ClawHub

Akeyless IO

v1.0.0

Akeyless Secrets Management via the official akeyless CLI — install, configure profiles, gateway routing, and safe read/list operations. Use when the user me...

0· 131·0 current·0 all-time
by@deanshak

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for deanshak/akeyless.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Akeyless IO" (deanshak/akeyless) from ClawHub.
Skill page: https://clawhub.ai/deanshak/akeyless
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: akeyless
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install akeyless

ClawHub CLI

Package manager switcher

npx clawhub@latest install akeyless
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (akeyless), and install (Homebrew formula akeylesslabs/tap/akeyless) all match the stated purpose of driving the Akeyless CLI. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md confines the agent to invoking the official CLI (version check, list-items, json output, profile usage) and instructs not to request or paste secrets. It does reference profile files (~/.akeyless/profiles/) and gateway env vars for correct operation — these are relevant to the CLI workflow. The file does not instruct the agent to read unrelated system state or to exfiltrate secrets.
Install Mechanism
Install is via a Homebrew tap formula (akeylesslabs/tap/akeyless), a standard package source for macOS/Linux Homebrew users. This is a low-risk, expected install mechanism for a CLI tool.
Credentials
The skill does not require env vars but properly documents common Akeyless envs (AKEYLESS_GATEWAY_URL, AKEYLESS_TRUSTED_TLS_CERTIFICATE_FILE) and the profiles directory. Access to ~/.akeyless profiles is necessary for the CLI to function — this is proportionate, but it means the agent (running commands on the gateway host) can observe whatever credentials the user has stored there, so care is needed.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent or global privileges. Autonomous invocation by the model is enabled (platform default) but not combined with any concerning permissions in this package.
Assessment
This skill appears coherent and implements an interface to the official Akeyless CLI. Before installing: confirm you trust the Homebrew tap (akeylesslabs/tap), run the CLI and configure profiles locally (do not paste keys into chat), and be aware that any CLI commands executed by the agent run as the gateway host user and can access ~/.akeyless profiles and any credentials stored there. Limit the agent/gateway user's privileges and ensure profiles are created/configured outside of chat. If you need the agent to list or summarize secrets, prefer read-only commands and request redaction of any secret fields.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔑 Clawdis
Binsakeyless

Install

Install Akeyless CLI (brew tap)
Bins: akeyless
brew install akeylesslabs/tap/akeyless
latestvk97cnv6j51akgwt7ehjv5pvtbx83d90c
131downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@deanshak
latest
Download

Akeyless CLI

Teach the agent to use the official Akeyless CLI on the same machine as the OpenClaw gateway. Do not invent URLs, regions, or auth flows—defer to docs and akeyless <cmd> -h.

References

Load when details are needed:

  • references/cli-notes.md — install (macOS/Linux), profiles, gateway env, list-items, precedence, safety

Prerequisites

  1. akeyless on PATH (akeyless --version).
  2. A configured profile (akeyless configure or ~/.akeyless/profiles/). Auth is not done through chat—user runs configure locally.
  3. For private gateways: AKEYLESS_GATEWAY_URL (and TLS trust PEM if required)—see references.

Workflow

  1. Confirm CLI: akeyless --version / which akeyless.
  2. If commands fail with auth errors: user must fix profile or gateway URL outside the agent; suggest akeyless configure or env vars from references—never ask them to paste Access Keys into chat.
  3. Prefer read-only checks first: akeyless list-items --minimal-view or akeyless list-items --path '<folder>' --minimal-view (paths are org-specific).
  4. For JSON: akeyless list-items --jsonsummarize; do not dump large payloads or possible secret fields into chat.
  5. Region / tenant: do not assume only vault.akeyless.io; follow account and org docs.

OpenClaw-specific

  • Skills live under the agent workspace, e.g. ~/.openclaw/workspace/skills/akeyless/. User enables akeyless in Skills and restarts the gateway after changes.
  • Shell commands run as the gateway host user; that user must have working akeyless credentials.

Guardrails

  • Never paste or request Access Keys, API keys, or secret values in chat, logs, or repos.
  • Least-privilege: only commands the user’s role allows; if access denied, point to Akeyless role and folder path, not “retry with more secret text.”
  • Do not commit ~/.akeyless/ or paste profile TOML into threads.

Contrast with 1Password (op)

Akeyless uses akeyless + profiles + optional AKEYLESS_GATEWAY_URL. There is no 1Password-style desktop app unlock in this workflow.

Comments

Loading comments...