← 返回 Skills 市场
zuiho-kai

Vault

作者 zuiho · GitHub ↗ · v1.1.2
cross-platform ✓ 安全检测通过
1181
总下载
3
收藏
12
当前安装
5
版本数
在 OpenClaw 中安装
/install vault
功能描述
Secure local password storage tool with AES-256-GCM encryption. Store, retrieve, and manage passwords with CLI commands.
安全使用建议
This plugin appears to implement what it claims: a local AES-256-GCM encrypted vault. Before installing, consider the following: - Keep the master key secret and do not commit it to source control; if you place it in the OpenClaw config file that config will contain a persistent secret. - The vault stores encrypted data at ~/.vault/passwords.json by default—set strict file permissions (chmod 600) and add the directory to .gitignore. - Backup your master key; losing it will make stored passwords unrecoverable. - The code runs locally and contains no network calls, but only install if you trust the plugin source (verify the GitHub repo and author). For high-value secrets, prefer a well-audited password manager or cryptographic audit.
功能分析
Type: OpenClaw Skill Name: vault Version: 1.1.2 The OpenClaw Vault skill bundle provides a secure local password storage tool using AES-256-GCM encryption. The `index.js` code correctly implements strong cryptographic practices, including scrypt for key derivation with a random 32-byte salt per password, and a random 12-byte IV per password, as detailed in `SKILL.md` and `README.md`. It explicitly requires a `VAULT_MASTER_KEY` (from environment or config) and throws an error if not set, preventing insecure operation. Data is stored locally in the user's home directory (`~/.vault/passwords.json`) and there are no external network calls, shell injections, or suspicious dependencies (`package.json` lists no dependencies). The `CHANGELOG.md` transparently documents a past critical security fix regarding fixed salt, indicating a commitment to security rather than malicious intent. All instructions in `SKILL.md` and `README.md` are benign and align with the stated purpose.
能力评估
Purpose & Capability
Name/description, required binaries (node, npm), required env var (VAULT_MASTER_KEY), and bundled code all align with implementing a local Node-based password vault. Requested items are proportional to the stated purpose.
Instruction Scope
SKILL.md instructs only to set a master key and use the CLI; the runtime code only reads the plugin config, the VAULT_MASTER_KEY env var, and a storage file under the user's home directory. There are no instructions to read unrelated files, query external endpoints, or exfiltrate data.
Install Mechanism
No install script or external downloads are declared; package has no external dependencies. The skill is instruction + bundled source only, which is the lowest install risk profile.
Credentials
Only VAULT_MASTER_KEY is required (declared in both SKILL.md and openclaw.plugin.json). No additional unrelated secrets or config paths are requested. Note: storing masterKey in a persistent config would persist a secret—SKILL.md explicitly shows this option.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent settings. It registers itself via the normal API and does not request elevated or persistent platform privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vault
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vault 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
fix: Address security audit feedback - Use random salt per password, 12-byte IV for GCM, declare required VAULT_MASTER_KEY in registry
v1.1.1
fix: Address security audit feedback - Use random salt per password, 12-byte IV for GCM, declare required VAULT_MASTER_KEY in registry
v1.1.0
feat: Add AES-256-GCM encryption for password storage. BREAKING CHANGE: Master key is now required.
v1.0.1
Clarified plain text storage, removed unimplemented encryption option, added explicit security warnings
v1.0.0
- Initial release of vault 1.0.0 - Securely store, retrieve, and manage passwords or API keys locally via a simple CLI - JSON-based local storage with automatic timestamp tracking - Optional configuration for custom storage file location - Note: Passwords are stored in plain text—ensure proper file permissions and do not commit storage file to version control
元数据
Slug vault
版本 1.1.2
许可证
累计安装 12
当前安装数 12
历史版本数 5
常见问题

Vault 是什么?

Secure local password storage tool with AES-256-GCM encryption. Store, retrieve, and manage passwords with CLI commands. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1181 次。

如何安装 Vault?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vault」即可一键安装,无需额外配置。

Vault 是免费的吗?

是的,Vault 完全免费(开源免费),可自由下载、安装和使用。

Vault 支持哪些平台?

Vault 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Vault?

由 zuiho(@zuiho-kai)开发并维护,当前版本 v1.1.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论