← Back to Skills Marketplace
Gateway Env Injector
by
Nissan Dookeran
· GitHub ↗
· v1.0.0
347
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install gateway-env-injector
Description
Safely inject API keys from 1Password into macOS LaunchAgent plists using PlistBuddy. Use when running OpenClaw on macOS and storing secrets in 1Password — a...
README (SKILL.md)
Gateway Environment Injector
Bake secrets from 1Password into macOS LaunchAgent plists without leaving plaintext keys on disk. Uses op read to fetch secrets and /usr/libexec/PlistBuddy to inject them directly into the plist's EnvironmentVariables block.
Why This Exists
launchctl setenvdoesn't inject into a plist's ownEnvironmentVariablesblock- Environment variables in
.zshrcaren't available to LaunchAgents - Plaintext key files are a security risk
- 1Password service accounts provide read-only, rotatable access
Usage
bash scripts/inject-gateway-env.sh
Reads each key from 1Password, injects into the gateway plist, then restarts the service.
What It Injects
Configurable list of op://Vault/Item/field references mapped to environment variable names. Modify the script's KEYS array for your setup.
Key Lesson
Changing the Node binary path (even to a symlink) can silently revoke macOS TCC permissions. Always keep the gateway plist locked to the Homebrew Cellar path, not an NVM symlink.
Files
scripts/inject-gateway-env.sh— Injection script with 1Password integration
Usage Guidance
This skill largely does what it says — it reads secrets from 1Password and writes them into the OpenClaw gateway's LaunchAgent plist. Important considerations before installing:
- The script contradicts its claim of 'avoiding plaintext keys on disk' by writing secrets (including the OP_SERVICE_ACCOUNT_TOKEN) into the plist at ~/Library/LaunchAgents/ai.openclaw.gateway.plist. That plist is stored on disk and may be readable by processes or users with access to your account. If your goal is to avoid persistent plaintext secrets, this approach is not achieving that.
- Consider whether the gateway truly needs the 1Password service account token in its environment. If not required, remove injecting OP_SERVICE_ACCOUNT_TOKEN from the script to reduce blast radius.
- Ensure the 1Password service account has minimal, read-only scope and rotate it regularly. Use strict filesystem permissions on ~/.config/openclaw/.op-service-token and on the plist file.
- Review whether you prefer ephemeral session-based access (op session tokens) rather than storing a persistent token file under ~/.config/openclaw.
- Be aware the script restarts the LaunchAgent (it will run the gateway with the injected env vars). Also note it sets OTLP_ENDPOINT to localhost:4317 (telemetry) and writes SHERPA paths—ensure those values are intended.
- If you want stronger guarantees against on-disk secrets, investigate alternatives such as: having the gateway integrate with 1Password at runtime, using macOS keychain APIs, or using launchctl setenv for ephemeral environment settings (though that has its own limits).
If you proceed, audit the plist file permissions after a run, limit the service account privileges, and consider removing injection of the OP_SERVICE_ACCOUNT_TOKEN from the script.
Capability Analysis
Type: OpenClaw Skill
Name: gateway-env-injector
Version: 1.0.0
The skill automates the extraction of multiple sensitive API keys (OpenAI, Anthropic, Gemini, etc.) from 1Password and injects them into a macOS LaunchAgent plist. While the script `scripts/inject-gateway-env.sh` performs its stated function, it involves high-risk credential handling and system persistence modification. Furthermore, the `SKILL.md` documentation contains a misleading security claim that it avoids plaintext keys on disk, when in fact `PlistBuddy` writes these secrets into a standard plist file in the user's Library folder.
Capability Assessment
Purpose & Capability
Name, description, required binaries (op, bash), and primaryEnv (OP_SERVICE_ACCOUNT_TOKEN) align with the actual behavior: the script reads secrets via the 1Password CLI and injects them into a LaunchAgent plist used by the OpenClaw gateway. The set of provider keys (OpenAI, Anthropic, Gemini, Mistral, HF, optional Voyage) are plausible for a gateway process.
Instruction Scope
SKILL.md and the included script instruct the agent to read a local token file (~/.config/openclaw/.op-service-token), call 'op read' for multiple items, and use /usr/libexec/PlistBuddy to add string entries into the gateway plist's EnvironmentVariables, then restart the LaunchAgent. The skill's text claims it 'avoids plaintext keys on disk', but the script writes secrets (including OP_SERVICE_ACCOUNT_TOKEN) into the plist file—creating persistent plaintext secrets on disk, which contradicts the stated security goal and increases exposure.
Install Mechanism
Instruction-only skill with a bundled Bash script; no remote downloads or install steps. The script is executed locally, so there is no high-risk install mechanism (no external archives or shortener URLs).
Credentials
Requesting OP_SERVICE_ACCOUNT_TOKEN is expected for reading 1Password. However, the script writes that same service-account token into the LaunchAgent plist, exposing the token to any process that can read the plist or the process environment. Injecting the service account token into the gateway may be unnecessary and disproportionate; other requested secrets (provider API keys) are reasonable for a gateway but also create persistent on-disk copies.
Persistence & Privilege
The skill is not always: true and is user-invocable; it restarts a LaunchAgent (expected for its purpose) but does not modify other skills or system-wide agent settings. It does create persistent changes to a LaunchAgent plist (intended), which is within scope but increases long-term exposure of secrets.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gateway-env-injector - After installation, invoke the skill by name or use
/gateway-env-injector - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of gateway-env-injector.
- Injects API keys from 1Password into macOS LaunchAgent plists using PlistBuddy.
- Prevents plaintext secrets on disk while ensuring LaunchAgents have required environment variables.
- Requires 1Password CLI (`op`) and Bash; uses service account token from environment.
- Customizable for your own 1Password items and desired environment variables.
- Designed for secure OpenClaw deployments on macOS.
Metadata
Frequently Asked Questions
What is Gateway Env Injector?
Safely inject API keys from 1Password into macOS LaunchAgent plists using PlistBuddy. Use when running OpenClaw on macOS and storing secrets in 1Password — a... It is an AI Agent Skill for Claude Code / OpenClaw, with 347 downloads so far.
How do I install Gateway Env Injector?
Run "/install gateway-env-injector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Gateway Env Injector free?
Yes, Gateway Env Injector is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Gateway Env Injector support?
Gateway Env Injector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Gateway Env Injector?
It is built and maintained by Nissan Dookeran (@nissan); the current version is v1.0.0.
More Skills