ClawHub

Cloak — Protect .env Secrets from AI Agents

v0.1.0

Protect .env secrets from AI agents. Real credentials encrypted in a vault — agents see structurally valid sandbox values on disk.

0· 123·0 current·0 all-time
byDaniel Tamas@danieltamas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (protect .env secrets by showing sandbox values on disk and keeping real values in a vault) matches the runtime instructions: check for .cloak, treat .env as sandbox values, use 'cloak run' to inject real env values, and use 'cloak set/edit' to manage secrets. The skill does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md gives narrow, specific rules: check .cloak presence, read .env (sandbox) only, never read vault or config directories, use cloak commands for runtime injection and edits, and always ask before running init. There is no broad 'collect context' instruction or any direction to access unrelated system files.
!
Install Mechanism
The skill is instruction-only (no install spec), which is low risk. However the document explicitly recommends installing via piping a remote script (curl -fsSL https://getcloak.dev/install.sh | sh and irm https://getcloak.dev/install.ps1 | iex). getcloak.dev is not a recognized central release host in this review, and piping remote scripts to sh/iex is a high-risk installer pattern — the command should be replaced with a link to a verified release or the script should be inspected before execution.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The rules explicitly forbid reading vault/config paths (~/.../.config/cloak etc.), which is appropriate and proportionate to the stated purpose.
Persistence & Privilege
No install, no always:true, and user-invocable only; the skill does not request persistent system privileges or attempt to modify other skills' configuration. Autonomous invocation is allowed by default but not combined with other red flags here.
Assessment
This skill is internally consistent with its goal of showing safe sandbox values on disk and using a local vault for real secrets. Before adopting: 1) Do not blindly run the suggested install commands that pipe remote scripts to a shell — inspect the installer at https://getcloak.dev/install.sh (and the PowerShell script) or prefer an official package/distribution channel. 2) Verify the Cloak project's identity (homepage, GitHub repository, release artifacts, and VS Code extension source) before installing. 3) Ensure recovery keys are stored securely; understand how cloak stores its vault and recovery material (platform keychain, encrypted file, backup procedure). 4) Make sure agents follow the document's rule to ask before running 'cloak init' and never attempt to read files under the cloak config directories. 5) If you need a higher assurance level, request the upstream source code and a reproducible build or prefer installation from a known package manager/release host.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cs3jdqgn15me1aqebqfa68s835m02

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments