← Back to Skills Marketplace
aehrt55

Manage Secrets

by Xin · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
76
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install manage-secrets
Description
Set or update environment secrets via the set-secret GitHub Actions workflow. Use when the user asks to update, rotate, or set a secret/token/API key for thi...
README (SKILL.md)

Manage Secrets — Self-Service Secret Updates

Trigger the set-secret.yml workflow in the env repo to set or update an environment secret for this persona. The workflow decrypts the SOPS-encrypted secrets.yaml, injects the key/value under envSecrets, re-encrypts, and pushes the change — which triggers a deploy.

Required Environment Variables

  • AGENT_GITHUB_PAT — a fine-grained PAT with Actions write permission on the env repo. There is no fallback; the PAT must be present.
  • MANAGE_SECRETS_GITHUB_REPO — the GitHub owner/repo of the env repo that contains set-secret.yml (e.g., myorg/myapp-env).
if [[ -z "$AGENT_GITHUB_PAT" ]]; then
  echo "ERROR: AGENT_GITHUB_PAT is not set. Cannot authenticate to trigger set-secret workflow." >&2
  exit 1
fi
if [[ -z "$MANAGE_SECRETS_GITHUB_REPO" ]]; then
  echo "ERROR: MANAGE_SECRETS_GITHUB_REPO is not set. Cannot determine target repo." >&2
  exit 1
fi
export GITHUB_TOKEN="$AGENT_GITHUB_PAT"

Trigger Set-Secret

export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh workflow run set-secret.yml \
  --repo "$MANAGE_SECRETS_GITHUB_REPO" \
  -f persona=\x3CPERSONA> \
  -f secret_key=\x3CKEY> \
  -f secret_value=\x3CVALUE>

Where:

  • \x3CPERSONA> is this agent's persona name. Determine it from the Tailscale hostname (tailscale status --self --json | jq -r .Self.HostName → strip the moltbot- prefix) or the Kubernetes namespace (moltbot-\x3Cpersona>)
  • \x3CKEY> must match ^[A-Z][A-Z0-9_]*$ (e.g., TELEGRAM_BOT_TOKEN, GOOGLE_API_KEY)
  • \x3CVALUE> is the secret value to set

Monitor Workflow Status

After triggering, wait a few seconds then check status:

export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh run list \
  --repo "$MANAGE_SECRETS_GITHUB_REPO" \
  --workflow set-secret.yml \
  --limit 3

To watch a specific run until completion:

export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh run watch \x3CRUN_ID> \
  --repo "$MANAGE_SECRETS_GITHUB_REPO"

RBAC

The workflow enforces an RBAC matrix that maps GitHub usernames to allowed personas. Each persona's GitHub user can only set secrets for its own persona; admin users have wildcard access to all personas. Check the set-secret.yml workflow source for the current RBAC matrix.

Example RBAC structure:

{
  "admin-user": ["*"],
  "bot-user[bot]": ["*"],
  "persona-a-user": ["persona-a"],
  "persona-b-user": ["persona-b"]
}

Important Notes

  • The workflow runs with concurrency: { group: set-secret, cancel-in-progress: false } — concurrent dispatches are serialized, not cancelled
  • The secret key must already be a valid uppercase env var name; the workflow rejects invalid formats
  • After the workflow commits, it pushes to main, which triggers the deploy workflow for the affected persona
  • AGENT_GITHUB_PAT and MANAGE_SECRETS_GITHUB_REPO must be set in the environment; the skill has no fallback
  • If the secret value is unchanged, the workflow exits cleanly with no commit
Usage Guidance
This skill declares a reasonable capability (trigger a set-secret workflow) but has implementation/metadata inconsistencies and notable privileges. Before installing or enabling it: 1) Verify the skill metadata is corrected to list AGENT_GITHUB_PAT and MANAGE_SECRETS_GITHUB_REPO so you know what will be required. 2) Inspect the target repository's set-secret.yml and any SOPS/decryption steps to confirm the workflow's exact actions, RBAC checks, and what keys the workflow uses to decrypt secrets. 3) Ensure the PAT you provide is minimal-scoped (fine-grained, limited to the specific repo and Actions permissions only) and not an org-wide or user-admin token; consider using a machine user with constrained rights. 4) Consider requiring human approval / making the skill user-invocable (or disabling autonomous invocation) so secrets are not rotated/changed automatically. 5) Confirm which CLIs the agent will call (gh, tailscale, jq, kubectl) and whether you are comfortable allowing the agent to access local tailscale/k8s state to determine persona. 6) Test in a non-production repo/environment first, and rotate the PAT after testing. If you cannot inspect the workflow source or cannot supply a tightly-scoped PAT, do not enable this skill.
Capability Analysis
Type: OpenClaw Skill Name: manage-secrets Version: 1.0.0 The skill 'manage-secrets' allows an agent to update environment secrets by triggering a GitHub Actions workflow using a high-privilege Personal Access Token (AGENT_GITHUB_PAT). While the functionality is aligned with its stated purpose of self-service secret management, it involves high-risk behaviors such as repository write access and the handling of sensitive credentials. Furthermore, the instructions in SKILL.md direct the agent to pass secret values as raw command-line arguments to the 'gh' CLI, which is a security vulnerability that could expose secrets in process logs or shell history.
Capability Assessment
Purpose & Capability
The SKILL.md clearly requires AGENT_GITHUB_PAT (a PAT with Actions write permission) and MANAGE_SECRETS_GITHUB_REPO, which are essential for its stated purpose. However, the registry metadata for the skill declares no required environment variables or primary credential — a direct mismatch. Asking for a GitHub PAT and repo is plausible for a secret-management workflow, but the metadata omission is inconsistent and misleading.
Instruction Scope
The runtime instructions tell the agent to run gh workflow/run/watch and to derive the persona from local system state (tailscale status --self --json | jq..., or Kubernetes namespace), which reads local tools/state outside the GitHub interaction. The SKILL.md also assumes presence of gh, tailscale, jq, and possibly kubectl, but those binaries are not declared. The instructions will cause the agent to set GITHUB_TOKEN from AGENT_GITHUB_PAT and trigger a workflow that decrypts and re-encrypts repo secrets and pushes to main — behavior consistent with the purpose but broad in side effects (commit + deploy).
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written to disk by the skill package itself — low install-surface risk. However, it depends on external CLIs (gh, tailscale, jq, possibly kubectl) being present; those are not installed or declared by the skill, creating a hidden operational dependency that could confuse operators.
Credentials
Requesting AGENT_GITHUB_PAT (Actions write permission) and a target repo is proportionate to triggering a set-secret workflow, but the token is powerful: it can be used to run workflows and potentially perform other repo actions depending on its scope. The skill metadata does not declare these required env vars (so consumers may not realize they are needed or what level of privilege is required). The instructions also read local state (tailscale/k8s) which implies additional implicit access to system tools/config.
Persistence & Privilege
always:false (good) but user-invocable:false plus disable-model-invocation:false means the agent can autonomously invoke this skill (not directly user-triggered). Combined with access to a GitHub PAT that can change repo secrets and trigger deploys, autonomous invocation increases risk that secrets could be changed without explicit human approval. The skill does not request persistent installation privileges, but its ability to commit to main and trigger deploys is a high-impact side effect.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install manage-secrets
  3. After installation, invoke the skill by name or use /manage-secrets
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the manage-secrets skill: - Enables setting or updating environment secrets through the set-secret GitHub Actions workflow. - Requires `AGENT_GITHUB_PAT` (PAT with Actions write permission) and `MANAGE_SECRETS_GITHUB_REPO` (target env repo). - Triggers a secure workflow to update SOPS-encrypted `secrets.yaml` and automatically deploy changes. - Enforces RBAC, allowing only permitted GitHub users to manage secrets for designated personas. - Includes guidance for monitoring workflow status and key validation rules.
Metadata
Slug manage-secrets
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Manage Secrets?

Set or update environment secrets via the set-secret GitHub Actions workflow. Use when the user asks to update, rotate, or set a secret/token/API key for thi... It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.

How do I install Manage Secrets?

Run "/install manage-secrets" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Manage Secrets free?

Yes, Manage Secrets is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Manage Secrets support?

Manage Secrets is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Manage Secrets?

It is built and maintained by Xin (@aehrt55); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments