Keys Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent secrets manager, but it gives the agent workflows to reveal, export, inject, and sync local API keys, so users should review its boundaries before installing.
Use this skill only if you are comfortable letting an agent operate a local secrets manager. Verify the external `keys` CLI before installing, keep profiles narrowly scoped, avoid all-key export/injection unless necessary, do not run injected secrets into untrusted scripts or containers, and require explicit approval before revealing, exporting, syncing, or deleting keys.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or terminal session using this skill could reveal or pass many local secrets to other commands, especially on systems without biometric prompting.
The skill explicitly enables direct retrieval and all-key injection of local API keys, and documents that some environments have no authentication prompt.
keys get <name> # print value directly ... $(keys inject --all) ./my-script.sh # all keys from active profile ... On non-macOS systems or when biometrics are unavailable, access is allowed without prompting.
Install only if you want the agent to work with local secrets. Require explicit user confirmation before `get`, `expose`, `inject --all`, `env`, `sync`, or `nuke`, and keep secrets separated by minimal profiles.
If used with an untrusted script, image, shell history, or logging setup, secrets could be exposed outside the intended context.
The documented workflows intentionally pass secrets into shell commands, Docker containers, or the current shell environment.
$(keys inject API_KEY DB_HOST) ./my-script.sh ... docker run $(keys inject -d API_KEY DB_HOST) my-image ... eval $(keys expose)
Use injection only with trusted commands and containers. Avoid `--all` and `eval $(keys expose)` unless you understand where the environment variables will go.
The external CLI will handle API keys, so changes or compromise in that upstream package could affect stored secrets.
The required secrets-handling CLI is installed from an external tap or an unpinned Go module version.
brew install stym06/tap/keys ... go install github.com/stym06/keys@latest
Verify the `keys` project, review its source and releases, and prefer a pinned or audited version before storing important secrets.
Secrets may be transferred to another machine over a reachable network if sync is used.
The skill documents local-network transfer of secrets between machines, with discovery and a passphrase-based encryption flow.
Peer-to-peer sync over the local network. Auto-discovers peers via mDNS (Bonjour), encrypted with a one-time passphrase (AES-256-GCM). Works over WiFi, Tailscale, or any reachable network.
Use sync only on trusted networks, verify the target machine, protect the one-time passphrase, and avoid serving keys longer than necessary.