← Back to Skills Marketplace
achikochikorogaru

Infisical Reader

by Jau Hofu · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
36
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install infisical-reader
Description
Direct REST API reader for Infisical secrets. Lightweight, no middleware. Use when the agent needs to fetch API keys or credentials from Infisical.
README (SKILL.md)

Infisical

Read secrets from Infisical via REST API.

User Setup

  1. Create Machine Identity: Organization → Access Control → Machine Identities.
  2. Add Universal Auth to the identity → save Client ID + Client Secret.
  3. Grant identity access to each project: Project Settings → Access Control → Identities → add as Member.
  4. Store credentials in ~/.openclaw/.env:
INFISICAL_CLIENT_ID=\x3Cclient-id>
INFISICAL_CLIENT_SECRET=***

Agent Workflow

  1. POST /api/v1/auth/universal-auth/login{"clientId":"...","clientSecret":"***"}accessToken
  2. GET /api/v1/workspace → list projects (id, slug, environments)
  3. GET /api/v3/secrets/raw?workspaceId=\x3Cid>&environment=\x3Cenv>&secretPath=/ → secrets

Script

# List projects
python3 {baseDir}/scripts/infisical.py --list-projects

# Read all secrets
python3 {baseDir}/scripts/infisical.py -w \x3CworkspaceId> -e prod

# Get single secret (raw value)
python3 {baseDir}/scripts/infisical.py -w \x3Cwid> -e prod -k OPENAI_API_KEY --raw

Requires INFISICAL_CLIENT_ID and INFISICAL_CLIENT_SECRET in ~/.openclaw/.env.

Notes

  • Use workspaceId (not projectSlug) — slug may not work in all API versions.
  • Tokens are short-lived; re-authenticate each session.
  • Too many failed logins temporarily locks Universal Auth.
  • Free tier: up to 5 Machine Identities.
  • Detailed API reference: see {baseDir}/references/api.md
Usage Guidance
Install only if you trust the publisher and intend to let an agent access your Infisical secrets. Use a least-privilege Machine Identity, restrict it to only needed projects and environments, avoid bulk or JSON secret dumps, and do not ask the agent to print raw secrets unless absolutely necessary.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The stated purpose is coherent: it reads Infisical secrets via REST API. The concern is that this is high-impact credential access, including commands for reading all secrets and raw single-secret values.
Instruction Scope
The activation language is broad and does not require explicit user confirmation, a named workspace/environment, or a specific secret before retrieval. The script also supports unmasked JSON output for bulk secret listings.
Install Mechanism
The artifact contains documentation and one Python script. No install hooks, package installation steps, background services, or automatic execution paths were found.
Credentials
Using Infisical client credentials and outbound calls to app.infisical.com is expected for this purpose, and credentials are read from environment variables or ~/.openclaw/.env as documented.
Persistence & Privilege
The skill instructs users to store long-lived Infisical client credentials locally and then uses them to obtain bearer tokens. There is no hidden persistence, but the privilege level is sensitive and the handling guidance is thin.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install infisical-reader
  3. After installation, invoke the skill by name or use /infisical-reader
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: direct REST API secret reader for Infisical
Metadata
Slug infisical-reader
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Infisical Reader?

Direct REST API reader for Infisical secrets. Lightweight, no middleware. Use when the agent needs to fetch API keys or credentials from Infisical. It is an AI Agent Skill for Claude Code / OpenClaw, with 36 downloads so far.

How do I install Infisical Reader?

Run "/install infisical-reader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Infisical Reader free?

Yes, Infisical Reader is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Infisical Reader support?

Infisical Reader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Infisical Reader?

It is built and maintained by Jau Hofu (@achikochikorogaru); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments