← 返回 Skills 市场
ArmorClaw
作者
SuperTechGod
· GitHub ↗
· v1.0.0
· MIT-0
104
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install armorclaw
功能描述
AES-256 encrypted secrets manager for OpenClaw agents. Store API keys, tokens, and credentials in a secure local vault instead of plain-text .env files. Feat...
使用说明 (SKILL.md)
ArmorClaw — Encrypted Secrets Manager for OpenClaw
Stop storing API keys in plain-text .env files.
ArmorClaw encrypts everything with AES-256 and unlocks only on your machine.
Install
npx clawhub@latest install armorclaw
pip install ./skills/armorclaw
Quick Start
# Initialize vault
armorclaw init
# Store your first key
armorclaw set OPENAI_KEY
# Or import your whole .env at once
armorclaw import ~/.openclaw/openclaw.env
# List stored secrets
armorclaw list
Use in OpenClaw Agent
from armorclaw.openclaw import inject_vault_env
# Inject all vault secrets into environment at startup
inject_vault_env(password="your-master-password")
# Or use ARMORCLAW_PASSWORD env var for bot auto-unlock
# export ARMORCLAW_PASSWORD="your-master-password"
# inject_vault_env()
Cross-Skill Sharing
One key, all your skills:
from armorclaw.openclaw import get_vault_key
# Any skill can pull keys from the vault
api_key = get_vault_key("OPENAI_KEY", skill="senticlaw")
CLI Reference
armorclaw init Initialize vault + set master password
armorclaw set KEY [value] Store a secret
armorclaw get KEY Retrieve a secret
armorclaw list List all stored keys (no values shown)
armorclaw delete KEY Delete a secret
armorclaw import [path] Import .env file into vault
armorclaw log [KEY] View access log
armorclaw report Skill usage report
Lock Modes
| Mode | Security | Description |
|---|---|---|
password |
Medium | Type master password each time |
machine |
Good | Locked to registered machine (MAC address) |
static-ip |
Good | Locked to your static external IP only |
machine+static-ip |
Strongest | Machine AND static external IP must match |
bot |
Convenient | Bot auto-unlocks using stored password |
⚠️ IP restriction requires a STATIC external IP. Dynamic/rotating IPs (most home internet) will lock you out when your IP changes. ArmorClaw will warn you and confirm before registering.
Security
- AES-256-CBC encryption with PBKDF2-HMAC-SHA256 key derivation (600k iterations)
- HMAC integrity — detects tampering
- Machine binding — vault won't open on another machine
- IP restriction — vault won't open from a different network
- Zero plaintext storage — keys never written unencrypted anywhere
- Access audit log — every read/write tracked with skill name + timestamp
Built by PHRAIMWORK LLC · MIT License Part of the PHRAIMWORK Security Suite: SentiClaw + ArmorClaw
安全使用建议
What to check before installing
- Source and provenance: the package contains a full Python project and CLI. Confirm you trust PHRAIMWORK LLC and the repository URL in pyproject.toml before installing.
- Cryptography: the library falls back to a custom 'stdlib' AES-like implementation when the 'cryptography' package is not installed. That fallback is explicitly marked as "less battle-tested" and appears to be a custom construction (hashlib-based block primitive). Do NOT rely on this for high-value secrets — install with the 'secure' extras (pip install armorclaw[secure]) or ensure the environment has the 'cryptography' package.
- Scanning & importing: the default scanner looks in broad locations (~/projects, ~/Documents). That can read many files and the import flow can delete original .env files if you choose that option. Review any found files before importing and prefer 'backup' over 'delete'.
- Auto-unlock persistence: the CLI can write an encrypted master password into ~/.openclaw/openclaw.json to enable bot auto-unlock. Even encrypted, this increases exposure — only enable for fully trusted agents and machines. Prefer interactive unlocking where possible.
- Network calls: external IP detection uses third-party services (api.ipify.org, ifconfig.me, icanhazip.com). These requests reveal your external IP to those services; consider the privacy implications and whether you want that traffic.
- Cross-skill sharing: the vault allows any skill to request keys (the API accepts a 'skill' parameter and logs accesses). The design relies on skill-level trust and auditing; there is no per-skill ACL enforcement. Only enable cross-skill access for trusted skills and monitor access logs.
- Recommended mitigations: install the 'cryptography' dependency, audit the code (especially crypto.py and machine_crypto.py), run tests in a disposable environment first, back up any .env files before running imports, and carefully review any changes to ~/.openclaw/openclaw.json after setup. If you are not comfortable with the above risks (config writes, scanning Documents, fallback crypto), treat this skill as not suitable for sensitive production secrets.
功能分析
Type: OpenClaw Skill
Name: armorclaw
Version: 1.0.0
ArmorClaw is a secrets management utility that exhibits high-risk behaviors despite its stated security purpose. Key indicators include a broad filesystem scanner in `importer.py` that recursively searches `~/Documents` and `~/projects` for `.env` files, and logic in `cli.py` that modifies the global `openclaw.json` configuration to store a machine-bound master password. Furthermore, `crypto.py` contains a highly non-standard and insecure 'fallback' encryption implementation (a custom XOR-based construction) used when the standard library is unavailable, which represents a significant cryptographic vulnerability rather than intentional malice.
能力评估
Purpose & Capability
Name/description match the code: the package implements an AES-256 vault, .env importer, machine/IP locking, per-skill access logs, and cross-skill retrieval. However the registry metadata calls this 'instruction-only' while the package contains a full Python project (pyproject.toml + modules). That mismatch (no install spec vs. shipped code) is unexpected and worth verifying.
Instruction Scope
SKILL.md and CLI direct the agent to scan user locations (~/projects, ~/Documents, ~/.openclaw) for .env files, import them, and optionally delete originals; the code implements these scans and file operations. The skill also provides env injection (injecting plaintext secrets into process environment) and supports adding an auto-unlock password to the agent config. These actions read and write user files broadly and can expose secrets if misused.
Install Mechanism
Registry shows no install spec, but the repo contains pyproject.toml and CLI entry points and SKILL.md suggests pip / npx install flows. The absence of an explicit install spec in the skill metadata is an inconsistency to confirm: how will the agent obtain/execute the packaged code in your environment?
Credentials
The skill declares no required credentials, which is reasonable, but it will: (1) contact external IP lookup services (api.ipify.org, ifconfig.me, icanhazip.com) revealing your IP to third parties; (2) optionally write an encrypted master password into ~/.openclaw/openclaw.json so the bot can auto-unlock (this grants the agent persistent access to your vault); and (3) enable cross-skill retrieval of secrets (any skill calling the API can request secrets, logged but not access-restricted). These are high-impact behaviors relative to a simple secrets storage claim.
Persistence & Privilege
The skill can persist an auto-unlock artifact into the agent config (~/.openclaw/openclaw.json). Even though the password is machine-encrypted, storing an auto-unlock credential in agent config increases the long-term attack surface and allows the agent (or any process with access to that config) to unlock the vault automatically. The skill does not set always:true, but the config-write behavior is a form of persistence that requires user consent and careful review.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install armorclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/armorclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: ClawKeep 1.0.0
- Launch of an AES-256 encrypted secrets manager for OpenClaw agents.
- Securely stores API keys, tokens, and credentials in a local vault with master password, machine/IP binding, and .env migration.
- Provides cross-skill secret sharing, per-skill access logging, and command-line/`inject_vault_env` integration.
- Implements flexible lock modes: password, machine, static IP, and combined restrictions.
- Includes a detailed security model using PBKDF2-HMAC-SHA256, HMAC integrity, and zero plaintext storage.
- New CLI and Python interfaces for adding, retrieving, importing, and auditing secrets.
元数据
常见问题
ArmorClaw 是什么?
AES-256 encrypted secrets manager for OpenClaw agents. Store API keys, tokens, and credentials in a secure local vault instead of plain-text .env files. Feat... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 104 次。
如何安装 ArmorClaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install armorclaw」即可一键安装,无需额外配置。
ArmorClaw 是免费的吗?
是的,ArmorClaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ArmorClaw 支持哪些平台?
ArmorClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ArmorClaw?
由 SuperTechGod(@supertechgod)开发并维护,当前版本 v1.0.0。
推荐 Skills