← 返回 Skills 市场
2608
总下载
1
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install janee
功能描述
Secrets management for AI agents. Never expose your API keys again.
使用说明 (SKILL.md)
Janee
Secrets management for AI agents. Store API keys encrypted, make requests through Janee, never touch the real key.
Why Use Janee?
Most skills tell you to store API keys in plaintext config files. One prompt injection, one leaked log, one compromised session — and your keys are exposed.
Janee fixes this:
- Keys encrypted at rest — not plaintext JSON
- Agent never sees the real key — requests go through Janee
- Path-based policies — restrict what endpoints can be called
- Full audit trail — every request logged
- Kill switch — revoke access without rotating keys
Install
npm install -g @true-and-useful/janee
janee init
Add a Service
janee add
Follow the prompts to add your API credentials. Keys are encrypted automatically.
Use in Your Agent
Instead of calling APIs directly with your key, call them through Janee:
# Old way (dangerous):
curl -H "Authorization: Bearer sk_live_xxx" https://api.stripe.com/v1/balance
# Janee way (safe):
# Agent calls execute(capability, method, path) via MCP
# Janee injects the key, agent never sees it
OpenClaw Integration
Install the OpenClaw plugin for native tool support:
openclaw plugins install @true-and-useful/janee-openclaw
Your agent now has:
janee_list_services— see available APIsjanee_execute— make requests through Janeejanee_reload_config— hot-reload after config changes
Example: Secure Moltbook Access
Instead of storing your Moltbook key in ~/.config/moltbook/credentials.json:
janee add moltbook -u https://www.moltbook.com/api/v1 -k YOUR_KEY
Then use Janee to post:
# Your agent calls:
janee_execute(service="moltbook", method="POST", path="/posts", body=...)
Your Moltbook key stays encrypted. Even if your agent is compromised, the key can't be exfiltrated.
Config Example
services:
stripe:
baseUrl: https://api.stripe.com
auth:
type: bearer
key: sk_live_xxx # encrypted
moltbook:
baseUrl: https://www.moltbook.com/api/v1
auth:
type: bearer
key: moltbook_sk_xxx # encrypted
capabilities:
stripe_readonly:
service: stripe
rules:
allow: [GET *]
deny: [POST *, DELETE *]
moltbook:
service: moltbook
ttl: 1h
autoApprove: true
Architecture
┌─────────────┐ ┌──────────┐ ┌─────────┐
│ AI Agent │─────▶│ Janee │─────▶│ API │
│ │ MCP │ │ HTTP │ │
└─────────────┘ └──────────┘ └─────────┘
│ │
No key Injects key
+ logs request
Links
安全使用建议
What to check before installing or using this skill:
- Master key handling: inspect src/core/crypto.ts and the init flow. The init template writes a 'masterKey' into ~/.janee/config.yaml. If the master key is stored in the same file as the encrypted credentials, encryption provides no protection — a compromise of that file yields immediate key exposure. Require the author to explain where the master key is stored and to use a proper OS-level key store (e.g., macOS Keychain, Windows DPAPI, Linux kernel keyring) or at minimum keep the master key separate and not in the same plaintext config.
- Binary provenance: the OpenClaw plugin spawns a subprocess by executing the 'janee' binary. The registry metadata did not declare a required binary; ensure you actually install the npm package from a trusted source and verify the package contents (and checksums) before running. A malicious 'janee' binary would run as your user.
- Audit the code that performs decryption and network access (src/core/* and MCP server code). Confirm network endpoints and any optional LLM integration do not leak secrets to third-party services. The template shows optional LLM provider configuration that can read an env var (e.g., OPENAI_API_KEY) — if you enable such features, be explicit about required env vars and trust boundaries.
- File permissions and logs: the code sets config and logs directories with 0700/0600 modes — good practice. Still review where logs are written (~/.janee/logs) as they contain request metadata and may include agent-provided 'reason' text. Ensure logs do not accidentally include plaintext keys.
- Least privilege and policies: the rule/policy system appears coherent (deny-before-allow), but test it thoroughly (unit tests included). For sensitive services, prefer narrow capabilities and require human approval (requiresReason) and consider running Janee in an isolated account or container to limit blast radius.
- If you cannot confirm the masterKey handling and binary provenance, treat the project as untrusted. Ask the author/maintainer to clarify and fix: (1) do not store the master decryption key in the same config file as ciphertext, (2) declare the required binary/runtime in metadata, and (3) document network endpoints and any optional external services.
Confidence: high that these inconsistencies are real from the provided sources; resolving them would change the assessment to benign if the master key storage and binary provenance issues are fixed and documented.
功能分析
Type: OpenClaw Skill
Name: janee
Version: 0.1.2
The OpenClaw AgentSkills skill bundle for Janee is designed as a security tool for AI agents, focusing on secrets management and API access control. It encrypts API keys at rest, prevents agents from directly accessing keys, enforces path-based access policies, and maintains a full audit log of all API requests. The code demonstrates strong security practices, including the use of AES-256-GCM encryption for secrets, restrictive file permissions (0o600/0o700) for configuration and logs in `~/.janee/`, and safe URL construction to prevent injection. The `SKILL.md` and `README.md` documentation clearly outlines these security features and does not contain any instructions that could lead to prompt injection or malicious agent behavior. All network and file access is directly aligned with its stated purpose of securely proxying API calls.
能力评估
Purpose & Capability
The repo and SKILL.md describe an MCP-based secrets proxy (Janee) and an OpenClaw plugin that spawns the Janee process. However the skill metadata declares no required binaries while the plugin code expects a global 'janee' executable (it spawns `janee serve`). Also the init template writes a 'masterKey' into the same config file it uses to store services, which would negate encryption-at-rest if the master key and encrypted data are colocated. These are direct mismatches between the stated security purpose and what the implementation does/assumes.
Instruction Scope
SKILL.md instructs installing npm package globally, running `janee init` (which writes ~/.janee/config.yaml containing a masterKey), adding services, and starting `janee serve`. That scope is reasonable for a local secrets proxy — but the init behavior (inserting a generated masterKey into the config file) contradicts 'keys encrypted at rest' because the key used to decrypt would live next to the ciphertext. The OpenClaw plugin will also spawn a subprocess (`janee serve`) and communicate via stdio; this grants the plugin the ability to run arbitrary code as the user if the installed binary is compromised.
Install Mechanism
There is no registry install spec in the skill metadata (instruction-only), but SKILL.md and package.json expect global npm installation (`npm install -g @true-and-useful/janee`). That is a normal install method, but the registry metadata not listing the required binary is an oversight. The package sources are present in the bundle (package.json, package-lock), not a remote URL install, so install risk is the usual npm-package provenance risk rather than a mysterious remote download.
Credentials
The skill declares no required environment variables, which is plausible for a local-only tool. However the example config template includes an optional LLM provider section that references 'apiKey: env:OPENAI_API_KEY' — that is optional but not surfaced as a required env var. The biggest proportionality problem: the init writes a generated masterKey into config.yaml (mode 0600) — storing the decryption key alongside (or inside) what is supposed to be 'encrypted at rest' is disproportionate to the stated security goal and undermines the protection model.
Persistence & Privilege
The skill does not request 'always: true' and uses the normal plugin model. It registers tools that let an agent request actions via the Janee MCP server; that autonomous invocation is expected for this kind of plugin. Note that the OpenClaw plugin will spawn and manage a local 'janee' subprocess (user-level), so the plugin effectively grants the agent an RPC to a process on the user's machine — appropriate for the purpose but worth auditing because it runs as the user.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install janee - 安装完成后,直接呼叫该 Skill 的名称或使用
/janee触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Improved SKILL.md with architecture diagram and examples
v0.1.1
- Initial public release of Janee (v0.1.1): secure API credential management for AI agents via MCP.
- Adds encrypted storage for API keys, protecting them from exposure in prompts or config files.
- Introduces fine-grained path-based access policies and audit logging for all API requests.
- Provides MCP tools: list_services, execute, and reload_config.
- Debuts plugin support for OpenClaw, enabling integration through janee_list_services, janee_execute, and janee_reload_config.
- Supports Bearer, custom header, and HMAC-style authentication methods.
元数据
常见问题
Janee 是什么?
Secrets management for AI agents. Never expose your API keys again. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2608 次。
如何安装 Janee?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install janee」即可一键安装,无需额外配置。
Janee 是免费的吗?
是的,Janee 完全免费(开源免费),可自由下载、安装和使用。
Janee 支持哪些平台?
Janee 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Janee?
由 rsdouglas(@rsdouglas)开发并维护,当前版本 v0.1.2。
推荐 Skills