← 返回 Skills 市场
135
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install secrets
功能描述
Deep workflow for secrets lifecycle—classification, storage (Vault/KMS/cloud), rotation, least privilege, developer ergonomics, audit, and incident response....
安全使用建议
This skill is coherent and appears to be a structured advisory workflow rather than executable code, but before using it: (1) Do not paste real secrets or private keys into the chat — redact or provide examples. (2) If you want the agent to 'hunt' for secrets, prefer giving it access to sanitized artifacts or run scanning tools yourself and share the findings. (3) The publisher/source is unknown and there is no homepage; although the content is benign, prefer skills with known provenance for sensitive topics. (4) Use human review and organizational policy when following any remediation steps the skill suggests (rotations, revocations, break-glass), since those actions can cause outages if misapplied.
功能分析
Type: OpenClaw Skill
Name: secrets
Version: 1.0.0
The skill bundle contains a structured workflow (SKILL.md) designed to guide an AI agent in assisting users with secrets management best practices, such as rotation, classification, and secure storage. There is no executable code, and the instructions are entirely aligned with improving security posture without any indicators of malicious intent or prompt injection.
能力评估
Purpose & Capability
Name/description match the content: the SKILL.md is a structured, multi-stage secrets governance workflow. It does not request unrelated binaries, credentials, or system access.
Instruction Scope
Instructions are advisory (questions to ask, design choices, runbooks). The guide recommends 'hunting' for secrets in repos, wikis, tickets, Slack, laptops and building inventories — which is appropriate for the purpose, but could lead to collection of sensitive artifacts if the agent or user attempts automated access. The skill itself does not include commands to read files or exfiltrate data.
Install Mechanism
No install spec or code files; instruction-only skills are lowest-risk from install perspective.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance discusses credentials conceptually but does not request or require secrets or tokens to operate.
Persistence & Privilege
Flags show default autonomy (agent invocation allowed) but not always:true and the skill makes no requests to persist itself or modify other skills. No elevated persistence or system-wide changes are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secrets - 安装完成后,直接呼叫该 Skill 的名称或使用
/secrets触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: provides a deep, structured workflow for secure secrets governance.
- Guides users through five core stages: inventory/classification, storage/access model, lifecycle/rotation, developer/CI ergonomics, and verification/operations.
- Offers tailored workflows based on context (removing hardcoded secrets, backend design, CI/CD injection, audits).
- Prioritizes least privilege, secret auditability, and proper rotation procedures.
- Highlights common anti-patterns and provides actionable review and incident response checklists.
- Aims to balance strong security with developer usability and organizational fit.
元数据
常见问题
Secrets 是什么?
Deep workflow for secrets lifecycle—classification, storage (Vault/KMS/cloud), rotation, least privilege, developer ergonomics, audit, and incident response.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 135 次。
如何安装 Secrets?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secrets」即可一键安装,无需额外配置。
Secrets 是免费的吗?
是的,Secrets 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Secrets 支持哪些平台?
Secrets 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secrets?
由 mike47512(@mike47512)开发并维护,当前版本 v1.0.0。
推荐 Skills