ClawHub

OpenClaw Credential Manager

v2.0.0

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Includes GPG encryption for high-value secrets, credential rotation tracking, deep scanning, and backup hardening. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments.

0· 1.8k·9 current·9 all-time
by@teeclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files and scripts align with a credential-consolidation tool (scan, consolidate, backup, encrypt, validate, cleanup). However there are mismatches: the SKILL metadata declares no required binaries/env but the code expects GPG (calls 'gpg') and uses an OPENCLAW_GPG_PASSPHRASE env var for automation. CONSOLIDATION-RULE.md also contains a hardcoded example path (/home/phan_harry/.openclaw/.env) which is inconsistent with the code that uses Path.home(). These are plausibly sloppy/documentation issues but are meaningful because they affect execution and safety.
!
Instruction Scope
Runtime instructions and included scripts scan many locations across the home directory (~/.config, ~/.local/share, workspace/skills, ~/.env, etc.), back up and then remove or delete scattered credential files as part of cleanup. That is within the stated purpose, but it's intrusive: cleanup.py can permanently delete files (requires explicit confirmation but has a --force flag), and consolidate.py writes/overwrites ~/.openclaw/.env and may replace plaintext keys with GPG placeholders. Also documentation prohibits credentials via environment variables/CLI in CORE-PRINCIPLE.md yet encrypt.py accepts OPENCLAW_GPG_PASSPHRASE via env var — a contradiction that could encourage insecure automation. Review and test in dry-run modes before any destructive step.
Install Mechanism
There is no install spec (instruction-only skill), which minimizes remote-code-fetch concerns. The package includes multiple local scripts (Python + shell) that will be executed by the user/agent. Because code is bundled, there is no network download at install time; still, those scripts will run arbitrary filesystem operations when invoked.
!
Credentials
The skill requests no credentials in metadata, but it intentionally scans for and consolidates a very wide range of secrets (AWS, GCP, DBs, wallets, OpenAI keys, Telegram/Discord tokens, etc.). That broad access is consistent with its purpose, yet it is high-privilege: the tool collects, moves, and can delete many different credential types. The use of OPENCLAW_GPG_PASSPHRASE env var (for automation) contradicts the 'never accept credentials from environment variables' rule in CORE-PRINCIPLE.md. Also the symmetric GPG approach requires a passphrase that must be protected — if provided by env var or stored insecurely it creates an exfiltration risk.
Persistence & Privilege
The skill is not marked always:true and does not request permanent agent-level privileges. It does create ~/.openclaw/ files (.env, .env.secrets.gpg, .env.meta, backups) and updates ~/.openclaw/.gitignore; that is expected for a credential manager. It does not appear to modify other skills' configs, but its enforcement language ("This is not optional") and the presence of an 'enforce' module that can refuse execution of other code until the .env policy is met means it could become operationally blocking; consider this behavioral impact when adopting.
What to consider before installing
This package contains real scripts that will scan your home directory for credentials, merge them into ~/.openclaw/.env, encrypt selected keys, and may delete the scattered credential files after backing them up. Before running anything: 1) Inspect the bundled scripts yourself (you have them) and confirm you trust the author — we see a hardcoded example path (/home/phan_harry) in docs which suggests the package was tailored or copied from another environment. 2) Do not run destructive commands yet — run scan.py and consolidate.py with dry-run/--backup-only modes and don't pass --confirm/--yes until you review backups. 3) Ensure 'gpg' is installed and understand the encryption model: this uses symmetric GPG (-c) with a passphrase (OPENCLAW_GPG_PASSPHRASE allowed) — supplying the passphrase via env var contradicts some documentation and can be insecure; prefer interactive entry or a secure secret manager. 4) Check backups produced in ~/.openclaw/backups before any cleanup and verify file permissions. 5) Consider alternatives (OS keyring/secret manager) for automated services that can't safely keep a GPG passphrase. If you want, I can: list the exact filesystem operations each script will perform, point out every place the code can delete or overwrite files, or produce a recommended safe run sequence (commands + flags) to evaluate outputs without destruction.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pn1qsy9htq65dj45e0sq1580y2x2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments