← Back to Skills Marketplace

Cloak — Protect .env Secrets from AI Agents

Name: Cloak — Protect .env Secrets from AI Agents
Author: danieltamas

by Daniel Tamas · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ✓ Security Clean

162

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install cloak-env-protection

Description

Protect .env secrets from AI agents. Real credentials encrypted in a vault — agents see structurally valid sandbox values on disk.

README (SKILL.md)

Cloak — Agent Security Skill

This file instructs AI coding agents to protect .env secrets using Cloak. Add it to your project root or append its contents to your CLAUDE.md / .cursorrules / .windsurfrules.

What is Cloak

Cloak encrypts real .env values into a vault and replaces them on disk with structurally valid sandbox values. The developer sees real values in their editor (the extension decrypts them). You (the agent) see sandbox values — that is by design.

Detection

On first interaction with a project, check for a .cloak file in the project root.

.cloak exists → Cloak is active. Follow the rules below.
.cloak does NOT exist but .env exists → suggest cloak init (always ask first, never run without consent).
Neither exists → no action needed.

Rules

Reading .env files

You CAN read .env files. The values on disk are sandbox values (fakes) — they are safe to read, display, and use in code examples. They are structurally valid (e.g. sk_test_cloak_sandbox_000 for Stripe, postgres://dev:dev@localhost:5432/devdb for databases).

Do NOT attempt to access real secret values. Do NOT read vault files, recovery files, or any file under the cloak config directory (~/.config/cloak/, ~/Library/Application Support/cloak/, or %APPDATA%\cloak\).

Running commands that need real env vars

Use cloak run to inject real environment variables into any process:

cloak run npm start
cloak run python app.py
cloak run go run main.go
cloak run docker compose up

Do NOT try to read secrets from the vault and inject them manually. cloak run handles authentication (Touch ID on macOS, password on other platforms) — the developer will be prompted, and that is expected.

Adding or updating secrets

Use cloak set with the key and value as separate arguments:

cloak set STRIPE_KEY sk_test_EXAMPLE000000000000000000
cloak set DATABASE_URL "postgres://admin:[email protected]:5432/myapp"

Do NOT write secrets directly to .env files. The .env file on disk is managed by Cloak — direct edits will be overwritten.

Modifying .env structure

To add/remove keys, change comments, or restructure the file, use:

cloak edit          # opens real values in $EDITOR, re-encrypts on save
cloak set KEY VALUE # add or update a single key

Do NOT directly edit .env when .cloak is present.

Checking status

cloak status    # shows protection state — no auth required

Error recovery

If you see a keychain or decryption error, suggest:

cloak recover
# The developer will need the recovery key shown during `cloak init`

If Cloak is not installed

If the developer wants to use Cloak but it's not installed:

# macOS / Linux
curl -fsSL https://getcloak.dev/install.sh | sh

# Windows (PowerShell)
irm https://getcloak.dev/install.ps1 | iex

The VS Code / Cursor extension is available as "Cloak" in the marketplace.

Command Reference

Task	Command	Auth required
Protect a project	`cloak init`	No
Run with real env vars	`cloak run \x3Ccommand>`	Yes
Add/update a secret	`cloak set KEY VALUE`	Yes
Edit secrets in $EDITOR	`cloak edit`	Yes
View sandbox vs real diff	`cloak peek`	Yes
Temporarily reveal a key	`cloak reveal KEY --duration 30`	Yes
Check protection status	`cloak status`	No
Restore lost keychain	`cloak recover`	No
Remove protection	`cloak unprotect`	Yes

"Auth required" means the developer will be prompted for Touch ID (macOS) or their CLI password. This is expected — it prevents agents from accessing secrets programmatically.

For CLAUDE.md

## Secrets

This project uses Cloak to protect .env secrets.
- The .env file on disk contains sandbox values (safe to read).
- Use `cloak run \x3Ccommand>` to run processes that need real env vars.
- Use `cloak set KEY VALUE` to add or update secrets.
- Do not write to .env directly — use `cloak set` or `cloak edit`.
- If .cloak marker is missing and .env exists, ask before running `cloak init`.

For .cursorrules / .windsurfrules

This project uses Cloak for .env secret protection. The .env on disk has sandbox values (safe to read).
Use `cloak run \x3Ccommand>` for real env vars. Use `cloak set KEY VALUE` to add secrets.
Do not modify .env directly. If .cloak is missing and .env exists, suggest `cloak init` (ask first).

Usage Guidance

This skill is internally consistent with its goal of showing safe sandbox values on disk and using a local vault for real secrets. Before adopting: 1) Do not blindly run the suggested install commands that pipe remote scripts to a shell — inspect the installer at https://getcloak.dev/install.sh (and the PowerShell script) or prefer an official package/distribution channel. 2) Verify the Cloak project's identity (homepage, GitHub repository, release artifacts, and VS Code extension source) before installing. 3) Ensure recovery keys are stored securely; understand how cloak stores its vault and recovery material (platform keychain, encrypted file, backup procedure). 4) Make sure agents follow the document's rule to ask before running 'cloak init' and never attempt to read files under the cloak config directories. 5) If you need a higher assurance level, request the upstream source code and a reproducible build or prefer installation from a known package manager/release host.

Capability Analysis

Type: OpenClaw Skill Name: cloak-env-protection Version: 0.1.0 The skill bundle provides instructions for an AI agent to interact with 'Cloak,' a security tool designed to protect .env secrets by replacing them with sandbox values. The instructions in SKILL.md are defensive, explicitly directing the agent to avoid sensitive configuration directories and use a wrapper command (cloak run) that requires human authentication (e.g., Touch ID) for accessing real credentials. While it includes a standard 'curl | sh' installation pattern for the getcloak.dev domain, the overall logic is transparent and aligned with its stated purpose of enhancing secret security.

Capability Assessment

✓ Purpose & Capability

The name/description (protect .env secrets by showing sandbox values on disk and keeping real values in a vault) matches the runtime instructions: check for .cloak, treat .env as sandbox values, use 'cloak run' to inject real env values, and use 'cloak set/edit' to manage secrets. The skill does not request unrelated credentials or binaries.

✓ Instruction Scope

SKILL.md gives narrow, specific rules: check .cloak presence, read .env (sandbox) only, never read vault or config directories, use cloak commands for runtime injection and edits, and always ask before running init. There is no broad 'collect context' instruction or any direction to access unrelated system files.

⚠ Install Mechanism

The skill is instruction-only (no install spec), which is low risk. However the document explicitly recommends installing via piping a remote script (curl -fsSL https://getcloak.dev/install.sh | sh and irm https://getcloak.dev/install.ps1 | iex). getcloak.dev is not a recognized central release host in this review, and piping remote scripts to sh/iex is a high-risk installer pattern — the command should be replaced with a link to a verified release or the script should be inspected before execution.

✓ Credentials

The skill requests no environment variables, no credentials, and no config paths. The rules explicitly forbid reading vault/config paths (~/.../.config/cloak etc.), which is appropriate and proportionate to the stated purpose.

✓ Persistence & Privilege

No install, no always:true, and user-invocable only; the skill does not request persistent system privileges or attempt to modify other skills' configuration. Autonomous invocation is allowed by default but not combined with other red flags here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install cloak-env-protection
After installation, invoke the skill by name or use /cloak-env-protection
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Initial release of cloak-env-protection. - Introduces protection for .env secrets by encrypting real credentials in a vault and exposing only sandbox values on disk. - Provides clear agent rules for detecting Cloak usage, safe .env file handling, and proper commands for managing secrets. - Guides agents to use `cloak run` for processes needing real secret values, without manual injection. - Documents safe ways to add/update secrets and safeguards against accidental secret exposure. - Includes recovery steps for keychain or decryption errors and installation instructions. - Provides summary instructions for CLAUDE.md, .cursorrules, and .windsurfrules files.

Metadata

Slug cloak-env-protection

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Cloak — Protect .env Secrets from AI Agents?

Protect .env secrets from AI agents. Real credentials encrypted in a vault — agents see structurally valid sandbox values on disk. It is an AI Agent Skill for Claude Code / OpenClaw, with 162 downloads so far.

How do I install Cloak — Protect .env Secrets from AI Agents?

Run "/install cloak-env-protection" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cloak — Protect .env Secrets from AI Agents free?

Yes, Cloak — Protect .env Secrets from AI Agents is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cloak — Protect .env Secrets from AI Agents support?

Cloak — Protect .env Secrets from AI Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cloak — Protect .env Secrets from AI Agents?

It is built and maintained by Daniel Tamas (@danieltamas); the current version is v0.1.0.

More Skills