ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cxz9909 Credential Manager

v1.0.0

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting...

0· 50·1 current·1 all-time
by@cxz9909·fork of @callmedas69/credential-manager (1.3.0)

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cxz9909/cxz9909-credential-manager.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cxz9909 Credential Manager" (cxz9909/cxz9909-credential-manager) from ClawHub.
Skill page: https://clawhub.ai/cxz9909/cxz9909-credential-manager
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cxz9909-credential-manager

ClawHub CLI

Package manager switcher

npx clawhub@latest install cxz9909-credential-manager
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the code: the package scans for credential files, consolidates them into ~/.openclaw/.env, validates permissions, and can remove scattered files. That functionality is coherent with a 'credential manager'. However, documentation enforces a blanket "MANDATORY" policy and even contains a hardcoded path (/home/phan_harry/.openclaw/.env) in CONSOLIDATION-RULE.md — an odd artifact that doesn't match the scripts which use Path.home(). The strict 'root-only' requirement and disallowing credentials via environment variables or CLI args are design choices that are plausible for a particular security model but are unusually restrictive and may not be appropriate for many environments (CI, containers, team workflows).
!
Instruction Scope
Runtime instructions and scripts scan many user locations (including ~/.config, ~/.local/share, and shell rc files), read potentially every credential-containing file, back up copies, and (with explicit confirmation) delete scattered files. While within the stated purpose, this is high-impact: it centralizes all secrets into one file (single blast radius) and the cleanup step will permanently delete files if confirmed. The SKILL.md's mandatory language and enforce.py suggest other skills should import this to refuse to run unless the .env exists — this creates cross-skill enforcement that may break legitimate workflows. The instructions do not reference any external network endpoints; the scripts do not appear to transmit data externally.
Install Mechanism
There is no external install/download step in the skill package (no brew/npm/download URLs). The code is included in the skill bundle (Python scripts). That reduces supply-chain risk versus arbitrary remote downloads. Installing the skill will place these scripts on disk (they will be executed locally), which is expected for a utility of this nature.
!
Credentials
The skill declares no required environment variables, yet its policy forbids using environment variables or CLI args for credentials (CORE-PRINCIPLE.md). The scripts operate on many files across the user's home directory and consolidate all secret types (API keys, private keys, mnemonics) into one file. That increases the value of the single file: if the .env is later exposed, many otherwise-isolated secrets become compromised. The docs recommend encrypted backups, but the backup implementation (backup_files) copies files to backups in plaintext — a mismatch between the claimed safeguards and actual behavior. The consolidation also normalizes and copies private keys and mnemonics without additional encryption at rest.
Persistence & Privilege
The skill is not always:true and does not modify other skills' files automatically. However, its enforce.py promotes a fail-fast model other skills can import to refuse execution unless the centralized .env exists and has correct permissions — this gives the credential manager strong policy enforcement capability across an installation if other skill authors adopt it. The skill itself does cleanup and can delete files (with confirmation), which is an elevated action but not an automatic privilege escalation.
What to consider before installing
This skill implements an aggressive 'single .env' policy and will read, back up, consolidate, and (if you confirm) delete credential files across your home directory. Before installing or running it: 1) Review the scripts locally (scan.py, consolidate.py, backup/cleanup) to ensure they match your expectations — they act on many paths and will copy sensitive files into backups and into a single ~/.openclaw/.env. 2) Note mismatches: CONSOLIDATION-RULE.md hardcodes a user path (/home/phan_harry), and docs recommend encrypted backups but the current backup implementation copies files unencrypted. 3) Test in a safe environment (non-production account or VM) and run scan.py and consolidate.py with --backup-only and without --yes to inspect findings. 4) Verify backups are encrypted or move them to an encrypted store before deleting originals. 5) Consider whether the 'never use environment variables/CLI args' rule fits your deployment model (CI, containers, secret managers). 6) If you intend to use enforce.py across other skills, be aware it will cause those scripts to exit unless the centralized .env exists and is 600; that can break automation. 7) If you want to adopt this tool, modify it to: encrypt backups, provide configurable exception policies (allow CI/service account patterns), remove hardcoded path artifacts, and log-safe auditing. If you are uncomfortable with a single-file consolidation of high-value secrets (private keys, mnemonics), prefer a secret manager or encrypted key store instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk975f7rbx0hgnrwg7j2z1pg4qs85jsyd
50downloads
0stars
1versions
Updated 2d ago
v1.0.0
MIT-0
@cxz9909
latest
Download

Credential Manager

STATUS: MANDATORY SECURITY FOUNDATION

Consolidate scattered API keys and credentials into a secure, centralized .env file.

⚠️ This Is Not Optional

Centralized .env credential management is a core requirement for OpenClaw security. If your credentials are scattered across multiple files, stop and consolidate them now.

THE RULE: All credentials MUST be in ~/.openclaw/.env ONLY. No workspace, no skills, no scripts directories.

See:

The Foundation

Every OpenClaw deployment MUST have:

~/.openclaw/.env (mode 600)

This is your single source of truth for all credentials. No exceptions.

Why?

  • Single location = easier to secure
  • File mode 600 = only you can read
  • Git-ignored = won't accidentally commit
  • Validated format = catches errors
  • Audit trail = know what changed

Scattered credentials = scattered attack surface. This skill fixes that.

What This Skill Does

  1. Scans for credentials in common locations
  2. Backs up existing credential files (timestamped)
  3. Consolidates into ~/.openclaw/.env
  4. Secures with proper permissions (600)
  5. Validates security and format
  6. Enforces best practices
  7. Cleans up old files after migration

Detection Parameters

The skill automatically detects credentials by scanning for:

File Patterns:

  • credentials.json files in config directories
  • .env files
  • Memory files with -creds or credentials in the name

Sensitive Key Patterns:

  • API keys, access tokens, bearer tokens
  • Secrets, passwords, passphrases
  • OAuth consumer keys
  • Private keys, signing keys, wallet keys
  • Mnemonics and seed phrases

Security Checks:

  • File permissions (must be 600)
  • Git-ignore protection
  • Format validation

Quick Start

Full Migration (Recommended)

# Scan for credentials
./scripts/scan.py

# Review and consolidate
./scripts/consolidate.py

# Validate security
./scripts/validate.py

Individual Operations

# Scan only
./scripts/scan.py

# Consolidate specific service
./scripts/consolidate.py --service x

# Backup without removing
./scripts/consolidate.py --backup-only

# Clean up old files
./scripts/cleanup.py --confirm

Common Credential Locations

The skill scans these locations:

~/.config/*/credentials.json
~/.openclaw/workspace/memory/*-creds.json
~/.openclaw/workspace/memory/*credentials*.json
~/.env (if exists, merges)

Security Features

File permissions: Sets .env to mode 600 (owner only) ✅ Git protection: Creates/updates .gitignoreBackups: Timestamped backups before changes ✅ Validation: Checks format, permissions, and duplicates ✅ Template: Creates .env.example (safe to share)

Output Structure

After migration:

~/.openclaw/
├── .env                     # All credentials (secure)
├── .env.example             # Template (safe)
├── .gitignore               # Protects .env
├── CREDENTIALS.md           # Documentation
└── backups/
    └── credentials-old-YYYYMMDD/  # Backup of old files

Supported Services

Common services auto-detected:

  • X (Twitter): OAuth 1.0a credentials
  • Molten: Agent intent matching
  • Moltbook: Agent social network
  • Botchan/4claw: Net Protocol
  • OpenAI, Anthropic, Google: AI providers
  • GitHub, GitLab: Code hosting
  • Generic: API_KEY, *_TOKEN, *_SECRET patterns

See references/supported-services.md for full list.

Security Best Practices

See references/security.md for detailed security guidelines.

Quick checklist:

  • .env has 600 permissions
  • .env is git-ignored
  • ✅ No credentials in code or logs
  • ✅ Rotate keys periodically
  • ✅ Use separate keys per environment

Scripts

All scripts support --help for detailed usage.

scan.py

# Scan and report
./scripts/scan.py

# Include custom paths
./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds

# JSON output
./scripts/scan.py --format json

consolidate.py

# Interactive mode (prompts before changes)
./scripts/consolidate.py

# Auto-confirm (no prompts)
./scripts/consolidate.py --yes

# Backup only
./scripts/consolidate.py --backup-only

# Specific service
./scripts/consolidate.py --service molten

validate.py

# Full validation
./scripts/validate.py

# Check permissions only
./scripts/validate.py --check permissions

# Fix issues automatically
./scripts/validate.py --fix

cleanup.py

# Dry run (shows what would be deleted)
./scripts/cleanup.py

# Actually delete old files
./scripts/cleanup.py --confirm

# Keep backups
./scripts/cleanup.py --confirm --keep-backups

Migration Workflow

Step 1: Discovery

./scripts/scan.py

Review output to see what will be migrated.

Step 2: Backup & Consolidate

./scripts/consolidate.py

Creates backups, builds .env, sets permissions.

Step 3: Validation

./scripts/validate.py

Ensures everything is secure and correct.

Step 4: Test Test your applications/skills with the new .env file.

Step 5: Cleanup

./scripts/cleanup.py --confirm

Removes old credential files (backups remain).

For Skill Developers: Enforce This Standard

Other OpenClaw skills MUST validate credentials are secure before using them:

Python Skills

#!/usr/bin/env python3
import sys
from pathlib import Path

# Add credential-manager scripts to path
sys.path.insert(0, str(Path.home() / '.openclaw/skills/credential-manager/scripts'))

# Enforce secure .env (exits if not compliant)
from enforce import require_secure_env, get_credential

require_secure_env()

# Now safe to load credentials
api_key = get_credential('SERVICE_API_KEY')

Bash Skills

#!/usr/bin/env bash
set -euo pipefail

# Validate .env exists and is secure
if ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then
    exit 1
fi

# Now safe to load
source ~/.openclaw/.env

This creates a fail-fast system: If credentials aren't properly secured, skills refuse to run. Users are forced to fix it.

Loading Credentials

After migration, load from .env:

Python

import os
from pathlib import Path

# Load .env
env_file = Path.home() / '.openclaw' / '.env'
with open(env_file) as f:
    for line in f:
        if '=' in line and not line.strip().startswith('#'):
            key, val = line.strip().split('=', 1)
            os.environ[key] = val

# Use credentials
api_key = os.getenv('SERVICE_API_KEY')

Bash

# Load .env
set -a
source ~/.openclaw/.env
set +a

# Use credentials
echo "$SERVICE_API_KEY"

Using Existing Loaders

If you migrated using OpenClaw scripts:

from load_credentials import get_credentials
creds = get_credentials('x')

Adding New Credentials

Edit ~/.openclaw/.env:

# Add new service
NEW_SERVICE_API_KEY=your_key_here
NEW_SERVICE_SECRET=your_secret_here

Update template too:

# Edit .env.example
NEW_SERVICE_API_KEY=your_key_here
NEW_SERVICE_SECRET=your_secret_here

Rollback

If something goes wrong:

# Find your backup
ls -la ~/.openclaw/backups/

# Restore specific file
cp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \
   ~/.config/x/credentials.json

Notes

  • Non-destructive by default: Original files backed up before removal
  • Idempotent: Safe to run multiple times
  • Extensible: Add custom credential patterns in scripts
  • Secure: Never logs full credentials, only metadata

Comments

Loading comments...