← Back to Skills Marketplace
ArmorClaw
by
SuperTechGod
· GitHub ↗
· v1.0.0
· MIT-0
104
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install armorclaw
Description
AES-256 encrypted secrets manager for OpenClaw agents. Store API keys, tokens, and credentials in a secure local vault instead of plain-text .env files. Feat...
README (SKILL.md)
ArmorClaw — Encrypted Secrets Manager for OpenClaw
Stop storing API keys in plain-text .env files.
ArmorClaw encrypts everything with AES-256 and unlocks only on your machine.
Install
npx clawhub@latest install armorclaw
pip install ./skills/armorclaw
Quick Start
# Initialize vault
armorclaw init
# Store your first key
armorclaw set OPENAI_KEY
# Or import your whole .env at once
armorclaw import ~/.openclaw/openclaw.env
# List stored secrets
armorclaw list
Use in OpenClaw Agent
from armorclaw.openclaw import inject_vault_env
# Inject all vault secrets into environment at startup
inject_vault_env(password="your-master-password")
# Or use ARMORCLAW_PASSWORD env var for bot auto-unlock
# export ARMORCLAW_PASSWORD="your-master-password"
# inject_vault_env()
Cross-Skill Sharing
One key, all your skills:
from armorclaw.openclaw import get_vault_key
# Any skill can pull keys from the vault
api_key = get_vault_key("OPENAI_KEY", skill="senticlaw")
CLI Reference
armorclaw init Initialize vault + set master password
armorclaw set KEY [value] Store a secret
armorclaw get KEY Retrieve a secret
armorclaw list List all stored keys (no values shown)
armorclaw delete KEY Delete a secret
armorclaw import [path] Import .env file into vault
armorclaw log [KEY] View access log
armorclaw report Skill usage report
Lock Modes
| Mode | Security | Description |
|---|---|---|
password |
Medium | Type master password each time |
machine |
Good | Locked to registered machine (MAC address) |
static-ip |
Good | Locked to your static external IP only |
machine+static-ip |
Strongest | Machine AND static external IP must match |
bot |
Convenient | Bot auto-unlocks using stored password |
⚠️ IP restriction requires a STATIC external IP. Dynamic/rotating IPs (most home internet) will lock you out when your IP changes. ArmorClaw will warn you and confirm before registering.
Security
- AES-256-CBC encryption with PBKDF2-HMAC-SHA256 key derivation (600k iterations)
- HMAC integrity — detects tampering
- Machine binding — vault won't open on another machine
- IP restriction — vault won't open from a different network
- Zero plaintext storage — keys never written unencrypted anywhere
- Access audit log — every read/write tracked with skill name + timestamp
Built by PHRAIMWORK LLC · MIT License Part of the PHRAIMWORK Security Suite: SentiClaw + ArmorClaw
Usage Guidance
What to check before installing
- Source and provenance: the package contains a full Python project and CLI. Confirm you trust PHRAIMWORK LLC and the repository URL in pyproject.toml before installing.
- Cryptography: the library falls back to a custom 'stdlib' AES-like implementation when the 'cryptography' package is not installed. That fallback is explicitly marked as "less battle-tested" and appears to be a custom construction (hashlib-based block primitive). Do NOT rely on this for high-value secrets — install with the 'secure' extras (pip install armorclaw[secure]) or ensure the environment has the 'cryptography' package.
- Scanning & importing: the default scanner looks in broad locations (~/projects, ~/Documents). That can read many files and the import flow can delete original .env files if you choose that option. Review any found files before importing and prefer 'backup' over 'delete'.
- Auto-unlock persistence: the CLI can write an encrypted master password into ~/.openclaw/openclaw.json to enable bot auto-unlock. Even encrypted, this increases exposure — only enable for fully trusted agents and machines. Prefer interactive unlocking where possible.
- Network calls: external IP detection uses third-party services (api.ipify.org, ifconfig.me, icanhazip.com). These requests reveal your external IP to those services; consider the privacy implications and whether you want that traffic.
- Cross-skill sharing: the vault allows any skill to request keys (the API accepts a 'skill' parameter and logs accesses). The design relies on skill-level trust and auditing; there is no per-skill ACL enforcement. Only enable cross-skill access for trusted skills and monitor access logs.
- Recommended mitigations: install the 'cryptography' dependency, audit the code (especially crypto.py and machine_crypto.py), run tests in a disposable environment first, back up any .env files before running imports, and carefully review any changes to ~/.openclaw/openclaw.json after setup. If you are not comfortable with the above risks (config writes, scanning Documents, fallback crypto), treat this skill as not suitable for sensitive production secrets.
Capability Analysis
Type: OpenClaw Skill
Name: armorclaw
Version: 1.0.0
ArmorClaw is a secrets management utility that exhibits high-risk behaviors despite its stated security purpose. Key indicators include a broad filesystem scanner in `importer.py` that recursively searches `~/Documents` and `~/projects` for `.env` files, and logic in `cli.py` that modifies the global `openclaw.json` configuration to store a machine-bound master password. Furthermore, `crypto.py` contains a highly non-standard and insecure 'fallback' encryption implementation (a custom XOR-based construction) used when the standard library is unavailable, which represents a significant cryptographic vulnerability rather than intentional malice.
Capability Assessment
Purpose & Capability
Name/description match the code: the package implements an AES-256 vault, .env importer, machine/IP locking, per-skill access logs, and cross-skill retrieval. However the registry metadata calls this 'instruction-only' while the package contains a full Python project (pyproject.toml + modules). That mismatch (no install spec vs. shipped code) is unexpected and worth verifying.
Instruction Scope
SKILL.md and CLI direct the agent to scan user locations (~/projects, ~/Documents, ~/.openclaw) for .env files, import them, and optionally delete originals; the code implements these scans and file operations. The skill also provides env injection (injecting plaintext secrets into process environment) and supports adding an auto-unlock password to the agent config. These actions read and write user files broadly and can expose secrets if misused.
Install Mechanism
Registry shows no install spec, but the repo contains pyproject.toml and CLI entry points and SKILL.md suggests pip / npx install flows. The absence of an explicit install spec in the skill metadata is an inconsistency to confirm: how will the agent obtain/execute the packaged code in your environment?
Credentials
The skill declares no required credentials, which is reasonable, but it will: (1) contact external IP lookup services (api.ipify.org, ifconfig.me, icanhazip.com) revealing your IP to third parties; (2) optionally write an encrypted master password into ~/.openclaw/openclaw.json so the bot can auto-unlock (this grants the agent persistent access to your vault); and (3) enable cross-skill retrieval of secrets (any skill calling the API can request secrets, logged but not access-restricted). These are high-impact behaviors relative to a simple secrets storage claim.
Persistence & Privilege
The skill can persist an auto-unlock artifact into the agent config (~/.openclaw/openclaw.json). Even though the password is machine-encrypted, storing an auto-unlock credential in agent config increases the long-term attack surface and allows the agent (or any process with access to that config) to unlock the vault automatically. The skill does not set always:true, but the config-write behavior is a form of persistence that requires user consent and careful review.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install armorclaw - After installation, invoke the skill by name or use
/armorclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: ClawKeep 1.0.0
- Launch of an AES-256 encrypted secrets manager for OpenClaw agents.
- Securely stores API keys, tokens, and credentials in a local vault with master password, machine/IP binding, and .env migration.
- Provides cross-skill secret sharing, per-skill access logging, and command-line/`inject_vault_env` integration.
- Implements flexible lock modes: password, machine, static IP, and combined restrictions.
- Includes a detailed security model using PBKDF2-HMAC-SHA256, HMAC integrity, and zero plaintext storage.
- New CLI and Python interfaces for adding, retrieving, importing, and auditing secrets.
Metadata
Frequently Asked Questions
What is ArmorClaw?
AES-256 encrypted secrets manager for OpenClaw agents. Store API keys, tokens, and credentials in a secure local vault instead of plain-text .env files. Feat... It is an AI Agent Skill for Claude Code / OpenClaw, with 104 downloads so far.
How do I install ArmorClaw?
Run "/install armorclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ArmorClaw free?
Yes, ArmorClaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ArmorClaw support?
ArmorClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ArmorClaw?
It is built and maintained by SuperTechGod (@supertechgod); the current version is v1.0.0.
More Skills