← 返回 Skills 市场
allprogramming9999

Bagman

作者 allprogramming9999 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ 安全检测通过
218
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install master-skills
功能描述
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled fun...
安全使用建议
This skill appears to be what it says: a set of patterns and examples for using 1Password to manage agent secrets. Before installing/use: (1) verify you have the official 'op' CLI from 1Password and understand how to sign in (the skill assumes an active session/OP_SESSION token), (2) confirm that any '.env' or env-file referenced is a template that does not contain real secrets, (3) limit agent session keys to minimal permissions and short lifetimes as recommended, (4) audit 1Password access logs and restrict the agent's vault/item permissions, (5) test the provided sanitize_output routines for false positives/negatives in your environment, and (6) be cautious about giving an autonomous agent any ability to request new session keys without human approval. If you need higher assurance, ask the author to document the authentication prerequisites (how to safely obtain OP_SESSION tokens) and to clarify the env-file example so it cannot be misused to write secrets to disk.
功能分析
Type: OpenClaw Skill Name: master-skills Version: 0.1.0 The 'bagman' skill bundle is a security-focused resource providing patterns and code snippets for secure secret management in AI agents. It includes defensive measures such as output sanitization (regex-based redaction of keys), prompt injection detection, and the use of 1Password CLI (op) for runtime secret retrieval. The content in SKILL.md is educational and aimed at preventing accidental data leaks and unauthorized access, with no evidence of malicious intent or harmful instructions.
能力评估
Purpose & Capability
Name/description (secure key management) aligns with requested binary 'op' and the instructions which exclusively describe using 1Password CLI and session keys. No unrelated services or credentials are requested.
Instruction Scope
Instructions stay within the scope of retrieving and sanitizing secrets from 1Password. A few ambiguous items: (1) the example 'op run --env-file=.env.tpl -- node agent.js' claims 'key never touches disk' but references an env-file (it must be clear that that file is a template without secrets), and (2) the docs assume the 1Password CLI is already signed in (OP_SESSION or equivalent) but don't document that prerequisite or how to authenticate safely. Otherwise instructions do not direct any unexpected data exfiltration.
Install Mechanism
This is instruction-only (no install spec, no downloaded code), so nothing is written to disk by the skill itself. Risk is limited to the user running the suggested commands and having the 'op' binary installed from an external source.
Credentials
The skill requires only the 'op' CLI and declares no env vars, which is proportional. However, it implicitly depends on a logged-in 1Password session (OP_SESSION_* env var or equivalent) and access to a 1Password account/vault; those credentials/session tokens are not documented in requires.env and should be considered necessary for operation.
Persistence & Privilege
Skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. It relies on agent invocation at runtime, which is the normal behavior.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install master-skills
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /master-skills 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: secure key management patterns for AI agents. - Introduces Bagman: a guide to safe handling of secrets (keys, API creds, wallet access) for AI agents. - Covers secure storage using 1Password CLI (`op`), session key delegation, and leak prevention. - Includes architecture overview, step-by-step agent workflow, and code snippets for key retrieval and sanitization. - Provides patterns for output sanitization, pre-commit hooks to stop secret leaks, and .gitignore examples. - Documents prompt injection defenses with input validation and isolation of wallet operations.
元数据
Slug master-skills
版本 0.1.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Bagman 是什么?

Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled fun... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 218 次。

如何安装 Bagman?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install master-skills」即可一键安装,无需额外配置。

Bagman 是免费的吗?

是的,Bagman 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Bagman 支持哪些平台?

Bagman 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bagman?

由 allprogramming9999(@allprogramming9999)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论