Secrets Vault
ReviewAudited by ClawScan on May 10, 2026.
Overview
The vault concept is legitimate, but the artifacts show risky credential-handling guidance, an unsafe session design, and advertised secret features whose code is not included for review.
Review carefully before installing. If you use it, enter secrets interactively instead of on the command line, do not rely on the advertised sharing/injection/audit features until their code is included and reviewed, use a strong master password, and avoid syncing or committing any session, share, .env, or decrypted secret files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Secrets could leak locally before they are encrypted into the vault.
The skill documents adding real API keys and passwords as command-line arguments. For a secrets manager, this is risky because command arguments may be recorded in shell history, process listings, terminal logs, or CI logs.
python scripts/secrets_manager.py add api.openai \ --type api_key \ --key sk-xxxxxxxx ... --password secret123
Prefer interactive prompts, stdin, or a secure OS keychain flow for entering secret values; clearly warn users not to pass real secrets as command-line flags.
If that session file is created and exposed, an attacker could guess the vault password much faster than by attacking the PBKDF2-protected vault file directly.
The code attempts to store a SHA-256 hash of the vault master password in a persistent session file. Even though the visible imports suggest this path may currently fail because hashlib is not imported, the intended design would create a fast offline verifier for the master password.
SESSION_FILE = VAULT_DIR / '.session' ... 'password_hash': hashlib.sha256(self.master_password.encode()).hexdigest()
Do not persist unsalted master-password hashes. Require re-entry, use an OS keychain, or use a short-lived session token that cannot be used to verify password guesses.
A user or agent may rely on nonexistent or unreviewed code for exporting or sharing secrets.
SKILL.md advertises these high-impact secret export, sharing, and auditing scripts, but the provided manifest contains only SKILL.md, scripts/crypto_utils.py, and scripts/secrets_manager.py. The advertised behavior is therefore not reviewable in the supplied artifacts.
| `inject_env.py` | Environment variable injection | | `share.py` | Secure sharing functionality | | `audit.py` | Password security auditing |
Include all referenced scripts in the package, remove unsupported feature claims, and declare dependencies and install paths explicitly.
The vault remains sensitive even when encrypted; a weak master password plus cloud or repository exposure could compromise stored secrets.
Persisting an encrypted vault is purpose-aligned, but the documentation encourages syncing that sensitive file through cloud or Git-backed locations.
The vault file is stored at `~/.secrets-vault/vault.enc` and can be synced: iCloud, Dropbox/Google Drive, Git
Use a strong unique master password, avoid syncing session/share metadata, and never commit auxiliary secret files or decrypted outputs.