← Back to Skills Marketplace
1181
Downloads
3
Stars
12
Active Installs
5
Versions
Install in OpenClaw
/install vault
Description
Secure local password storage tool with AES-256-GCM encryption. Store, retrieve, and manage passwords with CLI commands.
Usage Guidance
This plugin appears to implement what it claims: a local AES-256-GCM encrypted vault. Before installing, consider the following:
- Keep the master key secret and do not commit it to source control; if you place it in the OpenClaw config file that config will contain a persistent secret.
- The vault stores encrypted data at ~/.vault/passwords.json by default—set strict file permissions (chmod 600) and add the directory to .gitignore.
- Backup your master key; losing it will make stored passwords unrecoverable.
- The code runs locally and contains no network calls, but only install if you trust the plugin source (verify the GitHub repo and author). For high-value secrets, prefer a well-audited password manager or cryptographic audit.
Capability Analysis
Type: OpenClaw Skill
Name: vault
Version: 1.1.2
The OpenClaw Vault skill bundle provides a secure local password storage tool using AES-256-GCM encryption. The `index.js` code correctly implements strong cryptographic practices, including scrypt for key derivation with a random 32-byte salt per password, and a random 12-byte IV per password, as detailed in `SKILL.md` and `README.md`. It explicitly requires a `VAULT_MASTER_KEY` (from environment or config) and throws an error if not set, preventing insecure operation. Data is stored locally in the user's home directory (`~/.vault/passwords.json`) and there are no external network calls, shell injections, or suspicious dependencies (`package.json` lists no dependencies). The `CHANGELOG.md` transparently documents a past critical security fix regarding fixed salt, indicating a commitment to security rather than malicious intent. All instructions in `SKILL.md` and `README.md` are benign and align with the stated purpose.
Capability Assessment
Purpose & Capability
Name/description, required binaries (node, npm), required env var (VAULT_MASTER_KEY), and bundled code all align with implementing a local Node-based password vault. Requested items are proportional to the stated purpose.
Instruction Scope
SKILL.md instructs only to set a master key and use the CLI; the runtime code only reads the plugin config, the VAULT_MASTER_KEY env var, and a storage file under the user's home directory. There are no instructions to read unrelated files, query external endpoints, or exfiltrate data.
Install Mechanism
No install script or external downloads are declared; package has no external dependencies. The skill is instruction + bundled source only, which is the lowest install risk profile.
Credentials
Only VAULT_MASTER_KEY is required (declared in both SKILL.md and openclaw.plugin.json). No additional unrelated secrets or config paths are requested. Note: storing masterKey in a persistent config would persist a secret—SKILL.md explicitly shows this option.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent settings. It registers itself via the normal API and does not request elevated or persistent platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vault - After installation, invoke the skill by name or use
/vault - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
fix: Address security audit feedback - Use random salt per password, 12-byte IV for GCM, declare required VAULT_MASTER_KEY in registry
v1.1.1
fix: Address security audit feedback - Use random salt per password, 12-byte IV for GCM, declare required VAULT_MASTER_KEY in registry
v1.1.0
feat: Add AES-256-GCM encryption for password storage. BREAKING CHANGE: Master key is now required.
v1.0.1
Clarified plain text storage, removed unimplemented encryption option, added explicit security warnings
v1.0.0
- Initial release of vault 1.0.0
- Securely store, retrieve, and manage passwords or API keys locally via a simple CLI
- JSON-based local storage with automatic timestamp tracking
- Optional configuration for custom storage file location
- Note: Passwords are stored in plain text—ensure proper file permissions and do not commit storage file to version control
Metadata
Frequently Asked Questions
What is Vault?
Secure local password storage tool with AES-256-GCM encryption. Store, retrieve, and manage passwords with CLI commands. It is an AI Agent Skill for Claude Code / OpenClaw, with 1181 downloads so far.
How do I install Vault?
Run "/install vault" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vault free?
Yes, Vault is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Vault support?
Vault is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vault?
It is built and maintained by zuiho (@zuiho-kai); the current version is v1.1.2.
More Skills