功能描述

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting...

使用说明 (SKILL.md)

Credential Manager

Name: Cxz9909 Credential Manager
Author: cxz9909

STATUS: MANDATORY SECURITY FOUNDATION

Consolidate scattered API keys and credentials into a secure, centralized .env file.

⚠️ This Is Not Optional

Centralized .env credential management is a core requirement for OpenClaw security. If your credentials are scattered across multiple files, stop and consolidate them now.

THE RULE: All credentials MUST be in ~/.openclaw/.env ONLY. No workspace, no skills, no scripts directories.

See:

CORE-PRINCIPLE.md - Why this is non-negotiable
CONSOLIDATION-RULE.md - The single source principle

The Foundation

Every OpenClaw deployment MUST have:

~/.openclaw/.env (mode 600)

This is your single source of truth for all credentials. No exceptions.

Why?

Single location = easier to secure
File mode 600 = only you can read
Git-ignored = won't accidentally commit
Validated format = catches errors
Audit trail = know what changed

Scattered credentials = scattered attack surface. This skill fixes that.

What This Skill Does

Scans for credentials in common locations
Backs up existing credential files (timestamped)
Consolidates into ~/.openclaw/.env
Secures with proper permissions (600)
Validates security and format
Enforces best practices
Cleans up old files after migration

Detection Parameters

The skill automatically detects credentials by scanning for:

File Patterns:

credentials.json files in config directories
.env files
Memory files with -creds or credentials in the name

Sensitive Key Patterns:

API keys, access tokens, bearer tokens
Secrets, passwords, passphrases
OAuth consumer keys
Private keys, signing keys, wallet keys
Mnemonics and seed phrases

Security Checks:

File permissions (must be 600)
Git-ignore protection
Format validation

Quick Start

Full Migration (Recommended)

# Scan for credentials
./scripts/scan.py

# Review and consolidate
./scripts/consolidate.py

# Validate security
./scripts/validate.py

Individual Operations

# Scan only
./scripts/scan.py

# Consolidate specific service
./scripts/consolidate.py --service x

# Backup without removing
./scripts/consolidate.py --backup-only

# Clean up old files
./scripts/cleanup.py --confirm

Common Credential Locations

The skill scans these locations:

~/.config/*/credentials.json
~/.openclaw/workspace/memory/*-creds.json
~/.openclaw/workspace/memory/*credentials*.json
~/.env (if exists, merges)

Security Features

✅ File permissions: Sets .env to mode 600 (owner only) ✅ Git protection: Creates/updates .gitignore ✅ Backups: Timestamped backups before changes ✅ Validation: Checks format, permissions, and duplicates ✅ Template: Creates .env.example (safe to share)

Output Structure

After migration:

~/.openclaw/
├── .env                     # All credentials (secure)
├── .env.example             # Template (safe)
├── .gitignore               # Protects .env
├── CREDENTIALS.md           # Documentation
└── backups/
    └── credentials-old-YYYYMMDD/  # Backup of old files

Supported Services

Common services auto-detected:

X (Twitter): OAuth 1.0a credentials
Molten: Agent intent matching
Moltbook: Agent social network
Botchan/4claw: Net Protocol
OpenAI, Anthropic, Google: AI providers
GitHub, GitLab: Code hosting
Generic: API_KEY, *_TOKEN, *_SECRET patterns

See references/supported-services.md for full list.

Security Best Practices

See references/security.md for detailed security guidelines.

Quick checklist:

✅ .env has 600 permissions
✅ .env is git-ignored
✅ No credentials in code or logs
✅ Rotate keys periodically
✅ Use separate keys per environment

Scripts

All scripts support --help for detailed usage.

scan.py

# Scan and report
./scripts/scan.py

# Include custom paths
./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds

# JSON output
./scripts/scan.py --format json

consolidate.py

# Interactive mode (prompts before changes)
./scripts/consolidate.py

# Auto-confirm (no prompts)
./scripts/consolidate.py --yes

# Backup only
./scripts/consolidate.py --backup-only

# Specific service
./scripts/consolidate.py --service molten

validate.py

# Full validation
./scripts/validate.py

# Check permissions only
./scripts/validate.py --check permissions

# Fix issues automatically
./scripts/validate.py --fix

cleanup.py

# Dry run (shows what would be deleted)
./scripts/cleanup.py

# Actually delete old files
./scripts/cleanup.py --confirm

# Keep backups
./scripts/cleanup.py --confirm --keep-backups

Migration Workflow

Step 1: Discovery

./scripts/scan.py

Review output to see what will be migrated.

Step 2: Backup & Consolidate

./scripts/consolidate.py

Creates backups, builds .env, sets permissions.

Step 3: Validation

./scripts/validate.py

Ensures everything is secure and correct.

Step 4: Test Test your applications/skills with the new .env file.

Step 5: Cleanup

./scripts/cleanup.py --confirm

Removes old credential files (backups remain).

For Skill Developers: Enforce This Standard

Other OpenClaw skills MUST validate credentials are secure before using them:

Python Skills

#!/usr/bin/env python3
import sys
from pathlib import Path

# Add credential-manager scripts to path
sys.path.insert(0, str(Path.home() / '.openclaw/skills/credential-manager/scripts'))

# Enforce secure .env (exits if not compliant)
from enforce import require_secure_env, get_credential

require_secure_env()

# Now safe to load credentials
api_key = get_credential('SERVICE_API_KEY')

Bash Skills

#!/usr/bin/env bash
set -euo pipefail

# Validate .env exists and is secure
if ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then
    exit 1
fi

# Now safe to load
source ~/.openclaw/.env

This creates a fail-fast system: If credentials aren't properly secured, skills refuse to run. Users are forced to fix it.

Loading Credentials

After migration, load from .env:

Python

import os
from pathlib import Path

# Load .env
env_file = Path.home() / '.openclaw' / '.env'
with open(env_file) as f:
    for line in f:
        if '=' in line and not line.strip().startswith('#'):
            key, val = line.strip().split('=', 1)
            os.environ[key] = val

# Use credentials
api_key = os.getenv('SERVICE_API_KEY')

Bash

# Load .env
set -a
source ~/.openclaw/.env
set +a

# Use credentials
echo "$SERVICE_API_KEY"

Using Existing Loaders

If you migrated using OpenClaw scripts:

from load_credentials import get_credentials
creds = get_credentials('x')

Adding New Credentials

Edit ~/.openclaw/.env:

# Add new service
NEW_SERVICE_API_KEY=your_key_here
NEW_SERVICE_SECRET=your_secret_here

Update template too:

# Edit .env.example
NEW_SERVICE_API_KEY=your_key_here
NEW_SERVICE_SECRET=your_secret_here

Rollback

If something goes wrong:

# Find your backup
ls -la ~/.openclaw/backups/

# Restore specific file
cp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \
   ~/.config/x/credentials.json

Notes

Non-destructive by default: Original files backed up before removal
Idempotent: Safe to run multiple times
Extensible: Add custom credential patterns in scripts
Secure: Never logs full credentials, only metadata

安全使用建议

This skill implements an aggressive 'single .env' policy and will read, back up, consolidate, and (if you confirm) delete credential files across your home directory. Before installing or running it: 1) Review the scripts locally (scan.py, consolidate.py, backup/cleanup) to ensure they match your expectations — they act on many paths and will copy sensitive files into backups and into a single ~/.openclaw/.env. 2) Note mismatches: CONSOLIDATION-RULE.md hardcodes a user path (/home/phan_harry), and docs recommend encrypted backups but the current backup implementation copies files unencrypted. 3) Test in a safe environment (non-production account or VM) and run scan.py and consolidate.py with --backup-only and without --yes to inspect findings. 4) Verify backups are encrypted or move them to an encrypted store before deleting originals. 5) Consider whether the 'never use environment variables/CLI args' rule fits your deployment model (CI, containers, secret managers). 6) If you intend to use enforce.py across other skills, be aware it will cause those scripts to exit unless the centralized .env exists and is 600; that can break automation. 7) If you want to adopt this tool, modify it to: encrypt backups, provide configurable exception policies (allow CI/service account patterns), remove hardcoded path artifacts, and log-safe auditing. If you are uncomfortable with a single-file consolidation of high-value secrets (private keys, mnemonics), prefer a secret manager or encrypted key store instead.

功能分析

Type: OpenClaw Skill Name: cxz9909-credential-manager Version: 1.0.0 The credential-manager skill is a security utility designed to centralize scattered API keys and secrets into a single, secured .env file (mode 600) within the OpenClaw directory. The scripts (scan.py, consolidate.py, cleanup.py) perform local file operations such as scanning common config paths, creating timestamped backups, and merging credentials, with no evidence of network exfiltration or unauthorized remote access. While the cleanup script is destructive, it requires explicit user confirmation ('DELETE'), and the overall logic aligns strictly with the stated goal of hardening the agent's security posture.

能力标签

cryptorequires-walletcan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The name/description match the code: the package scans for credential files, consolidates them into ~/.openclaw/.env, validates permissions, and can remove scattered files. That functionality is coherent with a 'credential manager'. However, documentation enforces a blanket "MANDATORY" policy and even contains a hardcoded path (/home/phan_harry/.openclaw/.env) in CONSOLIDATION-RULE.md — an odd artifact that doesn't match the scripts which use Path.home(). The strict 'root-only' requirement and disallowing credentials via environment variables or CLI args are design choices that are plausible for a particular security model but are unusually restrictive and may not be appropriate for many environments (CI, containers, team workflows).

⚠ Instruction Scope

Runtime instructions and scripts scan many user locations (including ~/.config, ~/.local/share, and shell rc files), read potentially every credential-containing file, back up copies, and (with explicit confirmation) delete scattered files. While within the stated purpose, this is high-impact: it centralizes all secrets into one file (single blast radius) and the cleanup step will permanently delete files if confirmed. The SKILL.md's mandatory language and enforce.py suggest other skills should import this to refuse to run unless the .env exists — this creates cross-skill enforcement that may break legitimate workflows. The instructions do not reference any external network endpoints; the scripts do not appear to transmit data externally.

✓ Install Mechanism

There is no external install/download step in the skill package (no brew/npm/download URLs). The code is included in the skill bundle (Python scripts). That reduces supply-chain risk versus arbitrary remote downloads. Installing the skill will place these scripts on disk (they will be executed locally), which is expected for a utility of this nature.

⚠ Credentials

The skill declares no required environment variables, yet its policy forbids using environment variables or CLI args for credentials (CORE-PRINCIPLE.md). The scripts operate on many files across the user's home directory and consolidate all secret types (API keys, private keys, mnemonics) into one file. That increases the value of the single file: if the .env is later exposed, many otherwise-isolated secrets become compromised. The docs recommend encrypted backups, but the backup implementation (backup_files) copies files to backups in plaintext — a mismatch between the claimed safeguards and actual behavior. The consolidation also normalizes and copies private keys and mnemonics without additional encryption at rest.

ℹ Persistence & Privilege

The skill is not always:true and does not modify other skills' files automatically. However, its enforce.py promotes a fail-fast model other skills can import to refuse execution unless the centralized .env exists and has correct permissions — this gives the credential manager strong policy enforcement capability across an installation if other skill authors adopt it. The skill itself does cleanup and can delete files (with confirmation), which is an elevated action but not an automatic privilege escalation.

版本历史

v1.0.0

Initial release of credential-manager, the mandatory security foundation for OpenClaw: - Scans for and detects scattered credential files across common system and project locations. - Automatically backs up all existing credentials, then consolidates them into a secure `~/.openclaw/.env` file (mode 600). - Validates permissions, ensures `.env` is git-ignored, checks for format issues and duplicates, and enforces security best practices. - Provides scripts for scanning, consolidating, validating, and cleaning up old credentials, with backup and rollback support. - Offers templates, documentation, and enforcement helpers to make centralized credential management a hard requirement for all OpenClaw skills and deployments.

元数据

Slug cxz9909-credential-manager

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Cxz9909 Credential Manager 是什么？

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 53 次。

如何安装 Cxz9909 Credential Manager？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cxz9909-credential-manager」即可一键安装，无需额外配置。

Cxz9909 Credential Manager 是免费的吗？

是的，Cxz9909 Credential Manager 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Cxz9909 Credential Manager 支持哪些平台？

Cxz9909 Credential Manager 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Cxz9909 Credential Manager？

由 cxz9909（@cxz9909）开发并维护，当前版本 v1.0.0。

Cxz9909 Credential Manager