← Back to Skills Marketplace
zscole

Openclaw

by zscole · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
3175
Downloads
3
Stars
55
Active Installs
1
Versions
Install in OpenClaw
/install openclaw
Description
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, and prompt injection defense.
Usage Guidance
Before installing, confirm you meant to install the Bagman/Openclaw key-management guide. Treat wallet, session-key, environment-variable, and git history-rewrite snippets as templates to adapt carefully, preferably with test funds, short-lived least-privilege credentials, human approval for transfers, monitoring, and coordinated incident-response procedures.
Capability Analysis
Type: OpenClaw Skill Name: openclaw Version: 1.0.0 This skill bundle is entirely focused on implementing robust security measures for AI agents handling sensitive data. It provides comprehensive guidance and code examples for secure secret management (using 1Password CLI), preventing key leakage (output sanitization, git pre-commit hooks, .gitignore), and defending against prompt injection attacks (input validation, operation allowlisting, isolation). All instructions and code are designed to enhance agent security, with no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The artifact purpose is coherent: it teaches secure key, wallet, session-key, leak-prevention, and prompt-injection defense patterns. There is a naming mismatch between marketplace metadata using Openclaw and the artifact frontmatter/name Bagman, so users should verify they intended this specific skill.
Instruction Scope
The instructions include high-impact examples for secret retrieval, wallet session keys, environment injection, and git history rewrite. These are aligned with the security-training purpose, but several examples would benefit from stronger warnings and tighter scoping before production use.
Install Mechanism
The bundle contains markdown files only and declares the 1Password CLI as a required binary; it does not include executable install scripts, background workers, or automatic setup behavior.
Credentials
Use of 1Password, vaults, secret scanning, output sanitization, and session keys is proportionate to a key-management guide. Some fallback examples expose plaintext or environment-based secrets transiently, which is a documentation caution rather than hidden behavior.
Persistence & Privilege
The skill discourages storing raw keys in files, logs, or agent memory and recommends delegated session keys with expiry and revocation. Its incident-response git rewrite example is powerful and should be treated as destructive unless coordinated.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw
  3. After installation, invoke the skill by name or use /openclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Bagman: secure key management patterns for AI agents. - Introduces a framework for handling private keys, API secrets, and wallet credentials with robust leak prevention and prompt injection defenses. - Enforces session-based access using 1Password CLI, never storing raw keys in env files, config, or agent memory. - Provides validated workflows, code snippets, and architecture diagrams for agent wallet access and key lifecycle management. - Includes output sanitization routines and pre-commit git hooks to prevent accidental secret leaks. - Outlines input validation strategies and isolation patterns to defend against prompt injection.
Metadata
Slug openclaw
Version 1.0.0
License
All-time Installs 58
Active Installs 55
Total Versions 1
Frequently Asked Questions

What is Openclaw?

Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, and prompt injection defense. It is an AI Agent Skill for Claude Code / OpenClaw, with 3175 downloads so far.

How do I install Openclaw?

Run "/install openclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw free?

Yes, Openclaw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw support?

Openclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw?

It is built and maintained by zscole (@zscole); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments