← Back to Skills Marketplace
1282
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install secret-manager
Description
Manage API keys securely via GNOME Keyring and inject them into OpenClaw config.
Usage Guidance
This skill appears to do what it says: it uses libsecret (secret-tool) to store secrets and then updates OpenClaw config and the systemd user environment so the gateway can use them. Before installing/running, consider: 1) The script will write some keys into auth-profiles.json (plaintext in a config file) — back up that file and be aware of persistence risk. 2) It may source a .env file (SECRETS_ENV_FILE) and imports env vars into systemd user environment; that can make secrets visible to other user services. 3) It will stop/start the openclaw-gateway.service and run pkill inside a distrobox if present — this can be disruptive. 4) Confirm you trust the included script (review it line-by-line) and ensure secret-tool, python3, and systemctl user services behave as expected on your system. If you need stronger guarantees, consider modifying the script to avoid persisting secrets into JSON or avoid importing secrets into systemd environment.
Capability Analysis
Type: OpenClaw Skill
Name: secret-manager
Version: 1.0.0
The skill bundle is classified as benign. The `secret-manager.sh` script's actions, including storing API keys via `secret-tool`, modifying `auth-profiles.json` with Python, importing environment variables to systemd, and restarting the OpenClaw gateway service (including aggressive `pkill -9` within a Distrobox container), are all directly aligned with its stated purpose of securely managing API keys for OpenClaw. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` beyond the legitimate scope of the skill.
Capability Assessment
Purpose & Capability
Name/description ask for managing API keys and injecting them into OpenClaw; required binaries (secret-tool, systemctl, python3) and the script's behavior (store/lookup keys, patch auth-profiles.json, import environment, restart gateway) are consistent with that purpose.
Instruction Scope
The SKILL.md and secret-manager.sh remain within the stated scope (storing keys in libsecret, updating auth-profiles.json, importing env into systemd user, restarting the gateway). Two noteworthy behaviors to review before use: (1) the script will patch auth-profiles.json with key values (persisting credentials into a JSON file), and (2) it will source an optional SECRETS_ENV_FILE and import multiple env vars into the systemd user environment — both actions may cause sensitive data to exist in plaintext or become visible to other user processes.
Install Mechanism
This is an instruction-only skill with an included shell script; there is no network download/install step or installer that fetches remote code. Installation is a local copy/run of the script as described in SKILL.md.
Credentials
The skill does not request external credentials or extra environment variables in metadata. It manages a comprehensive set of sensitive keys (OpenAI, Gemini, Discord, Gateway auth token, LinkedIn cookies, Google OAuth client secret, etc.), which is coherent for a secret manager but worth noting. The script also optionally sources a user-specified .env file and imports those secrets into the systemd user environment — this can expose secrets to other user services and should be considered before use.
Persistence & Privilege
The skill runs with the invoking user's privileges, uses systemctl --user to import env and restart openclaw-gateway, and may enter a distrobox to kill processes and remove lock files. It does not set always:true, nor does it modify other skills. Restarting services and killing processes is a normal but privileged user-level operation; back up configs and confirm service names before running.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install secret-manager - After installation, invoke the skill by name or use
/secret-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - GNOME Keyring integration for secure API key management
Metadata
Frequently Asked Questions
What is Secret Manager?
Manage API keys securely via GNOME Keyring and inject them into OpenClaw config. It is an AI Agent Skill for Claude Code / OpenClaw, with 1282 downloads so far.
How do I install Secret Manager?
Run "/install secret-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Secret Manager free?
Yes, Secret Manager is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Secret Manager support?
Secret Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Secret Manager?
It is built and maintained by jswortz (@jswortz); the current version is v1.0.0.
More Skills