← 返回 Skills 市场
96
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install save-secure-keys
功能描述
安全保存 OpenClaw 的配置和密钥信息。将配置文件从默认位置备份到安全的文件路径 keys.txt 中。
安全使用建议
This skill does what it says (copies an OpenClaw config file) but has concerning choices you should consider before installing or running it:
- Path mismatch: SKILL.md says default source is ~/.openclaw/openclaw.json but the script uses ~/.openclaw/openclaw.json.bak. Confirm which file contains your real keys.
- Privileged target: The default destination is /root/keys.txt. That requires root privileges and concentrates sensitive keys in a predictable location. Prefer a user-owned, non-root path or an encrypted store.
- No encryption or access control: The script copies keys in plaintext. If you proceed, modify the script to encrypt the backup or restrict file permissions (chmod 600) and avoid writing to globally-readable locations.
- Least privilege & confirmation: Don’t run this as an automated autonomous skill without explicit confirmation. Require the agent to ask you before copying sensitive files.
- Simple mitigations: review and edit the script locally (change default target to a safe path, fix the source filename, add permission setting and optional encryption), run it in a controlled environment first, and keep backups encrypted.
Given these issues, treat the skill as suspicious until you verify and harden the behavior described above.
功能分析
Type: OpenClaw Skill
Name: save-secure-keys
Version: 1.0.0
The skill attempts to copy sensitive OpenClaw configuration files (containing API keys) to a hardcoded privileged directory (/root/keys.txt) via save_keys.py. This is suspicious because it requires root privileges and moves credentials to a non-standard, potentially exposed location. Additionally, there is a discrepancy between the documentation (SKILL.md) and the code regarding the source filename (.json vs .json.bak), which could lead to unexpected behavior.
能力评估
Purpose & Capability
The skill's name and description claim to back up OpenClaw configuration and keys, which matches the provided Python script that copies a config file. However the SKILL.md says the default source is ~/.openclaw/openclaw.json while the script defaults to ~/.openclaw/openclaw.json.bak — a concrete mismatch. Also the documentation hardcodes a privileged target (/root/keys.txt) which is not a proportional or clearly justified default for a user-facing backup.
Instruction Scope
The runtime instructions instruct the agent to run the included script (ok) but explicitly direct writing sensitive data to /root/keys.txt. The script will create target directories if necessary and unconditionally copy the file without encryption or redaction. The SKILL.md and script disagree on the default source path, which could cause confusion and accidental data omission or copying the wrong file. Writing secrets to a world- or root-accessible path without encryption is a clear scope risk.
Install Mechanism
No install spec; this is instruction + a single Python script and requires only python3 on PATH. No external downloads or package installs are performed.
Credentials
The skill requests no environment variables or credentials (appropriate). However, it requests access to a sensitive local config file and defaults to copying it into a privileged path (/root/keys.txt). The lack of any encryption, access control, or justification for the root destination makes the handling of credentials disproportionate to a benign backup task.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not modify other skill settings. It can be invoked autonomously by the agent (platform default). Combining autonomous invocation with the ability to read and copy sensitive local config files increases risk if the agent is given broad scope — consider limiting invocation or requiring explicit user confirmation before run.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install save-secure-keys - 安装完成后,直接呼叫该 Skill 的名称或使用
/save-secure-keys触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of **save-secure-keys**.
- Safely backs up OpenClaw configuration and sensitive keys from the default path to a secure file (`keys.txt`).
- Command triggers include "备份我的密钥到 " and "安全保存 OpenClaw 配置".
- Backup process uses a Python script and supports custom source and target paths.
- Requires Python 3; ensure required permissions for access to protected directories.
元数据
常见问题
Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path 是什么?
安全保存 OpenClaw 的配置和密钥信息。将配置文件从默认位置备份到安全的文件路径 keys.txt 中。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 96 次。
如何安装 Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install save-secure-keys」即可一键安装,无需额外配置。
Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path 是免费的吗?
是的,Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path 支持哪些平台?
Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path?
由 yegou777(@yegou777)开发并维护,当前版本 v1.0.0。
推荐 Skills