← Back to Skills Marketplace
AgentKeys
by
Alexander Belogubov
· GitHub ↗
· v1.2.0
755
Downloads
1
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install agentkeys
Description
Secure credential proxy for AI agents. Make API calls through AgentKeys — real secrets never leave the vault.
README (SKILL.md)
AgentKeys Skill
Secure credential proxy for AI agents. Route API calls through AgentKeys so your agent never sees real secrets.
Configuration
You have two options. Set these in your environment or .env:
Option A — API Key (recommended, multi-credential)
AGENTKEYS_API_KEY=ak_ws_...
AGENTKEYS_PROXY_URL=https://proxy.agentkeys.io
Use your workspace API key to proxy requests to any credential by name. Get your API key from Settings.
Option B — Direct Proxy Token (single credential)
AGENTKEYS_PROXY_TOKEN=pxr_...
AGENTKEYS_PROXY_URL=https://proxy.agentkeys.io
Use a proxy token for one specific credential. Get it by assigning a credential to an agent in the dashboard.
Usage
With API Key (Option A) — reference credentials by name
curl -X POST $AGENTKEYS_PROXY_URL/v1/proxy \
-H "Authorization: Bearer $AGENTKEYS_API_KEY" \
-H "X-Credential-Name: resend" \
-H "X-Target-Url: https://api.resend.com/emails" \
-H "Content-Type: application/json" \
-d '{"from": "[email protected]", "to": "[email protected]", "subject": "Hello", "text": "Sent via AgentKeys"}'
With Proxy Token (Option B) — direct credential access
curl -X POST $AGENTKEYS_PROXY_URL/v1/proxy \
-H "Authorization: Bearer $AGENTKEYS_PROXY_TOKEN" \
-H "X-Target-Url: https://api.resend.com/emails" \
-H "Content-Type: application/json" \
-d '{"from": "[email protected]", "to": "[email protected]", "subject": "Hello", "text": "Sent via AgentKeys"}'
Headers
| Header | Required | Description |
|---|---|---|
Authorization |
✅ | Bearer $AGENTKEYS_API_KEY or Bearer $AGENTKEYS_PROXY_TOKEN |
X-Target-Url |
✅ | Target API URL to forward to |
X-Credential-Name |
✅ (API key mode) | Name of the credential to use (case-insensitive) |
Content-Type |
❌ | Passed through to target |
How It Works
- Agent sends request to AgentKeys proxy with API key + credential name (or proxy token)
- AgentKeys finds and decrypts the real credential server-side
- Real credential is injected into headers
- Request is forwarded to the target API
- Response is returned to the agent
- Every request is logged in the audit trail
The agent never sees the real API key, OAuth token, or password.
Credential Types Supported
- API Key — injected as
Authorization: Bearer \x3Ckey> - Basic Auth — injected as
Authorization: Basic base64(user:pass) - Custom Headers — injected as key-value pairs
- Query Parameters — appended to URL
- Cookies — injected as
Cookieheader - OAuth — auto-refreshed tokens
Security
- Credentials are AES-256-GCM encrypted at rest
- Proxy tokens are scoped to one credential + one agent
- API key mode still respects workspace permissions
- Tokens can be revoked instantly from the dashboard
- Full audit trail for every proxied request
- Agent never has access to plaintext secrets
Links
- Dashboard: app.agentkeys.io
- Docs: agentkeys.io/docs
- Support: [email protected]
Usage Guidance
This skill appears coherent for a credential-proxy: it simply instructs the agent to send requests to a configured AgentKeys proxy. Before installing, verify you trust the proxy operator and the AGENTKEYS_PROXY_URL value, and follow these precautions: (1) Prefer issuing scoped proxy tokens (pxr_...) limited to one credential/agent instead of a workspace API key; (2) if you must use a workspace API key, ensure it has least privilege and cannot access unrelated credentials; (3) restrict which target URLs the agent may request (to avoid SSRF or exfiltration to arbitrary endpoints) and monitor the proxy's audit logs; (4) confirm network routing — if the proxy can reach internal services, consider that access risk; (5) note that this skill is instruction-only (no local code), so risk comes from the remote proxy and the credentials you provide rather than from the skill bundle itself.
Capability Analysis
Type: OpenClaw Skill
Name: agentkeys
Version: 1.2.0
The skill bundle describes a legitimate service for securely proxying API calls through 'agentkeys.io'. All instructions in SKILL.md, including configuration and usage examples, are consistent with this stated purpose. There are no indicators of malicious intent such as unauthorized data exfiltration, arbitrary command execution, persistence mechanisms, or deceptive prompt injection attempts against the AI agent. The external network calls to `https://proxy.agentkeys.io` are fundamental to the skill's intended functionality.
Capability Assessment
Purpose & Capability
Name/description (credential proxy) matches the instructions: the SKILL.md tells the agent to call a proxy URL and optionally use an API key or proxy token. The only required env var in registry metadata is AGENTKEYS_PROXY_URL, which is appropriate. The metadata lists AGENTKEYS_API_KEY and AGENTKEYS_PROXY_TOKEN as optional credentials — consistent with a proxy model.
Instruction Scope
Instructions are scoped to routing requests through the AgentKeys proxy and do not ask the agent to read unrelated files or secrets. However, the proxy accepts an X-Target-Url header (arbitrary target) and in API-key mode can proxy any named credential the API key is permitted to use — that is functionally necessary but means a broadly-scoped API key could be abused to access many credentials or internal services if the proxy is trusted. This is a design risk to be mitigated by scoping tokens and network controls, not an incoherence in the skill itself.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. Nothing will be written to disk by the skill package itself.
Credentials
Declared required env var is only AGENTKEYS_PROXY_URL, which is minimal. SKILL.md describes using AGENTKEYS_API_KEY or AGENTKEYS_PROXY_TOKEN in practice; those are appropriate for a proxy service but are sensitive. Ensure you provide the least-privilege credential (prefer single-credential proxy tokens) and that workspace API keys are tightly scoped. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill is not always-on and does not request system-wide configuration changes or persistent installation. Autonomous invocation is allowed (platform default) but not combined with other red flags here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agentkeys - After installation, invoke the skill by name or use
/agentkeys - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
API key mode: one key for all credentials via X-Credential-Name header. Per-credential proxy tokens (AGENTKEYS_PROXY_TOKEN_STRIPE). Python tab. Credential editing.
v1.1.0
Security fixes: declared required env vars in metadata, removed TOOLS.md token storage advice, removed management API instructions, scoped to proxy-only usage
v1.0.0
Initial release: proxy requests, credential management via API v1, examples for OpenAI/Resend/GitHub
Metadata
Frequently Asked Questions
What is AgentKeys?
Secure credential proxy for AI agents. Make API calls through AgentKeys — real secrets never leave the vault. It is an AI Agent Skill for Claude Code / OpenClaw, with 755 downloads so far.
How do I install AgentKeys?
Run "/install agentkeys" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AgentKeys free?
Yes, AgentKeys is completely free (open-source). You can download, install and use it at no cost.
Which platforms does AgentKeys support?
AgentKeys is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AgentKeys?
It is built and maintained by Alexander Belogubov (@alexandr-belogubov); the current version is v1.2.0.
More Skills