
The install uses an npm package (@a2a/openclaw-plugin). That's a typical mechanism but adds moderate risk compared with instruction-only skills. There is no homepage, source repository, or release provenance in the metadata, which reduces confidence in the package's trustworthiness.
!
Credentials
No environment variables or credentials are requested, which is reasonable. However, the skill instructs reading local .env files and retrieving entire environment secret sets without declaring file/config access; that implicit request for local file access and bulk secret access is disproportionate to the metadata and should be explicitly declared and justified.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request persistent system-wide privileges in the manifest and does not claim to modify other skills or system configs.
Scan Findings in Context
[no-findings] expected: The static regex scanner found no matches because this is an instruction-only skill with no code files. That absence is not evidence of safety; the SKILL.md itself instructs local file access and secret retrieval which the scanner could not analyze.
What to consider before installing
Before installing, verify the npm package provenance and vendor: look up @a2a/openclaw-plugin on the registry, inspect its source repository and recent releases, and confirm the publisher identity. Ask the author to declare any required file paths/permissions (reading .env) and to explain how decrypted secrets are handled, logged, or transmitted (especially with passbox_get_environment and a2a_secure_execute). If you plan to use this in sensitive environments, consider restricting the agent's file access or testing in a low-risk environment first, and require explicit confirmation before any bulk export/injection of secrets. If you cannot verify the package source or the team, treat the installation as higher-risk and avoid granting the agent access to production .env files or production secrets until you have more provenance.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis

Install

Install A2A Corp pluginnpm i -g @a2a/openclaw-plugin
latestvk9793mhv8ynfbak77nafn7e4ys81nje4passboxvk9793mhv8ynfbak77nafn7e4ys81nje4secretsvk9793mhv8ynfbak77nafn7e4ys81nje4securityvk9793mhv8ynfbak77nafn7e4ys81nje4vaultvk9793mhv8ynfbak77nafn7e4ys81nje4
439downloads
0stars
1versions
Updated 1mo ago
v2.0.0
MIT-0
Lê Minh Hiếu@paparusi
latestpassboxsecretssecurityvault
Download

A2A Vault (PassBox)

Zero-knowledge secrets management. Store API keys, tokens, and credentials with client-side encryption. The server never sees plaintext values.

Quick Start

Store a secret:

Use passbox_set_secret with vault "my-project", key "API_KEY", value "sk-abc123"

Retrieve a secret:

Use passbox_get_secret with vault "my-project", key "API_KEY"

Available Tools

Secret Operations

ToolDescription
passbox_get_secretRetrieve and decrypt a secret
passbox_set_secretCreate or update a secret (encrypted before upload)
passbox_list_secretsList secret names (values not returned)
passbox_delete_secretDelete a secret
passbox_rotate_secretTrigger manual secret rotation

Vault Management

ToolDescription
passbox_list_vaultsList all available vaults
passbox_list_environmentsList environments (dev, staging, prod)
passbox_get_environmentGet all secrets in an environment

.env Integration

ToolDescription
passbox_diff_envCompare local .env with vault secrets
passbox_import_envImport .env file into vault

Workflows

Set up project credentials

  1. passbox_list_vaults — see existing vaults
  2. passbox_set_secret — store each credential
  3. passbox_list_secrets — verify all keys are stored

Sync .env with vault

  1. Read your local .env file
  2. passbox_diff_env — see what's different
  3. passbox_import_env — push local secrets to vault

Environment promotion

  1. passbox_get_environment for "dev"
  2. Review values
  3. passbox_set_secret for each key in "staging"

Credential injection

Use with a2a_secure_execute to automatically inject secrets:

Use a2a_secure_execute with toolId "my-api-tool" and input { "apiKey": "{{API_KEY}}" }, vault "my-project"

The {{API_KEY}} placeholder is resolved from PassBox before execution.

Security Model

  • Client-side encryption: Values are encrypted before leaving your device
  • Zero-knowledge: The server stores only ciphertext
  • Environment isolation: dev/staging/prod secrets are fully separated
  • Audit trail: All access is logged
  • Secret rotation: Built-in rotation support with webhooks

Comments

Loading comments...