← 返回 Skills 市场
aehrt55

Manage Secrets

作者 Xin · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
76
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install manage-secrets
功能描述
Set or update environment secrets via the set-secret GitHub Actions workflow. Use when the user asks to update, rotate, or set a secret/token/API key for thi...
使用说明 (SKILL.md)

Manage Secrets — Self-Service Secret Updates

Trigger the set-secret.yml workflow in the env repo to set or update an environment secret for this persona. The workflow decrypts the SOPS-encrypted secrets.yaml, injects the key/value under envSecrets, re-encrypts, and pushes the change — which triggers a deploy.

Required Environment Variables

  • AGENT_GITHUB_PAT — a fine-grained PAT with Actions write permission on the env repo. There is no fallback; the PAT must be present.
  • MANAGE_SECRETS_GITHUB_REPO — the GitHub owner/repo of the env repo that contains set-secret.yml (e.g., myorg/myapp-env).
if [[ -z "$AGENT_GITHUB_PAT" ]]; then
  echo "ERROR: AGENT_GITHUB_PAT is not set. Cannot authenticate to trigger set-secret workflow." >&2
  exit 1
fi
if [[ -z "$MANAGE_SECRETS_GITHUB_REPO" ]]; then
  echo "ERROR: MANAGE_SECRETS_GITHUB_REPO is not set. Cannot determine target repo." >&2
  exit 1
fi
export GITHUB_TOKEN="$AGENT_GITHUB_PAT"

Trigger Set-Secret

export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh workflow run set-secret.yml \
  --repo "$MANAGE_SECRETS_GITHUB_REPO" \
  -f persona=\x3CPERSONA> \
  -f secret_key=\x3CKEY> \
  -f secret_value=\x3CVALUE>

Where:

  • \x3CPERSONA> is this agent's persona name. Determine it from the Tailscale hostname (tailscale status --self --json | jq -r .Self.HostName → strip the moltbot- prefix) or the Kubernetes namespace (moltbot-\x3Cpersona>)
  • \x3CKEY> must match ^[A-Z][A-Z0-9_]*$ (e.g., TELEGRAM_BOT_TOKEN, GOOGLE_API_KEY)
  • \x3CVALUE> is the secret value to set

Monitor Workflow Status

After triggering, wait a few seconds then check status:

export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh run list \
  --repo "$MANAGE_SECRETS_GITHUB_REPO" \
  --workflow set-secret.yml \
  --limit 3

To watch a specific run until completion:

export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh run watch \x3CRUN_ID> \
  --repo "$MANAGE_SECRETS_GITHUB_REPO"

RBAC

The workflow enforces an RBAC matrix that maps GitHub usernames to allowed personas. Each persona's GitHub user can only set secrets for its own persona; admin users have wildcard access to all personas. Check the set-secret.yml workflow source for the current RBAC matrix.

Example RBAC structure:

{
  "admin-user": ["*"],
  "bot-user[bot]": ["*"],
  "persona-a-user": ["persona-a"],
  "persona-b-user": ["persona-b"]
}

Important Notes

  • The workflow runs with concurrency: { group: set-secret, cancel-in-progress: false } — concurrent dispatches are serialized, not cancelled
  • The secret key must already be a valid uppercase env var name; the workflow rejects invalid formats
  • After the workflow commits, it pushes to main, which triggers the deploy workflow for the affected persona
  • AGENT_GITHUB_PAT and MANAGE_SECRETS_GITHUB_REPO must be set in the environment; the skill has no fallback
  • If the secret value is unchanged, the workflow exits cleanly with no commit
安全使用建议
This skill declares a reasonable capability (trigger a set-secret workflow) but has implementation/metadata inconsistencies and notable privileges. Before installing or enabling it: 1) Verify the skill metadata is corrected to list AGENT_GITHUB_PAT and MANAGE_SECRETS_GITHUB_REPO so you know what will be required. 2) Inspect the target repository's set-secret.yml and any SOPS/decryption steps to confirm the workflow's exact actions, RBAC checks, and what keys the workflow uses to decrypt secrets. 3) Ensure the PAT you provide is minimal-scoped (fine-grained, limited to the specific repo and Actions permissions only) and not an org-wide or user-admin token; consider using a machine user with constrained rights. 4) Consider requiring human approval / making the skill user-invocable (or disabling autonomous invocation) so secrets are not rotated/changed automatically. 5) Confirm which CLIs the agent will call (gh, tailscale, jq, kubectl) and whether you are comfortable allowing the agent to access local tailscale/k8s state to determine persona. 6) Test in a non-production repo/environment first, and rotate the PAT after testing. If you cannot inspect the workflow source or cannot supply a tightly-scoped PAT, do not enable this skill.
功能分析
Type: OpenClaw Skill Name: manage-secrets Version: 1.0.0 The skill 'manage-secrets' allows an agent to update environment secrets by triggering a GitHub Actions workflow using a high-privilege Personal Access Token (AGENT_GITHUB_PAT). While the functionality is aligned with its stated purpose of self-service secret management, it involves high-risk behaviors such as repository write access and the handling of sensitive credentials. Furthermore, the instructions in SKILL.md direct the agent to pass secret values as raw command-line arguments to the 'gh' CLI, which is a security vulnerability that could expose secrets in process logs or shell history.
能力评估
Purpose & Capability
The SKILL.md clearly requires AGENT_GITHUB_PAT (a PAT with Actions write permission) and MANAGE_SECRETS_GITHUB_REPO, which are essential for its stated purpose. However, the registry metadata for the skill declares no required environment variables or primary credential — a direct mismatch. Asking for a GitHub PAT and repo is plausible for a secret-management workflow, but the metadata omission is inconsistent and misleading.
Instruction Scope
The runtime instructions tell the agent to run gh workflow/run/watch and to derive the persona from local system state (tailscale status --self --json | jq..., or Kubernetes namespace), which reads local tools/state outside the GitHub interaction. The SKILL.md also assumes presence of gh, tailscale, jq, and possibly kubectl, but those binaries are not declared. The instructions will cause the agent to set GITHUB_TOKEN from AGENT_GITHUB_PAT and trigger a workflow that decrypts and re-encrypts repo secrets and pushes to main — behavior consistent with the purpose but broad in side effects (commit + deploy).
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written to disk by the skill package itself — low install-surface risk. However, it depends on external CLIs (gh, tailscale, jq, possibly kubectl) being present; those are not installed or declared by the skill, creating a hidden operational dependency that could confuse operators.
Credentials
Requesting AGENT_GITHUB_PAT (Actions write permission) and a target repo is proportionate to triggering a set-secret workflow, but the token is powerful: it can be used to run workflows and potentially perform other repo actions depending on its scope. The skill metadata does not declare these required env vars (so consumers may not realize they are needed or what level of privilege is required). The instructions also read local state (tailscale/k8s) which implies additional implicit access to system tools/config.
Persistence & Privilege
always:false (good) but user-invocable:false plus disable-model-invocation:false means the agent can autonomously invoke this skill (not directly user-triggered). Combined with access to a GitHub PAT that can change repo secrets and trigger deploys, autonomous invocation increases risk that secrets could be changed without explicit human approval. The skill does not request persistent installation privileges, but its ability to commit to main and trigger deploys is a high-impact side effect.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install manage-secrets
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /manage-secrets 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the manage-secrets skill: - Enables setting or updating environment secrets through the set-secret GitHub Actions workflow. - Requires `AGENT_GITHUB_PAT` (PAT with Actions write permission) and `MANAGE_SECRETS_GITHUB_REPO` (target env repo). - Triggers a secure workflow to update SOPS-encrypted `secrets.yaml` and automatically deploy changes. - Enforces RBAC, allowing only permitted GitHub users to manage secrets for designated personas. - Includes guidance for monitoring workflow status and key validation rules.
元数据
Slug manage-secrets
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Manage Secrets 是什么?

Set or update environment secrets via the set-secret GitHub Actions workflow. Use when the user asks to update, rotate, or set a secret/token/API key for thi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 76 次。

如何安装 Manage Secrets?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install manage-secrets」即可一键安装,无需额外配置。

Manage Secrets 是免费的吗?

是的,Manage Secrets 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Manage Secrets 支持哪些平台?

Manage Secrets 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Manage Secrets?

由 Xin(@aehrt55)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论