ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wundervault Vault

v1.0.3

Read passwords, API keys, and credentials from a Wundervault encrypted secret vault, and run vault-authorized shell commands with secrets injected — without...

0· 44· 4 versions· 0 current· 0 all-time· Updated 6h ago· MIT-0
by@snoweman

Wundervault Vault

Wundervault is an encrypted, self-hosted secret vault that exposes secrets to agents via MCP tools. Secrets never appear in chat — they are decrypted server-side and injected directly into commands or returned over the encrypted MCP channel.

Check Setup First

Before doing anything vault-related, check whether the vault tools are available:

  • vault_read — available? → vault is connected, proceed
  • If tools are missing → tell the user to install the MCP server (see INSTALL.md)

Tools

vault_read

Read a secret value from the vault by name.

vault_read(name: "MySecret")
→ { value: "..." }

Use for: retrieving API keys, tokens, passwords to use in subsequent steps.

vault_exec

Execute a command with a vault secret injected — the secret is never exposed in chat or logs.

vault_exec(name: "MySecret", command: "aws s3 ls --profile myprofile")

Two tiers:

  • Tier 1 (free): runs immediately, no confirmation needed
  • Tier 2 (session-locked): requires vault_session_unlock first — used for high-risk operations (deployments, publishes, infrastructure changes)

Shell escape sequences ($(), backticks, bash -c, eval) are hard-blocked before the secret is decrypted. Do not attempt to use them.

vault_session_unlock

Unlock Tier 2 execution for the current session. Call this before vault_exec on a Tier 2 entry.

vault_session_unlock()
→ { unlocked: true, expires_at: "..." }

Common Patterns

Read a secret and use it in your own command:

vault_read(name: "ResendApiKey")
→ use value in subsequent HTTP call

Run a command with secret injected (Tier 1):

vault_exec(name: "AwsKey", command: "aws s3 sync ./dist s3://mybucket")

Tier 2 flow (e.g. npm publish, deploy):

1. vault_session_unlock()
2. vault_exec(name: "NpmToken", command: "npm publish --access public")

Security Notes

  • Secrets are end-to-end encrypted in the vault; the agent receives only what it needs
  • The inject_as parameter on vault entries controls how the secret is passed (env var name, CLI flag prefix, etc.)
  • Tier 2 entries are configured by the vault owner — the agent cannot escalate a Tier 1 entry to Tier 2

More Info

Version tags

latestvk9742w1eahm5ffhe9c8ty33z8185rj7e