← Back to Skills Marketplace
rsdouglas

Janee

by rsdouglas · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
2608
Downloads
1
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install janee
Description
Secrets management for AI agents. Never expose your API keys again.
README (SKILL.md)

Janee

Secrets management for AI agents. Store API keys encrypted, make requests through Janee, never touch the real key.

Why Use Janee?

Most skills tell you to store API keys in plaintext config files. One prompt injection, one leaked log, one compromised session — and your keys are exposed.

Janee fixes this:

  • Keys encrypted at rest — not plaintext JSON
  • Agent never sees the real key — requests go through Janee
  • Path-based policies — restrict what endpoints can be called
  • Full audit trail — every request logged
  • Kill switch — revoke access without rotating keys

Install

npm install -g @true-and-useful/janee
janee init

Add a Service

janee add

Follow the prompts to add your API credentials. Keys are encrypted automatically.

Use in Your Agent

Instead of calling APIs directly with your key, call them through Janee:

# Old way (dangerous):
curl -H "Authorization: Bearer sk_live_xxx" https://api.stripe.com/v1/balance

# Janee way (safe):
# Agent calls execute(capability, method, path) via MCP
# Janee injects the key, agent never sees it

OpenClaw Integration

Install the OpenClaw plugin for native tool support:

openclaw plugins install @true-and-useful/janee-openclaw

Your agent now has:

  • janee_list_services — see available APIs
  • janee_execute — make requests through Janee
  • janee_reload_config — hot-reload after config changes

Example: Secure Moltbook Access

Instead of storing your Moltbook key in ~/.config/moltbook/credentials.json:

janee add moltbook -u https://www.moltbook.com/api/v1 -k YOUR_KEY

Then use Janee to post:

# Your agent calls:
janee_execute(service="moltbook", method="POST", path="/posts", body=...)

Your Moltbook key stays encrypted. Even if your agent is compromised, the key can't be exfiltrated.

Config Example

services:
  stripe:
    baseUrl: https://api.stripe.com
    auth:
      type: bearer
      key: sk_live_xxx  # encrypted

  moltbook:
    baseUrl: https://www.moltbook.com/api/v1
    auth:
      type: bearer
      key: moltbook_sk_xxx  # encrypted

capabilities:
  stripe_readonly:
    service: stripe
    rules:
      allow: [GET *]
      deny: [POST *, DELETE *]

  moltbook:
    service: moltbook
    ttl: 1h
    autoApprove: true

Architecture

┌─────────────┐      ┌──────────┐      ┌─────────┐
│  AI Agent   │─────▶│  Janee   │─────▶│   API   │
│             │ MCP  │          │ HTTP │         │
└─────────────┘      └──────────┘      └─────────┘
      │                   │
   No key           Injects key
                    + logs request

Links

Usage Guidance
What to check before installing or using this skill: - Master key handling: inspect src/core/crypto.ts and the init flow. The init template writes a 'masterKey' into ~/.janee/config.yaml. If the master key is stored in the same file as the encrypted credentials, encryption provides no protection — a compromise of that file yields immediate key exposure. Require the author to explain where the master key is stored and to use a proper OS-level key store (e.g., macOS Keychain, Windows DPAPI, Linux kernel keyring) or at minimum keep the master key separate and not in the same plaintext config. - Binary provenance: the OpenClaw plugin spawns a subprocess by executing the 'janee' binary. The registry metadata did not declare a required binary; ensure you actually install the npm package from a trusted source and verify the package contents (and checksums) before running. A malicious 'janee' binary would run as your user. - Audit the code that performs decryption and network access (src/core/* and MCP server code). Confirm network endpoints and any optional LLM integration do not leak secrets to third-party services. The template shows optional LLM provider configuration that can read an env var (e.g., OPENAI_API_KEY) — if you enable such features, be explicit about required env vars and trust boundaries. - File permissions and logs: the code sets config and logs directories with 0700/0600 modes — good practice. Still review where logs are written (~/.janee/logs) as they contain request metadata and may include agent-provided 'reason' text. Ensure logs do not accidentally include plaintext keys. - Least privilege and policies: the rule/policy system appears coherent (deny-before-allow), but test it thoroughly (unit tests included). For sensitive services, prefer narrow capabilities and require human approval (requiresReason) and consider running Janee in an isolated account or container to limit blast radius. - If you cannot confirm the masterKey handling and binary provenance, treat the project as untrusted. Ask the author/maintainer to clarify and fix: (1) do not store the master decryption key in the same config file as ciphertext, (2) declare the required binary/runtime in metadata, and (3) document network endpoints and any optional external services. Confidence: high that these inconsistencies are real from the provided sources; resolving them would change the assessment to benign if the master key storage and binary provenance issues are fixed and documented.
Capability Analysis
Type: OpenClaw Skill Name: janee Version: 0.1.2 The OpenClaw AgentSkills skill bundle for Janee is designed as a security tool for AI agents, focusing on secrets management and API access control. It encrypts API keys at rest, prevents agents from directly accessing keys, enforces path-based access policies, and maintains a full audit log of all API requests. The code demonstrates strong security practices, including the use of AES-256-GCM encryption for secrets, restrictive file permissions (0o600/0o700) for configuration and logs in `~/.janee/`, and safe URL construction to prevent injection. The `SKILL.md` and `README.md` documentation clearly outlines these security features and does not contain any instructions that could lead to prompt injection or malicious agent behavior. All network and file access is directly aligned with its stated purpose of securely proxying API calls.
Capability Assessment
Purpose & Capability
The repo and SKILL.md describe an MCP-based secrets proxy (Janee) and an OpenClaw plugin that spawns the Janee process. However the skill metadata declares no required binaries while the plugin code expects a global 'janee' executable (it spawns `janee serve`). Also the init template writes a 'masterKey' into the same config file it uses to store services, which would negate encryption-at-rest if the master key and encrypted data are colocated. These are direct mismatches between the stated security purpose and what the implementation does/assumes.
Instruction Scope
SKILL.md instructs installing npm package globally, running `janee init` (which writes ~/.janee/config.yaml containing a masterKey), adding services, and starting `janee serve`. That scope is reasonable for a local secrets proxy — but the init behavior (inserting a generated masterKey into the config file) contradicts 'keys encrypted at rest' because the key used to decrypt would live next to the ciphertext. The OpenClaw plugin will also spawn a subprocess (`janee serve`) and communicate via stdio; this grants the plugin the ability to run arbitrary code as the user if the installed binary is compromised.
Install Mechanism
There is no registry install spec in the skill metadata (instruction-only), but SKILL.md and package.json expect global npm installation (`npm install -g @true-and-useful/janee`). That is a normal install method, but the registry metadata not listing the required binary is an oversight. The package sources are present in the bundle (package.json, package-lock), not a remote URL install, so install risk is the usual npm-package provenance risk rather than a mysterious remote download.
Credentials
The skill declares no required environment variables, which is plausible for a local-only tool. However the example config template includes an optional LLM provider section that references 'apiKey: env:OPENAI_API_KEY' — that is optional but not surfaced as a required env var. The biggest proportionality problem: the init writes a generated masterKey into config.yaml (mode 0600) — storing the decryption key alongside (or inside) what is supposed to be 'encrypted at rest' is disproportionate to the stated security goal and undermines the protection model.
Persistence & Privilege
The skill does not request 'always: true' and uses the normal plugin model. It registers tools that let an agent request actions via the Janee MCP server; that autonomous invocation is expected for this kind of plugin. Note that the OpenClaw plugin will spawn and manage a local 'janee' subprocess (user-level), so the plugin effectively grants the agent an RPC to a process on the user's machine — appropriate for the purpose but worth auditing because it runs as the user.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install janee
  3. After installation, invoke the skill by name or use /janee
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Improved SKILL.md with architecture diagram and examples
v0.1.1
- Initial public release of Janee (v0.1.1): secure API credential management for AI agents via MCP. - Adds encrypted storage for API keys, protecting them from exposure in prompts or config files. - Introduces fine-grained path-based access policies and audit logging for all API requests. - Provides MCP tools: list_services, execute, and reload_config. - Debuts plugin support for OpenClaw, enabling integration through janee_list_services, janee_execute, and janee_reload_config. - Supports Bearer, custom header, and HMAC-style authentication methods.
Metadata
Slug janee
Version 0.1.2
License
All-time Installs 1
Active Installs 1
Total Versions 2
Frequently Asked Questions

What is Janee?

Secrets management for AI agents. Never expose your API keys again. It is an AI Agent Skill for Claude Code / OpenClaw, with 2608 downloads so far.

How do I install Janee?

Run "/install janee" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Janee free?

Yes, Janee is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Janee support?

Janee is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Janee?

It is built and maintained by rsdouglas (@rsdouglas); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments