← Back to Skills Marketplace
Credential Manager
by
Mr. TeeClaw
· GitHub ↗
· v1.3.0
5743
Downloads
2
Stars
52
Active Installs
4
Versions
Install in OpenClaw
/install credential-manager
Description
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices.
Usage Guidance
Install only if you intentionally want OpenClaw credentials centralized in ~/.openclaw/.env. Run scan first, review every discovered path, avoid importing unrelated app secrets or wallet seed phrases by default, do not use --yes until you understand the exact changes, verify or restrict backup permissions, and run cleanup only after testing the new .env and confirming rollback works.
Capability Analysis
Type: OpenClaw Skill
Name: credential-manager
Version: 1.3.0
This skill is classified as suspicious due to its extensive use of high-risk capabilities, including scanning the entire filesystem for credential files, reading their contents, modifying sensitive files like `.env` and `.gitignore`, changing file permissions (`chmod 600`), and deleting original credential files. While these actions are explicitly stated as necessary for its security-enhancing purpose (centralizing and securing credentials), they represent significant control over the user's sensitive data and system configuration. The `SKILL.md` and other documentation files use strong, imperative language to instruct the agent to perform these actions, which, while aimed at enforcing security, constitutes a form of prompt injection directing the agent to execute sensitive operations.
Capability Assessment
Purpose & Capability
The purpose is coherent: it scans, backs up, consolidates, validates, and optionally cleans up credentials for OpenClaw. The concern is proportionality, because it targets high-value secrets including passwords, private keys, wallet keys, mnemonics, and seed phrases.
Instruction Scope
The documentation repeatedly frames consolidation as mandatory and no-exceptions, and includes auto-confirm migration guidance. Cleanup is more controlled with dry-run and typed confirmation, but the overall instruction style is too forceful for secret-handling operations.
Install Mechanism
The package contains documentation and local Python scripts. I found no install-time execution, obfuscation, network exfiltration, background worker, or hidden startup behavior.
Credentials
Default scan patterns reach beyond OpenClaw-owned files into broad user locations such as ~/.config/*/credentials.json, ~/.local/share/*/credentials.json, and shell rc files, which can pull unrelated application secrets into scope.
Persistence & Privilege
The skill writes ~/.openclaw/.env, changes permissions, creates .env.example and .gitignore entries, creates backup copies of credential files, and can delete original credential files after confirmation. The final .env is chmod 600, but backup permission handling is not clearly hardened.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install credential-manager - After installation, invoke the skill by name or use
/credential-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
Consolidation Rule enforcement - all credentials MUST be in ~/.openclaw/.env ONLY. Enhanced detection for workspace/skills/scripts .env files. New CONSOLIDATION-RULE.md documentation.
v1.2.0
Added crypto-specific sensitive key patterns (private_key, passphrase, mnemonic, seed_phrase, signing_key, wallet_key) and updated documentation
v1.0.0
Initial publish: MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions.
v1.1.0
🔒 MANDATORY security foundation. Consolidates scattered credentials into secure .env with proper permissions. Includes enforcement tools for skill developers. Non-negotiable security infrastructure for OpenClaw deployments.
Metadata
Frequently Asked Questions
What is Credential Manager?
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices. It is an AI Agent Skill for Claude Code / OpenClaw, with 5743 downloads so far.
How do I install Credential Manager?
Run "/install credential-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Credential Manager free?
Yes, Credential Manager is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Credential Manager support?
Credential Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Credential Manager?
It is built and maintained by Mr. TeeClaw (@callmedas69); the current version is v1.3.0.
More Skills