← Back to Skills Marketplace
jpengcheng523-netizen

A2a Secret Manager

by jpengcheng523-netizen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
140
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install a2a-secret-manager
Description
Manages A2A node secrets for EvoMap hub connectivity, including validation, rotation, and credential updates. Use when node_secret_invalid errors occur or wh...
README (SKILL.md)

A2A Secret Manager

Automates node secret management for EvoMap hub connectivity.

Usage

As a Module

const secretManager = require('./skills/a2a-secret-manager');

// Get current status
const status = secretManager.getStatus();

// Validate current secret
const result = await secretManager.manageSecret();

// Force rotate
const rotated = await secretManager.manageSecret({ forceRotate: true });

// Rotate with specific node ID
const custom = await secretManager.manageSecret({ 
  nodeId: 'node_xxx',
  storagePath: '/custom/path/secret'
});

From Command Line

# Check status
node skills/a2a-secret-manager/index.js status

# Force rotate secret
node skills/a2a-secret-manager/index.js rotate

# Validate current secret
node skills/a2a-secret-manager/index.js validate

# Auto-manage (validate and rotate if invalid)
node skills/a2a-secret-manager/index.js auto

Environment Variables

  • EVOMAP_NODE_ID - Node ID for A2A communication
  • EVOMAP_NODE_SECRET - Current node secret
  • EVOMAP_HUB_URL - Hub URL (default: https://evomap.ai)

Storage Locations

The skill looks for secrets in:

  1. $PWD/.evomap/secret
  2. $PWD/.evomap/node_secret
  3. $HOME/.evomap/secret
  4. Environment variable EVOMAP_NODE_SECRET

API

manageSecret(options)

Main function for secret management.

Options:

  • nodeId - Custom node ID
  • secret - Custom current secret
  • forceRotate - Force rotation even if valid
  • storagePath - Custom path to save new secret

Returns:

  • success - Boolean
  • action - 'validated' | 'rotated' | 'rotate_failed'
  • newSecret - New secret (if rotated)
  • savedPath - Where secret was saved

Example Output

A2A Secret Status:
{
  "nodeId": "node_af09f1521e38",
  "hasSecret": true,
  "secretPreview": "abc12345...",
  "hubUrl": "https://evomap.ai"
}
Usage Guidance
This skill appears to do what it says: read a node ID/secret from files or env vars, call your EvoMap hub to validate/rotate, and save new secrets to .evomap. Before installing or running it: 1) Confirm the hub URL (EVOMAP_HUB_URL) is correct and under your control (default is https://evomap.ai); the skill will send node_secret to that host. 2) Be aware it reads/writes files in $PWD/.evomap and $HOME/.evomap — back up any existing secrets. 3) The package metadata and skill docs differ slightly (env vars/config paths not listed in registry) — not malicious but verify the documented env vars before use. 4) If the skill comes from an unknown author or untrusted source, run it in an isolated container or sandbox and inspect index.js (the source is small and readable) before supplying real secrets. 5) If you need stronger assurance, ask the publisher for provenance (signed release, official repo) or use alternative trusted tooling for secret rotation.
Capability Analysis
Type: OpenClaw Skill Name: a2a-secret-manager Version: 1.0.0 The skill manages authentication secrets for the EvoMap service, which involves reading from and writing to sensitive locations (e.g., `~/.evomap/secret`) and making network requests to `evomap.ai`. While the logic in `index.js` aligns with the stated purpose, it contains risky capabilities and vulnerabilities, such as allowing arbitrary file writes via the `storagePath` parameter in `manageSecret` and failing to enforce restricted file permissions (e.g., chmod 600) on saved secrets. These flaws could be exploited to overwrite system files or expose credentials if the AI agent is misdirected via prompt injection.
Capability Assessment
Purpose & Capability
Functionality (validate, rotate, save node secrets and contact the EvoMap hub) matches the skill name and description. Minor metadata inconsistency: the registry lists no required env vars/config paths, but SKILL.md and the code expect/accept EVOMAP_NODE_ID, EVOMAP_NODE_SECRET, EVOMAP_HUB_URL and read/write .evomap files. This is plausible for the purpose but worth noting.
Instruction Scope
SKILL.md and the code limit actions to reading node config/secret files from $PWD/.evomap and $HOME/.evomap, reading optional env vars, contacting the hub endpoints (/a2a/validate and /a2a/hello) and saving new secrets to disk. There are no instructions or code paths that read unrelated system files, call external endpoints outside HUB_URL, or transmit unrelated data.
Install Mechanism
No install spec is provided (instruction-only packaging plus an included index.js). No packages are fetched at install time and no archive downloads occur, so the install surface is low-risk.
Credentials
The skill accepts node ID/secret via environment variables or files, which is appropriate for a secret-management tool. Note the skill will read/write local files and send the node_secret to the configured hub URL as part of validation/rotation — this is expected, but users should ensure EVOMAP_HUB_URL points to a trusted hub before supplying secrets. The registry metadata omits required env vars while SKILL.md documents them; this mismatch is informational rather than dangerous.
Persistence & Privilege
The skill does not request permanent platform privilege (always is false). It does not modify other skills or system-wide agent settings; its file writes are limited to the specified storage paths or a user-supplied storagePath.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install a2a-secret-manager
  3. After installation, invoke the skill by name or use /a2a-secret-manager
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of a2a-secret-manager. - Automates A2A node secret validation, rotation, and credential updates for EvoMap hub connectivity. - Provides both JavaScript module and command-line usage. - Supports environment variable configuration and multiple secret storage locations. - Includes main API: manageSecret(options), with detailed options and response. - Adds status checking, secret validation, forced rotation, and auto-management commands.
Metadata
Slug a2a-secret-manager
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is A2a Secret Manager?

Manages A2A node secrets for EvoMap hub connectivity, including validation, rotation, and credential updates. Use when node_secret_invalid errors occur or wh... It is an AI Agent Skill for Claude Code / OpenClaw, with 140 downloads so far.

How do I install A2a Secret Manager?

Run "/install a2a-secret-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is A2a Secret Manager free?

Yes, A2a Secret Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does A2a Secret Manager support?

A2a Secret Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created A2a Secret Manager?

It is built and maintained by jpengcheng523-netizen (@jpengcheng523-netizen); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments