← 返回 Skills 市场
87
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install nex-keyring
功能描述
Manage and track local API keys, secrets, and tokens with rotation status, risk levels, auditing, and policy enforcement without storing actual secret values.
安全使用建议
This package appears to do what it claims: locally scan .env files and environment variables, track key metadata and rotation history, and avoid storing actual secret values. Before installing or running setup.sh, consider: 1) Review the setup.sh wrapper path that is written — ensure it points to the skill files on your machine (it tries to locate SKILL_DIR but double-check). 2) The tool reads environment variables and .env files — only run it in contexts where you trust the host and operator, and avoid running on machines with untrusted processes. 3) There are small code/documentation inconsistencies (README mentions env overrides that aren't evident in the code) and at least one apparent coding bug (truncated/undefined variable in storage.list_secrets that may cause runtime errors). I recommend auditing the code locally (especially storage.list_secrets and any truncated sections), running setup.sh in a controlled environment or container, installing the cryptography package if you want Fernet encryption, and backing up any sensitive files before first run. If you want higher assurance, ask the author for a complete, non-truncated source and unit tests demonstrating behavior (or run it in an isolated VM/container).
功能分析
Type: OpenClaw Skill
Name: nex-keyring
Version: 1.0.0
The nex-keyring skill is a local utility designed to track the rotation status of API keys and secrets without storing the actual sensitive values. Analysis of nex-keyring.py and lib/scanner.py confirms that the tool only captures metadata (key names, service types, and SHA256 hashes for change detection) from .env files and environment variables. The data is stored locally in a SQLite database (~/.nex-keyring/keyring.db), and the code lacks any network communication or exfiltration logic. While there is a minor discrepancy where documentation mentions Fernet encryption that isn't implemented in the storage layer, the overall behavior is consistent with its stated security-focused purpose.
能力标签
能力评估
Purpose & Capability
The name/description match the implementation: the package scans .env files and environment variables, detects service patterns, records metadata (name, prefix, SHA256 hashes if provided), tracks rotation history and audit logs, and stores everything under ~/.nex-keyring in SQLite. There are no unexpected cloud credentials or unrelated external services requested.
Instruction Scope
SKILL.md and the code direct the tool to read .env files and environment variables (intentional and expected). The implementation generally avoids storing actual secret values (it stores presence, prefixes and hashes), but scanning environment variables and files is inherently sensitive — ensure you understand the privacy implications and that the agent or the person running setup is trusted.
Install Mechanism
There is no remote install step or external download; installation is via the included setup.sh which writes files under the user's home (~/.nex-keyring) and creates a wrapper in ~/.local/bin. No network fetching or third‑party installers are invoked. Note: the setup script initially writes a wrapper with a hardcoded path then rewrites it to use SKILL_DIR; this looks odd but the final wrapper is created from the local skill directory.
Credentials
The skill declares no required environment variables or external credentials (consistent with purpose). README mentions optional env overrides (NEX_KEYRING_HOME, NEX_KEYRING_DB) not visible in the provided code — a small documentation/code mismatch. The code does inspect os.environ to detect keys (expected), but it does not appear to exfiltrate environment contents.
Persistence & Privilege
The skill does not request global/system privileges or 'always' inclusion. It stores files under the user's home and creates a user-level CLI wrapper (~/.local/bin). It does not modify other skills or system-wide configs beyond that user-level install.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nex-keyring - 安装完成后,直接呼叫该 Skill 的名称或使用
/nex-keyring触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Nex Keyring 是什么?
Manage and track local API keys, secrets, and tokens with rotation status, risk levels, auditing, and policy enforcement without storing actual secret values. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 87 次。
如何安装 Nex Keyring?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nex-keyring」即可一键安装,无需额外配置。
Nex Keyring 是免费的吗?
是的,Nex Keyring 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nex Keyring 支持哪些平台?
Nex Keyring 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nex Keyring?
由 Nex AI(@nexaiguy)开发并维护,当前版本 v1.0.0。
推荐 Skills