← 返回 Skills 市场

Gateway Env Injector

Name: Gateway Env Injector
Author: nissan

作者 Nissan Dookeran · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

347

总下载

当前安装

版本数

在 OpenClaw 中安装

/install gateway-env-injector

功能描述

Safely inject API keys from 1Password into macOS LaunchAgent plists using PlistBuddy. Use when running OpenClaw on macOS and storing secrets in 1Password — a...

使用说明 (SKILL.md)

Gateway Environment Injector

Bake secrets from 1Password into macOS LaunchAgent plists without leaving plaintext keys on disk. Uses op read to fetch secrets and /usr/libexec/PlistBuddy to inject them directly into the plist's EnvironmentVariables block.

Why This Exists

launchctl setenv doesn't inject into a plist's own EnvironmentVariables block
Environment variables in .zshrc aren't available to LaunchAgents
Plaintext key files are a security risk
1Password service accounts provide read-only, rotatable access

Usage

bash scripts/inject-gateway-env.sh

Reads each key from 1Password, injects into the gateway plist, then restarts the service.

What It Injects

Configurable list of op://Vault/Item/field references mapped to environment variable names. Modify the script's KEYS array for your setup.

Key Lesson

Changing the Node binary path (even to a symlink) can silently revoke macOS TCC permissions. Always keep the gateway plist locked to the Homebrew Cellar path, not an NVM symlink.

Files

scripts/inject-gateway-env.sh — Injection script with 1Password integration

安全使用建议

This skill largely does what it says — it reads secrets from 1Password and writes them into the OpenClaw gateway's LaunchAgent plist. Important considerations before installing: - The script contradicts its claim of 'avoiding plaintext keys on disk' by writing secrets (including the OP_SERVICE_ACCOUNT_TOKEN) into the plist at ~/Library/LaunchAgents/ai.openclaw.gateway.plist. That plist is stored on disk and may be readable by processes or users with access to your account. If your goal is to avoid persistent plaintext secrets, this approach is not achieving that. - Consider whether the gateway truly needs the 1Password service account token in its environment. If not required, remove injecting OP_SERVICE_ACCOUNT_TOKEN from the script to reduce blast radius. - Ensure the 1Password service account has minimal, read-only scope and rotate it regularly. Use strict filesystem permissions on ~/.config/openclaw/.op-service-token and on the plist file. - Review whether you prefer ephemeral session-based access (op session tokens) rather than storing a persistent token file under ~/.config/openclaw. - Be aware the script restarts the LaunchAgent (it will run the gateway with the injected env vars). Also note it sets OTLP_ENDPOINT to localhost:4317 (telemetry) and writes SHERPA paths—ensure those values are intended. - If you want stronger guarantees against on-disk secrets, investigate alternatives such as: having the gateway integrate with 1Password at runtime, using macOS keychain APIs, or using launchctl setenv for ephemeral environment settings (though that has its own limits). If you proceed, audit the plist file permissions after a run, limit the service account privileges, and consider removing injection of the OP_SERVICE_ACCOUNT_TOKEN from the script.

功能分析

Type: OpenClaw Skill Name: gateway-env-injector Version: 1.0.0 The skill automates the extraction of multiple sensitive API keys (OpenAI, Anthropic, Gemini, etc.) from 1Password and injects them into a macOS LaunchAgent plist. While the script `scripts/inject-gateway-env.sh` performs its stated function, it involves high-risk credential handling and system persistence modification. Furthermore, the `SKILL.md` documentation contains a misleading security claim that it avoids plaintext keys on disk, when in fact `PlistBuddy` writes these secrets into a standard plist file in the user's Library folder.

能力评估

✓ Purpose & Capability

Name, description, required binaries (op, bash), and primaryEnv (OP_SERVICE_ACCOUNT_TOKEN) align with the actual behavior: the script reads secrets via the 1Password CLI and injects them into a LaunchAgent plist used by the OpenClaw gateway. The set of provider keys (OpenAI, Anthropic, Gemini, Mistral, HF, optional Voyage) are plausible for a gateway process.

⚠ Instruction Scope

SKILL.md and the included script instruct the agent to read a local token file (~/.config/openclaw/.op-service-token), call 'op read' for multiple items, and use /usr/libexec/PlistBuddy to add string entries into the gateway plist's EnvironmentVariables, then restart the LaunchAgent. The skill's text claims it 'avoids plaintext keys on disk', but the script writes secrets (including OP_SERVICE_ACCOUNT_TOKEN) into the plist file—creating persistent plaintext secrets on disk, which contradicts the stated security goal and increases exposure.

✓ Install Mechanism

Instruction-only skill with a bundled Bash script; no remote downloads or install steps. The script is executed locally, so there is no high-risk install mechanism (no external archives or shortener URLs).

⚠ Credentials

Requesting OP_SERVICE_ACCOUNT_TOKEN is expected for reading 1Password. However, the script writes that same service-account token into the LaunchAgent plist, exposing the token to any process that can read the plist or the process environment. Injecting the service account token into the gateway may be unnecessary and disproportionate; other requested secrets (provider API keys) are reasonable for a gateway but also create persistent on-disk copies.

✓ Persistence & Privilege

The skill is not always: true and is user-invocable; it restarts a LaunchAgent (expected for its purpose) but does not modify other skills or system-wide agent settings. It does create persistent changes to a LaunchAgent plist (intended), which is within scope but increases long-term exposure of secrets.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install gateway-env-injector
安装完成后，直接呼叫该 Skill 的名称或使用 /gateway-env-injector 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of gateway-env-injector. - Injects API keys from 1Password into macOS LaunchAgent plists using PlistBuddy. - Prevents plaintext secrets on disk while ensuring LaunchAgents have required environment variables. - Requires 1Password CLI (`op`) and Bash; uses service account token from environment. - Customizable for your own 1Password items and desired environment variables. - Designed for secure OpenClaw deployments on macOS.

元数据

Slug gateway-env-injector

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题