← 返回 Skills 市场
jlab1201

OpenClaw Secrets Hygiene

作者 jlab1201 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
107
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-secrets-hygiene
功能描述
Manage and audit OpenClaw secrets by coordinating gateway restarts, converting plaintext credentials to SecretRef format, and validating configuration accuracy.
安全使用建议
This skill appears coherent for migrating and auditing OpenClaw secrets, but proceed cautiously: - Back up all OpenClaw config files (openclaw.json, auth-profiles.json, models.json, ~/.openclaw) before making changes. - Review and run the provided scripts/edits in a staging environment first to avoid gateway downtime. - Treat OPENCLAW_GATEWAY_TOKEN and any API keys as sensitive: supply them securely, do not paste into chat logs, and ensure ~/.openclaw/secrets.json is file-permission protected (chmod 600). - Confirm that the local 'openclaw' CLI you will run is the legitimate binary for your environment. - If you have multiple agents, test the sequential gateway restart approach on one agent before bulk operations. - If you want higher assurance, request the skill author/source or a signed/reviewed version of these instructions and any scripts before applying them in production.
功能分析
Type: OpenClaw Skill Name: openclaw-secrets-hygiene Version: 1.0.0 The skill bundle provides comprehensive instructions and utility scripts for managing secrets within the OpenClaw ecosystem. It includes guidance on auditing plaintext credentials, migrating to SecretRef objects, and resolving common configuration issues. The provided Python script in SKILL.md safely modifies local configuration files to adhere to OpenClaw's requirements, and the shell commands follow security best practices such as setting restrictive file permissions (chmod 600). No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
能力评估
Purpose & Capability
Name/description (secrets hygiene, gateway coordination, SecretRef conversion) match the instructions: auditing, creating ~/.openclaw/secrets.json, updating openclaw.json/auth-profiles.json/models.json, running openclaw CLI commands and gateway health checks. The requested actions are what you'd expect for a secrets-migration/audit tool.
Instruction Scope
SKILL.md instructs the agent to run local OpenClaw CLI commands (openclaw secrets audit/reload/configure), edit OpenClaw config files under ~/.openclaw and agent directories, run curl against localhost for gateway health, and optionally test external integrations. These are within the declared purpose. Note: the instructions include an example Python script that reads/writes models.json in-place—users should review such changes and run them in a safe/staged environment.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk writes and arbitrary code installation risk.
Credentials
The registry metadata declares no required env vars, but the SKILL.md instructs setting OPENCLAW_GATEWAY_TOKEN for CLI operations and expects secrets (openai-api-key, brave-api-key, etc.) to be stored in ~/.openclaw/secrets.json. The token and the stored API keys are sensitive; the skill does not declare or document required environment variables or how tokens are to be provided or protected. Also, the instructions may require read/write access to agent directories (~/.openclaw/agents/*), which can contain other sensitive data—verify you want to grant that access.
Persistence & Privilege
Skill is not always-on and is user-invocable (normal). It requires the ability to modify config files and coordinate gateway restarts — operations that can disrupt service if misapplied. It does not request permission to change other skills or system-wide agent settings beyond its own configuration files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-secrets-hygiene
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-secrets-hygiene 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial version
元数据
Slug openclaw-secrets-hygiene
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

OpenClaw Secrets Hygiene 是什么?

Manage and audit OpenClaw secrets by coordinating gateway restarts, converting plaintext credentials to SecretRef format, and validating configuration accuracy. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 107 次。

如何安装 OpenClaw Secrets Hygiene?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-secrets-hygiene」即可一键安装,无需额外配置。

OpenClaw Secrets Hygiene 是免费的吗?

是的,OpenClaw Secrets Hygiene 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClaw Secrets Hygiene 支持哪些平台?

OpenClaw Secrets Hygiene 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw Secrets Hygiene?

由 jlab1201(@jlab1201)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论