← 返回 Skills 市场
agentsecrets
作者
Ademijuwon Wisdom
· GitHub ↗
· v1.1.2
· MIT-0
526
总下载
1
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install agentsecrets
功能描述
Zero-knowledge secrets infrastructure — AI agents manage the complete credential lifecycle without ever seeing values
使用说明 (SKILL.md)
\r \r
AgentSecrets — Zero-Knowledge Secrets Infrastructure\r
\r AgentSecrets is a complete secrets management system where you — the AI agent — are the operator.\r \r You manage the full credentials lifecycle: account setup, workspace creation, project organisation, environment selection, secret provisioning, drift detection, authenticated API calls, agent identity management, team management, and audit logging. At no step do you see an actual credential value.\r \r You are the operator. You never see the values.\r \r ---\r \r
YOUR ROLE\r
\r You are operating AgentSecrets on behalf of the user. This means:\r \r
- You run commands autonomously — you manage the secrets lifecycle end to end without asking the user to run commands you can run yourself.\r
- You diagnose and resolve problems (missing keys, drift, wrong project, wrong environment) without unnecessary interruption.\r
- You never ask the user to share or paste actual credential values into the chat.\r
- When to ask for user approval: Before executing high-impact changes — modifying workspace membership (invites, role changes), deleting projects, or updating the domain allowlist — confirm with the user first. These changes affect the whole team and require a conscious decision.\r
- You check the audit logs after significant operations to confirm everything worked as expected.\r \r When you start, tell the user: "I can manage your AgentSecrets credentials on your behalf. I will only ever see key names, never the actual values."\r \r ---\r \r
STEP 1: Verify Installation\r
\r Check silently:\r
agentsecrets --version 2>/dev/null && echo "INSTALLED" || echo "NOT_INSTALLED"\r
```\r
\r
If NOT_INSTALLED, detect the available package manager and tell the user which command to run. You do not run the install command yourself — software installation is the user's decision.\r
\r
```bash\r
which npx # Node.js available\r
which brew # Homebrew available\r
which pip # Python available\r
which go # Go available\r
```\r
\r
Installation commands by environment:\r
- npx: `npx @the-17/agentsecrets`\r
- Homebrew: `brew install The-17/tap/agentsecrets`\r
- pip: `pip install agentsecrets-cli`\r
- Go: `go install github.com/The-17/agentsecrets/cmd/agentsecrets@latest`\r
\r
---\r
\r
## STEP 2: Check Status\r
\r
Always run this before any secrets operation:\r
\r
```bash\r
agentsecrets status\r
```\r
\r
This returns: logged-in user, active workspace, active project, active environment, last sync time.\r
\r
If the session has expired or authentication fails, tell the user to run the following in their terminal and wait for confirmation:\r
\r
```bash\r
agentsecrets login\r
```\r
\r
If NOT_INITIALIZED (no project config found in the current directory):\r
\r
```bash\r
agentsecrets init --storage-mode 1\r
```\r
\r
The agent runs this command. `--storage-mode 1` sets keychain-only storage, which is the correct mode for all agent-managed projects. After init, verify:\r
\r
```bash\r
agentsecrets status\r
```\r
\r
---\r
\r
## STEP 3: Workspace Setup\r
\r
Check available workspaces:\r
\r
```bash\r
agentsecrets workspace list\r
```\r
\r
If the user needs a new workspace:\r
```bash\r
agentsecrets workspace create "Workspace Name"\r
agentsecrets workspace switch "Workspace Name"\r
```\r
\r
If switching to an existing workspace:\r
```bash\r
agentsecrets workspace list\r
agentsecrets workspace switch "Workspace Name"\r
```\r
\r
Invite teammates when requested (ask user to confirm first):\r
```bash\r
agentsecrets workspace invite [email protected]\r
```\r
\r
---\r
\r
## STEP 4: Project Setup\r
\r
AgentSecrets organises secrets by project. For OpenClaw workflows, use the dedicated `OPENCLAW_MANAGER` project.\r
\r
Check if it exists:\r
```bash\r
agentsecrets project list 2>/dev/null | grep -q "OPENCLAW_MANAGER" && echo "EXISTS" || echo "NOT_FOUND"\r
```\r
\r
If EXISTS:\r
```bash\r
agentsecrets project use OPENCLAW_MANAGER\r
```\r
\r
If NOT_FOUND:\r
```bash\r
agentsecrets project create OPENCLAW_MANAGER\r
agentsecrets project use OPENCLAW_MANAGER\r
```\r
\r
For non-OpenClaw workflows, use or create the appropriate project:\r
```bash\r
agentsecrets project list\r
agentsecrets project use PROJECT_NAME\r
# or\r
agentsecrets project create PROJECT_NAME\r
agentsecrets project use PROJECT_NAME\r
```\r
\r
---\r
\r
## STEP 5: Environment Setup\r
\r
Every project has three environments: `development`, `staging`, and `production`. The active environment determines which secrets are used. Development is the default.\r
\r
Check the current environment:\r
```bash\r
agentsecrets status\r
# Shows: Environment: development\r
```\r
\r
Switch environment when needed:\r
```bash\r
agentsecrets environment switch production\r
agentsecrets environment switch staging\r
agentsecrets environment switch development\r
```\r
\r
View all environments and their secret counts:\r
```bash\r
agentsecrets environment list\r
```\r
\r
**Important:** Always confirm the active environment before making API calls or modifying secrets. Running `agentsecrets status` shows the environment clearly. Never switch to production without explicit instruction from the user.\r
\r
Copy secrets from one environment to another (same values):\r
```bash\r
agentsecrets environment copy development staging\r
```\r
\r
Set up a new environment with different values (prompts for each key):\r
```bash\r
agentsecrets environment merge staging production\r
# This ideally should be done by the user\r
```\r
\r
---\r
\r
## STEP 6: Secret Provisioning\r
\r
Before making any API call, verify the required secret exists in the active environment:\r
\r
```bash\r
agentsecrets secrets list\r
```\r
\r
You will see key names only, never values. The list shows coverage across all environments so you can identify gaps.\r
\r
If a required key is missing, tell the user:\r
\r
> "I need `KEY_NAME` to complete this. Please run the following in your terminal:\r
> `agentsecrets secrets set KEY_NAME=value`\r
> Let me know when done and I will continue."\r
\r
Wait for confirmation, then verify:\r
```bash\r
agentsecrets secrets list\r
```\r
\r
Standard key naming conventions:\r
\r
| Service | Key Name |\r
|---|---|\r
| Stripe (live) | `STRIPE_KEY` or `STRIPE_LIVE_KEY` |\r
| Stripe (test) | `STRIPE_TEST_KEY` |\r
| OpenAI | `OPENAI_KEY` |\r
| GitHub | `GITHUB_TOKEN` |\r
| Google Maps | `GOOGLE_MAPS_KEY` |\r
| AWS | `AWS_ACCESS_KEY` and `AWS_SECRET_KEY` |\r
| Paystack | `PAYSTACK_KEY` |\r
| SendGrid | `SENDGRID_KEY` |\r
| Twilio | `TWILIO_SID` and `TWILIO_TOKEN` |\r
| Any other | `SERVICENAME_KEY` (uppercase, underscores) |\r
\r
---\r
\r
## STEP 7: Detect and Resolve Drift\r
\r
Before deployment workflows or when secrets may be stale:\r
\r
```bash\r
agentsecrets secrets diff\r
```\r
\r
This shows what is out of sync between local keychain and cloud for the active environment. If drift is detected:\r
\r
```bash\r
agentsecrets secrets pull\r
```\r
\r
Cross-environment drift check:\r
```bash\r
agentsecrets secrets diff --from development --to production\r
# Shows keys present in development but missing in production\r
```\r
\r
To push local changes to cloud:\r
```bash\r
agentsecrets secrets push\r
```\r
\r
---\r
\r
## STEP 8: Make Authenticated API Calls\r
\r
Always use `agentsecrets call` for authenticated requests.\r
\r
Basic pattern:\r
```bash\r
agentsecrets call --url \x3CURL> --method \x3CMETHOD> --\x3CAUTH_STYLE> \x3CKEY_NAME>\r
```\r
\r
Default method is GET if `--method` is omitted.\r
\r
Auth styles:\r
\r
| Pattern | Flag | Use For |\r
|---|---|---|\r
| Bearer token | `--bearer KEY_NAME` | Stripe, OpenAI, GitHub, most modern APIs |\r
| Custom header | `--header Name=KEY_NAME` | SendGrid, Twilio, API Gateway |\r
| Query parameter | `--query param=KEY_NAME` | Google Maps, weather APIs |\r
| Basic auth | `--basic KEY_NAME` | Jira, legacy REST APIs |\r
| JSON body | `--body-field path=KEY_NAME` | OAuth flows, custom auth |\r
| Form field | `--form-field field=KEY_NAME` | Form-based auth |\r
\r
Examples:\r
\r
```bash\r
# GET request\r
agentsecrets call --url https://api.stripe.com/v1/balance --bearer STRIPE_KEY\r
\r
# POST with body\r
agentsecrets call \\r
--url https://api.stripe.com/v1/charges \\r
--method POST \\r
--bearer STRIPE_KEY \\r
--body '{"amount":1000,"currency":"usd","source":"tok_visa"}'\r
\r
# Custom header\r
agentsecrets call \\r
--url https://api.sendgrid.com/v3/mail/send \\r
--method POST \\r
--header X-Api-Key=SENDGRID_KEY \\r
--body '{"personalizations":[...]}'\r
\r
# Query parameter\r
agentsecrets call \\r
--url "https://maps.googleapis.com/maps/api/geocode/json?address=Lagos" \\r
--query key=GOOGLE_MAPS_KEY\r
\r
# Multiple credentials\r
agentsecrets call \\r
--url https://api.example.com/data \\r
--bearer AUTH_TOKEN \\r
--header X-Org-ID=ORG_SECRET\r
\r
# Basic auth\r
agentsecrets call \\r
--url https://jira.example.com/rest/api/2/issue \\r
--basic JIRA_CREDS\r
\r
# Paystack\r
agentsecrets call \\r
--url https://api.paystack.co/transaction/initialize \\r
--method POST \\r
--bearer PAYSTACK_KEY \\r
--body '{"email":"[email protected]","amount":10000}'\r
```\r
\r
---\r
\r
## STEP 9: OpenClaw Exec Provider\r
\r
AgentSecrets ships as a native exec provider for OpenClaw's SecretRef system (v2026.2.26 and later). When your workflow references a secret via SecretRef, OpenClaw calls the AgentSecrets binary directly to resolve it. The value is injected at execution time and never written to any OpenClaw config file.\r
\r
```bash\r
agentsecrets exec\r
```\r
\r
This is the preferred integration path for OpenClaw workflows. It means credentials do not need to be configured in `~/.openclaw/.env` or any other plaintext config.\r
\r
For wrapping external tools that read from environment variables:\r
\r
```bash\r
agentsecrets env -- stripe mcp\r
agentsecrets env -- node server.js\r
agentsecrets env -- npm run dev\r
```\r
\r
Values are injected directly into the child process at start time. Nothing is written to disk. When the process exits, the values are gone.\r
\r
---\r
\r
## STEP 10: Proxy Mode\r
\r
For workflows requiring multiple calls or framework integrations:\r
\r
```bash\r
agentsecrets proxy start\r
agentsecrets proxy status\r
agentsecrets proxy stop\r
```\r
\r
HTTP proxy pattern for any agent or framework:\r
```\r
POST http://localhost:8765/proxy\r
X-AS-Target-URL: https://api.stripe.com/v1/balance\r
X-AS-Inject-Bearer: STRIPE_KEY\r
```\r
\r
---\r
\r
## STEP 11: Audit Logs\r
\r
After any significant operation:\r
\r
```bash\r
agentsecrets proxy logs\r
agentsecrets proxy logs --last 20\r
agentsecrets proxy logs --secret STRIPE_KEY\r
agentsecrets proxy logs --env production\r
```\r
\r
Output shows: timestamp, agent identity, environment, method, target URL, key name, status code, duration, and redaction status. Values are never logged.\r
\r
Global backend logs with full governance context:\r
\r
```bash\r
agentsecrets log list\r
agentsecrets log list --agent billing-tool\r
agentsecrets log list --identity anonymous # find calls with no identity set\r
agentsecrets log summary --since 7d\r
agentsecrets log export --format csv --since 30d\r
agentsecrets log detail \x3Cid>\r
```\r
\r
If you see `(REDACTED)` in the logs, it means AgentSecrets detected that an API echoed back a credential value in its response and replaced it with `[REDACTED_BY_AGENTSECRETS]` before it reached you. This is expected behaviour.\r
\r
---\r
\r
## FULL COMMAND REFERENCE\r
\r
### Account\r
```bash\r
agentsecrets init # Set up account or initialise a new project\r
agentsecrets init --storage-mode 1 # Init with keychain-only mode\r
agentsecrets login # Login to existing account\r
agentsecrets logout # Clear session\r
agentsecrets status # Current context — workspace, project, environment\r
```\r
\r
### Workspaces\r
```bash\r
agentsecrets workspace create "Name" # Create workspace\r
agentsecrets workspace list # List all workspaces\r
agentsecrets workspace switch "Name" # Switch active workspace\r
agentsecrets workspace invite user@email # Invite teammate\r
```\r
\r
### Projects\r
```bash\r
agentsecrets project create NAME # Create project\r
agentsecrets project list # List projects in workspace\r
agentsecrets project use NAME # Set active project\r
agentsecrets project update NAME # Update project\r
agentsecrets project delete NAME # Delete project\r
```\r
\r
### Environments\r
```bash\r
agentsecrets environment switch \x3Cn> # Switch active environment (development, staging, production)\r
agentsecrets environment list # List environments and secret counts\r
agentsecrets environment copy \x3Cfrom> \x3Cto> # Copy all secrets from one environment to another\r
agentsecrets environment merge \x3Cfrom> \x3Cto> # Prompt for new values per key in destination\r
agentsecrets environment clean # Delete all secrets in current environment\r
```\r
\r
### Secrets\r
```bash\r
agentsecrets secrets set KEY=value # Store secret in active environment\r
agentsecrets secrets get KEY # Retrieve value (visible to user, not to agent)\r
agentsecrets secrets list # List key names with cross-environment coverage\r
agentsecrets secrets list --project NAME # List keys for specific project\r
agentsecrets secrets push # Upload to cloud (encrypted)\r
agentsecrets secrets pull # Download cloud secrets to keychain\r
agentsecrets secrets delete KEY # Remove secret from active environment\r
agentsecrets secrets diff # Compare local vs cloud for active environment\r
agentsecrets secrets diff --from X --to Y # Compare two environments\r
```\r
\r
### Calls and Proxy\r
```bash\r
agentsecrets call --url URL --bearer KEY # One-shot authenticated call\r
agentsecrets call --url URL --method POST --bearer KEY --body '{}'\r
agentsecrets call --url URL --header Name=KEY\r
agentsecrets call --url URL --query param=KEY\r
agentsecrets call --url URL --basic KEY\r
agentsecrets call --url URL --body-field path=KEY\r
agentsecrets call --url URL --form-field field=KEY\r
agentsecrets proxy start # Start HTTP proxy\r
agentsecrets proxy start --port 9000 # Custom port\r
agentsecrets proxy status # Check proxy status\r
agentsecrets proxy sync # Force background revocation sync\r
agentsecrets proxy stop # Stop proxy\r
agentsecrets proxy logs # View local audit log\r
agentsecrets proxy logs --watch # Tail local logs in real time\r
agentsecrets proxy logs --last N # Last N entries\r
agentsecrets proxy logs --secret KEY # Filter by key name\r
agentsecrets proxy logs --env production # Filter by environment\r
```\r
\r
### Global Audit Logs\r
```bash\r
agentsecrets log list [--tail] # View or stream global backend logs\r
agentsecrets log list --agent \x3Cn> # Filter by agent identity\r
agentsecrets log list --identity anonymous # Find calls with no identity set\r
agentsecrets log export --format csv # Export global logs to CSV or JSON\r
agentsecrets log summary --since 7d # View global statistics\r
agentsecrets log detail \x3Cid> # Inspect a specific request with full governance context\r
```\r
\r
### Agent Identity\r
```bash\r
agentsecrets agent list # List agent identities in workspace\r
agentsecrets agent delete "my-agent-name" # Delete agent and revoke its tokens\r
agentsecrets agent token issue "my-agent-name" # Issue a new token for an agent\r
agentsecrets agent token list "my-agent-name" # List active tokens for an agent\r
agentsecrets agent token revoke "name" "\x3Cid>" # Revoke a specific token\r
```\r
\r
### MCP\r
```bash\r
agentsecrets mcp serve # Start MCP server\r
agentsecrets mcp install # Auto-configure Claude Desktop and Cursor\r
```\r
\r
### Environment Injection\r
```bash\r
agentsecrets env -- \x3Ccommand> [args...] # Inject secrets as env vars into child process\r
agentsecrets env -- stripe mcp # Wrap Stripe MCP\r
agentsecrets env -- node server.js # Wrap Node.js\r
agentsecrets env -- npm run dev # Wrap any dev server\r
```\r
\r
### OpenClaw Exec Provider\r
```bash\r
agentsecrets exec # OpenClaw exec provider (reads SecretRef from stdin)\r
```\r
\r
### Workspace Security\r
```bash\r
agentsecrets workspace allowlist add \x3Cdomain> [domain...] # Authorise domains\r
agentsecrets workspace allowlist list # List authorised domains\r
agentsecrets workspace allowlist log # View blocked request log\r
agentsecrets workspace promote [email protected] # Grant admin role\r
agentsecrets workspace demote [email protected] # Revoke admin role\r
```\r
\r
---\r
\r
## HANDLING COMMON SCENARIOS\r
\r
### First time setup\r
Run Steps 1 through 6 in sequence.\r
\r
### "Make an API call to X"\r
1. `agentsecrets status` — verify context including environment\r
2. `agentsecrets secrets list` — confirm key exists in active environment\r
3. `agentsecrets call` — make the call\r
4. Return response to user\r
\r
### "Deploy to production"\r
1. `agentsecrets environment switch production` — switch to production environment\r
2. `agentsecrets secrets diff` — check for drift in production\r
3. `agentsecrets secrets pull` — sync if needed\r
4. Run deployment\r
5. `agentsecrets proxy logs --env production` — review what happened\r
\r
### "Set up staging environment"\r
1. `agentsecrets environment list` — check current state\r
2. `agentsecrets environment copy development staging` — copy development secrets as a starting point\r
3. `agentsecrets environment switch staging`\r
4. Ask user to update any values that differ in staging\r
\r
### "We're missing secrets in production"\r
```bash\r
agentsecrets secrets diff --from development --to production\r
# Shows which keys exist in development but are not in production\r
```\r
For each missing key, ask the user to run `agentsecrets secrets set KEY=value` after switching to production.\r
\r
### "Invite a teammate"\r
Ask user to confirm, then:\r
```bash\r
agentsecrets workspace invite [email protected]\r
```\r
\r
### "Rotate a key"\r
1. Tell user to run: `agentsecrets secrets set KEY_NAME=new_value` in their terminal (in the correct environment)\r
2. Verify: `agentsecrets secrets list`\r
3. Push to cloud: `agentsecrets secrets push`\r
\r
### "What keys do I have?"\r
```bash\r
agentsecrets secrets list\r
# Shows all keys with coverage across development, staging, and production\r
```\r
\r
### "Check audit log"\r
```bash\r
agentsecrets proxy logs --last 50\r
# or for global governance log:\r
agentsecrets log list --tail\r
```\r
\r
### "Which agent made that call?"\r
```bash\r
agentsecrets log list --agent billing-tool\r
# or find anonymous calls:\r
agentsecrets log list --identity anonymous\r
```\r
\r
### API call blocked by domain allowlist\r
If an API call returns a 403 because the domain is not authorised:\r
1. Tell the user which domain needs to be added and ask for their approval.\r
2. Once confirmed, they should run: `agentsecrets workspace allowlist add \x3Cdomain>`\r
3. Retry the call after they confirm the domain has been added.\r
\r
### User needs secrets as environment variables\r
1. `agentsecrets status` — verify context and environment\r
2. `agentsecrets secrets list` — confirm key exists\r
3. `agentsecrets env -- \x3Ccommand>` — wrap the command\r
\r
---\r
\r
## COMMANDS THE AGENT CANNOT RUN\r
\r
These commands must be output to the user to run themselves. Do not attempt to run them. Present the exact command and wait for the user to confirm it is done.\r
\r
### Requires interactive input or password\r
```bash\r
agentsecrets workspace allowlist add # requires admin password confirmation\r
agentsecrets workspace allowlist remove # requires admin password confirmation\r
agentsecrets workspace promote # requires admin password confirmation\r
agentsecrets workspace demote # requires admin password confirmation\r
```\r
\r
### User runs — not the agent\r
```bash\r
agentsecrets login # session expired or first-time machine setup\r
```\r
The agent does not run `agentsecrets login`. If the agent detects an expired session or authentication error, it tells the user to run `agentsecrets login` in their terminal and wait for confirmation before continuing.\r
\r
`agentsecrets init` is different — the agent runs this when setting up a new project, always with `--storage-mode 1`:\r
```bash\r
agentsecrets init --storage-mode 1\r
```\r
\r
### Requires the user to supply a credential value\r
```bash\r
agentsecrets secrets set KEY=value # user must type the value — never ask them to share it in chat\r
```\r
Tell the user to run this in their terminal. Never construct this command with a value you have seen or been given.\r
\r
### Requires software installation\r
```bash\r
brew install The-17/tap/agentsecrets\r
npx @the-17/agentsecrets\r
pip install agentsecrets-cli\r
go install github.com/The-17/agentsecrets/cmd/agentsecrets@latest\r
```\r
Detect the available package manager and present the appropriate command. The user decides what to install.\r
\r
### Requires explicit user approval before running\r
These commands can be run by the agent but only after the user has confirmed. Present what you are about to do and wait for a yes before proceeding.\r
```bash\r
agentsecrets workspace invite user@email # affects team membership\r
agentsecrets workspace switch "Name" # changes active context for all operations\r
agentsecrets environment switch production # switches to production — always confirm\r
agentsecrets project delete NAME # permanent, cannot be undone\r
agentsecrets secrets delete KEY # permanent, cannot be undone\r
agentsecrets agent delete "name" # revokes all tokens, cannot be undone\r
agentsecrets environment copy \x3Cfrom> \x3Cto> # overwrites destination secrets\r
```\r
\r
---\r
\r
## OPERATING PRINCIPLES\r
\r
1. Never display, request, or work with actual credential values — only key names\r
2. Never ask the user to share a credential value in the chat\r
3. Always use `agentsecrets call` for authenticated requests — not curl or direct HTTP\r
4. Run `agentsecrets status` at the start of each session — check workspace, project, and environment\r
5. Run `agentsecrets secrets diff` before deployment workflows\r
6. Never switch to production without explicit user instruction\r
7. Ask for user confirmation before team-level changes: workspace membership, domain allowlist, project deletion, environment switches to production\r
8. Use `agentsecrets env -- \x3Ccommand>` when a tool needs credentials as environment variables\r
9. Check proxy logs after significant operations to confirm the audit trail\r
10. Use `agentsecrets log list --identity anonymous` periodically to find calls with no identity — these are coverage gaps worth addressing\r
\r
---\r
\r
## Security Model\r
\r
- Credentials never enter agent context at any step\r
- Domain allowlist blocks outbound requests to unauthorised destinations by default\r
- If an API echoes a credential in its response, the proxy replaces it with `[REDACTED_BY_AGENTSECRETS]` before it reaches the agent\r
- Credentials stored in OS keychain: macOS Keychain, Windows Credential Manager, Linux Secret Service\r
- Server stores encrypted blobs only and cannot decrypt them\r
- Audit log records key names, endpoints, environment, agent identity, and status codes — no value field exists in the schema\r
- Every log entry captures the domain allowlist state at the exact moment of the call — the governance log is forensically complete\r
- Encryption: X25519 + AES-256-GCM + Argon2id\r
- Allowlist changes require admin role and password confirmation\r
\r
AgentSecrets is open source (MIT). Full source: https://github.com/The-17/agentsecrets
安全使用建议
This skill appears internally consistent: it delegates all secret handling to the agentsecrets CLI and contains only safe wrapper scripts. Before installing, verify you trust the upstream AgentSecrets binary (install source: Homebrew/NPM/PyPI/Go) because that binary will access your OS keychain and perform network requests. Confirm that the tool does not print secret values to stdout in your workflows, and review ~/.agentsecrets/proxy.log (the skill claims it records key names only) if you need an audit trail. Note the small metadata mismatch: the registry listing shows no required binaries while SKILL.md expects the agentsecrets CLI — ensure the CLI is installed from a trusted source before letting the agent run commands autonomously.
功能分析
Type: OpenClaw Skill
Name: agentsecrets
Version: 1.1.2
The skill bundle provides a comprehensive interface for an external secrets management tool (agentsecrets), granting the AI agent autonomous control over the credential lifecycle, including environment switching, secret provisioning, and making authenticated API calls via a local proxy. While the instructions in SKILL.md emphasize a 'zero-knowledge' model and include safeguards like requiring user approval for high-impact changes, the bundle's core functionality involves high-risk behaviors such as intercepting network traffic and managing sensitive credentials. The scripts/secure-call.sh wrapper includes basic shell injection sanitization, but the overall power granted to the agent over the user's security infrastructure, combined with the ability to proxy requests and inject secrets into child processes (agentsecrets env), represents a significant attack surface if the agent is misdirected.
能力评估
Purpose & Capability
The skill claims to be a zero-knowledge secrets manager and all runtime instructions, README, and helper scripts revolve around the agentsecrets CLI, workspace/project/environment management, and making authenticated calls. Requiring an agentsecrets CLI (per SKILL.md) is appropriate for this purpose. Note: the registry metadata shown to me lists 'Required binaries: none' while SKILL.md declares an agentsecrets binary requirement — a minor metadata mismatch but not a functional incoherence.
Instruction Scope
SKILL.md instructs the agent to run agentsecrets commands (status, init, workspace/project/env operations, and agentsecrets call) and to ask the user before high-impact operations (invites, deletions, allowlist updates). The included scripts are simple wrappers that sanitize arguments and exec agentsecrets. The instructions do not tell the agent to read unrelated files or harvest unrelated environment variables. They do rely on the agentsecrets binary to access the OS keychain and perform network calls to user-specified endpoints, which is consistent with the stated functionality.
Install Mechanism
This is instruction-only (no download/install spec in the bundle). SKILL.md suggests standard install methods (npx, brew, pip, go). The bundle's scripts and README do not download arbitrary code from unknown servers. No high-risk 'download+extract' steps are present in the skill itself.
Credentials
The skill requests no credentials or environment variables in the registry metadata. SKILL.md includes an optional AGENTSECRETS_INSTALLED flag and documents that the CLI reads credentials from the OS keychain (which is expected for a secrets manager). There are no unrelated or excessive environment/credential requests in the bundle.
Persistence & Privilege
The skill is not always:true and is user-invocable. It is intended to run commands autonomously (disable-model-invocation is false by default), which aligns with its purpose. Because the skill makes agent-invoked CLI calls that may perform network actions, you should be aware that the agent can autonomously execute those agentsecrets commands when the skill is invoked — this is expected but increases the importance of trusting the agentsecrets binary and configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agentsecrets - 安装完成后,直接呼叫该 Skill 的名称或使用
/agentsecrets触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
- Added support for secrets environments (development, staging, production) with commands to switch, list, and manage environment-specific secrets.
- Updated Python install instructions to use the agentsecrets-cli package.
- Clarified when to seek user approval (e.g., workspace invites, deletions, domain changes).
- Now explicitly confirms active environment before provisioning secrets or making API calls.
- Improved guidance for handling login/session expiry and new environment operations.
- Minor terminology updates for consistency and clarity.
v1.1.0
AgentSecrets 1.1.0 — Zero-knowledge secrets for AI agents
- Expanded documentation clarifies the agent's autonomous role in operating AgentSecrets without accessing secret values.
- Detailed step-by-step operational procedures added: installation, status checks, workspace/project setup, secret provisioning, drift detection, and authenticated API calls.
- New guidance on handling missing keys, project workflows (including OpenClaw), team management, and standard secret naming conventions.
- Provides clear handling instructions for various authentication patterns (bearer, header, query, etc.) using agentsecrets call.
- Reinforces zero-knowledge principles: agents never request, display, or access actual secret values.
v1.0.4
AgentSecrets 1.0.4 — Enhanced Skill Documentation & Workflow
- Major SKILL.md update: comprehensive, step-by-step agent workflow for zero-knowledge secrets management.
- Detailed instructions for installation detection, status checks, workspace and project setup.
- Clear protocols for provisioning and verifying secrets without handling secret values.
- Added drift detection/resolution and guidance for making authenticated API calls using secure patterns.
- Clarified agent responsibilities for fully autonomous credential lifecycle management, while never accessing actual secret content.
v1.0.3
- Initial public release of agentsecrets for secure, zero-knowledge credential management.
- Enables users to make authenticated API calls without exposing their API keys or credentials.
- Comprehensive guided setup workflow for installation, account creation/login, and project organization via chat.
- Credentials are stored securely in the user's local OS keychain, accessible only by name.
- Includes full AgentSecrets CLI integration, supporting account management, secret storage, API calls, and audit logs.
- Provides best-practice key naming conventions and clear instructions for secret provisioning and API usage.
v1.0.1
AgentSecrets v1.0.0 — Initial Release
- Provides zero-knowledge credential management for making authenticated API calls without exposing your keys.
- Full AgentSecrets CLI integration: manage accounts, store credentials, make API calls, and audit usage from chat.
- Guided chat-based setup workflow, including environment detection and step-by-step onboarding.
- Credentials are referenced by name and stored securely in your OS keychain.
- Supports multiple installation methods (npx, Homebrew, pip, Go).
- Enables secure, interactive management of secrets and API requests for various popular services.
v1.0.0
agentsecrets 1.0.0
- Initial release of AgentSecrets skill for zero-knowledge credential management.
- Enables secure API calls by referencing key names, keeping all secrets in the OS keychain.
- Supports full AgentSecrets CLI: account setup, credential storage, API requests, auditing, and project organization.
- Step-by-step guided setup for installation, account creation/login, and project setup directly through chat.
- Conversational credential collection ensures sensitive values are never exposed or retained in chat history.
元数据
常见问题
agentsecrets 是什么?
Zero-knowledge secrets infrastructure — AI agents manage the complete credential lifecycle without ever seeing values. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 526 次。
如何安装 agentsecrets?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentsecrets」即可一键安装,无需额外配置。
agentsecrets 是免费的吗?
是的,agentsecrets 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
agentsecrets 支持哪些平台?
agentsecrets 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 agentsecrets?
由 Ademijuwon Wisdom(@steppacodes)开发并维护,当前版本 v1.1.2。
推荐 Skills