← 返回 Skills 市场
Credential Manager
作者
Mr. TeeClaw
· GitHub ↗
· v1.3.0
5743
总下载
2
收藏
52
当前安装
4
版本数
在 OpenClaw 中安装
/install credential-manager
功能描述
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices.
安全使用建议
Install only if you intentionally want OpenClaw credentials centralized in ~/.openclaw/.env. Run scan first, review every discovered path, avoid importing unrelated app secrets or wallet seed phrases by default, do not use --yes until you understand the exact changes, verify or restrict backup permissions, and run cleanup only after testing the new .env and confirming rollback works.
功能分析
Type: OpenClaw Skill
Name: credential-manager
Version: 1.3.0
This skill is classified as suspicious due to its extensive use of high-risk capabilities, including scanning the entire filesystem for credential files, reading their contents, modifying sensitive files like `.env` and `.gitignore`, changing file permissions (`chmod 600`), and deleting original credential files. While these actions are explicitly stated as necessary for its security-enhancing purpose (centralizing and securing credentials), they represent significant control over the user's sensitive data and system configuration. The `SKILL.md` and other documentation files use strong, imperative language to instruct the agent to perform these actions, which, while aimed at enforcing security, constitutes a form of prompt injection directing the agent to execute sensitive operations.
能力评估
Purpose & Capability
The purpose is coherent: it scans, backs up, consolidates, validates, and optionally cleans up credentials for OpenClaw. The concern is proportionality, because it targets high-value secrets including passwords, private keys, wallet keys, mnemonics, and seed phrases.
Instruction Scope
The documentation repeatedly frames consolidation as mandatory and no-exceptions, and includes auto-confirm migration guidance. Cleanup is more controlled with dry-run and typed confirmation, but the overall instruction style is too forceful for secret-handling operations.
Install Mechanism
The package contains documentation and local Python scripts. I found no install-time execution, obfuscation, network exfiltration, background worker, or hidden startup behavior.
Credentials
Default scan patterns reach beyond OpenClaw-owned files into broad user locations such as ~/.config/*/credentials.json, ~/.local/share/*/credentials.json, and shell rc files, which can pull unrelated application secrets into scope.
Persistence & Privilege
The skill writes ~/.openclaw/.env, changes permissions, creates .env.example and .gitignore entries, creates backup copies of credential files, and can delete original credential files after confirmation. The final .env is chmod 600, but backup permission handling is not clearly hardened.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install credential-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/credential-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
Consolidation Rule enforcement - all credentials MUST be in ~/.openclaw/.env ONLY. Enhanced detection for workspace/skills/scripts .env files. New CONSOLIDATION-RULE.md documentation.
v1.2.0
Added crypto-specific sensitive key patterns (private_key, passphrase, mnemonic, seed_phrase, signing_key, wallet_key) and updated documentation
v1.0.0
Initial publish: MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions.
v1.1.0
🔒 MANDATORY security foundation. Consolidates scattered credentials into secure .env with proper permissions. Includes enforcement tools for skill developers. Non-negotiable security infrastructure for OpenClaw deployments.
元数据
常见问题
Credential Manager 是什么?
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 5743 次。
如何安装 Credential Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install credential-manager」即可一键安装,无需额外配置。
Credential Manager 是免费的吗?
是的,Credential Manager 完全免费(开源免费),可自由下载、安装和使用。
Credential Manager 支持哪些平台?
Credential Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Credential Manager?
由 Mr. TeeClaw(@callmedas69)开发并维护,当前版本 v1.3.0。
推荐 Skills