ClawHub

OpenClaw Secrets Hygiene

v1.0.0

Manage and audit OpenClaw secrets by coordinating gateway restarts, converting plaintext credentials to SecretRef format, and validating configuration accuracy.

0· 65·0 current·0 all-time
by@jlab1201
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (secrets hygiene, gateway coordination, SecretRef conversion) match the instructions: auditing, creating ~/.openclaw/secrets.json, updating openclaw.json/auth-profiles.json/models.json, running openclaw CLI commands and gateway health checks. The requested actions are what you'd expect for a secrets-migration/audit tool.
Instruction Scope
SKILL.md instructs the agent to run local OpenClaw CLI commands (openclaw secrets audit/reload/configure), edit OpenClaw config files under ~/.openclaw and agent directories, run curl against localhost for gateway health, and optionally test external integrations. These are within the declared purpose. Note: the instructions include an example Python script that reads/writes models.json in-place—users should review such changes and run them in a safe/staged environment.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk writes and arbitrary code installation risk.
!
Credentials
The registry metadata declares no required env vars, but the SKILL.md instructs setting OPENCLAW_GATEWAY_TOKEN for CLI operations and expects secrets (openai-api-key, brave-api-key, etc.) to be stored in ~/.openclaw/secrets.json. The token and the stored API keys are sensitive; the skill does not declare or document required environment variables or how tokens are to be provided or protected. Also, the instructions may require read/write access to agent directories (~/.openclaw/agents/*), which can contain other sensitive data—verify you want to grant that access.
Persistence & Privilege
Skill is not always-on and is user-invocable (normal). It requires the ability to modify config files and coordinate gateway restarts — operations that can disrupt service if misapplied. It does not request permission to change other skills or system-wide agent settings beyond its own configuration files.
Assessment
This skill appears coherent for migrating and auditing OpenClaw secrets, but proceed cautiously: - Back up all OpenClaw config files (openclaw.json, auth-profiles.json, models.json, ~/.openclaw) before making changes. - Review and run the provided scripts/edits in a staging environment first to avoid gateway downtime. - Treat OPENCLAW_GATEWAY_TOKEN and any API keys as sensitive: supply them securely, do not paste into chat logs, and ensure ~/.openclaw/secrets.json is file-permission protected (chmod 600). - Confirm that the local 'openclaw' CLI you will run is the legitimate binary for your environment. - If you have multiple agents, test the sequential gateway restart approach on one agent before bulk operations. - If you want higher assurance, request the skill author/source or a signed/reviewed version of these instructions and any scripts before applying them in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97akke3ejy6xycrm3rknfnde584n4as

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments