← Back to Skills Marketplace
saba-ch

Cloak

by Saba Tchikhinashvili · GitHub ↗ · v0.1.3 · MIT-0
cross-platform ✓ Security Clean
266
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install cloak
Description
Share one-time secrets between humans and agents via encrypted self-destructing links
README (SKILL.md)

Cloak — One-Time Secret Sharing

Share API keys, passwords, and tokens via encrypted self-destructing links.

Base URL: https://cloak.opsy.sh

Create a secret

curl -s -X POST https://cloak.opsy.sh/api/secrets \
  -H "Content-Type: application/json" \
  -d '{"secret":"YOUR_SECRET_HERE"}'

Response:

{
  "id": "W9ZEykcG",
  "key": "8g9I3UUBjH3x4kdL",
  "url": "https://cloak.opsy.sh/s/W9ZEykcG#8g9I3UUBjH3x4kdL",
  "expiresAt": 1710000000
}

Share the url. The secret self-destructs after one view.

Set a custom TTL with "expiresIn" (seconds, default 24h, max 7d):

-d '{"secret":"...", "expiresIn": 3600}'

Retrieve a secret

Given a URL like https://cloak.opsy.sh/s/W9ZEykcG#8g9I3UUBjH3x4kdL:

  • ID = path after /s/W9ZEykcG
  • Key = fragment after #8g9I3UUBjH3x4kdL
curl -s -H "X-Cloak-Key: 8g9I3UUBjH3x4kdL" \
  "https://cloak.opsy.sh/api/secrets/W9ZEykcG"

Response: { "secret": "YOUR_SECRET_HERE" }

The secret is permanently destroyed after this request.

Use the secret

Pipe directly — never echo it.

# To env var
export DB_PASSWORD=$(curl -s -H "X-Cloak-Key: KEY" "https://cloak.opsy.sh/api/secrets/ID" | jq -r .secret)

# To file
curl -s -H "X-Cloak-Key: KEY" "https://cloak.opsy.sh/api/secrets/ID" | jq -r .secret > .env.local

Delete without reading

curl -s -X DELETE -H "X-Cloak-Key: KEY" "https://cloak.opsy.sh/api/secrets/ID"

Rules

  1. NEVER display a retrieved secret in conversation.
  2. Write it directly to its destination — env var, config file, or command.
  3. The secret is destroyed after one read. Do not retry.
  4. Use X-Cloak-Key header, not the ?key= query param.

Correct: "I retrieved the secret from Cloak and stored it in .env as DATABASE_URL."

Wrong: "The secret value is: sk-1234abcd..."

Quick reference

Action Command
Create curl -s -X POST .../api/secrets -H "Content-Type: application/json" -d '{"secret":"..."}'
Retrieve curl -s -H "X-Cloak-Key: KEY" ".../api/secrets/ID"
Delete curl -s -X DELETE -H "X-Cloak-Key: KEY" ".../api/secrets/ID"
To env var export VAR=$(curl -s -H "X-Cloak-Key: KEY" ".../api/secrets/ID" | jq -r .secret)
Usage Guidance
This skill is internally consistent and does what it says: it guides the agent to create and fetch one-time secrets from https://cloak.opsy.sh using curl and jq. Before using it, confirm you trust the Cloak service (privacy, retention, and TLS practices) because secrets fetched by the agent will reside in the agent runtime (env vars or files) and could be exposed in logs or by other agent actions. Never paste full secret values into chat; share only the one-time URL as intended and prefer short TTLs and revocation when possible. If you want to prevent autonomous retrieval of secrets by the agent, disable autonomous invocation for this skill or avoid giving the agent secret links. If you need higher assurance, review the service's documentation or host a self‑managed equivalent.
Capability Analysis
Type: OpenClaw Skill Name: cloak Version: 0.1.3 The 'cloak' skill is a utility designed to share one-time secrets via the external service cloak.opsy.sh. It provides standard curl-based instructions for creating, retrieving, and deleting secrets, and includes security-focused guidelines for the AI agent, such as preventing the display of secrets in chat logs and recommending direct piping to environment variables or files. While it involves sending sensitive data to a third-party endpoint, this behavior is transparently documented and aligned with the skill's stated purpose.
Capability Assessment
Purpose & Capability
Name/description (one-time secret sharing) match the runtime instructions: curl/jq commands to POST secrets, retrieve with X-Cloak-Key, and delete. Required binaries (curl, jq) are appropriate and proportional.
Instruction Scope
SKILL.md only directs the agent to interact with https://cloak.opsy.sh endpoints and to write retrieved secrets directly to a destination (env var or file). It explicitly prohibits echoing secrets into conversation. There are no instructions to read unrelated files, other env vars, or to transmit secrets to other endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is dropped to disk and no external packages are fetched. This is lowest-risk from an install perspective.
Credentials
The skill requests no environment variables, credentials, or config paths. The actions it requires (making HTTPS requests and piping output through jq) do not need additional secrets from the runtime beyond the one-time secret provided by the user/link.
Persistence & Privilege
always is false and there is no install or persistent configuration. The skill allows autonomous model invocation (disable-model-invocation is false) — this is the platform default. Be aware: if the agent receives a valid Cloak URL/key, it could autonomously retrieve that secret into its runtime environment; this behavior is consistent with the skill's purpose but is a privacy/operational risk to consider.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cloak
  3. After installation, invoke the skill by name or use /cloak
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.3
Release 0.1.3
v0.1.2
Release 0.1.2
v0.1.1
Patch release — CI fixes, README rewrite
v0.1.0
Initial release
Metadata
Slug cloak
Version 0.1.3
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 4
Frequently Asked Questions

What is Cloak?

Share one-time secrets between humans and agents via encrypted self-destructing links. It is an AI Agent Skill for Claude Code / OpenClaw, with 266 downloads so far.

How do I install Cloak?

Run "/install cloak" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cloak free?

Yes, Cloak is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cloak support?

Cloak is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cloak?

It is built and maintained by Saba Tchikhinashvili (@saba-ch); the current version is v0.1.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments