ClawHub

Keys

v1.0.0

Secure API key management with broker. Keys never exposed to agent context.

2· 939·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (key broker) matches what is included: a shell script that reads keys from the OS keychain (macOS 'security', Linux 'secret-tool') and issues HTTPS requests to pre-allowed service domains. Required binaries (curl, jq, bash) are appropriate.
Instruction Scope
SKILL.md and associated docs instruct the agent to call the broker for API calls and to manage keys via local keyring tools. The runtime instructions do not ask the agent to read unrelated files, environment variables, or send data to unexpected endpoints. The script itself performs limited checks (reads /proc/* for environment detection) which are reasonable for determining supportability.
Install Mechanism
No remote download/install is performed by the skill; installation is a local copy (docs show cp to ~/.local/bin). No external archives or third-party packages are fetched by the skill.
Credentials
No environment variables or external credentials are requested. Keys are retrieved from the OS keychain/keyring only. The number and type of system accesses (security/secret-tool, DBUS check) are proportional to the stated goal.
Persistence & Privilege
Skill is not always:true and does not modify other skills or system-wide agent settings. It runs as an on-demand local binary that accesses only the user's keychain; autonomous invocation is allowed by default but that is expected behavior for skills.
Assessment
This skill appears to implement a local key broker correctly and does not include hidden network endpoints or downloads. Before installing, verify the script file yourself (it is included) and only install from a source you trust. Important cautions: (1) any API key you store gives the agent the power to act as you (e.g., charge via Stripe, push to GitHub) — use least-privilege tokens and rotate them if possible; (2) do not add untrusted services to ALLOWED_URLS (editing the allowlist is how exfiltration could be enabled); (3) only use on supported desktop systems with a locked keyring (macOS Keychain or GNOME/KDE keyring) as documented; (4) ensure ~/.local/bin/keys-broker is installed with correct ownership/permissions and inspect temporary files/cleanup policy if you have high-security requirements. If you want higher assurance, run the broker under a dedicated account or use tokens scoped to minimal privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk9773xcz33pvx46v77kknnap1d80y2np

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔑 Clawdis
OSLinux · macOS
Binscurl, jq, bash

Comments