Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Other
1claw
HSM-backed secret management for AI agents — store, retrieve, rotate, and share secrets via the 1Claw vault without exposing them in context.
skill openclawclawhub Free
HSM-backed secret management for AI agents — store, retrieve, rotate, and share secrets via the 1Claw vault without exposing them in context.
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- EXAMPLES.md, README.md, CONFIG.md, SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.1.1
Provenance
- Publisher
- kmjones1979
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
1Claw — HSM-Backed Secret Management for AI Agents
1Claw is a cloud HSM-backed secrets manager. Agents access API keys, passwords, and credentials at runtime without them ever entering the conversation context. Secrets are encrypted with keys that never leave the HSM. API base URL: https://api.1claw.xyz Shroud (TEE proxy): https://shroud.1claw.xyz MCP endpoint: https://mcp.1claw.xyz/mcp Dashboard: https://1claw.xyz Docs: https://docs.1claw.xyz
When to use this skill
You need an API key, password, or credential to complete a task You want to store a newly generated credential securely You need to share a secret with a user or another agent You need to rotate a credential after regenerating it You want to check what secrets are available before using one You need to sign or simulate an EVM transaction without exposing private keys You want TEE-grade key isolation for transaction signing (use Shroud at shroud.1claw.xyz)
Option 0: Self-enrollment (new agents)
If you don't have credentials yet, self-enroll — this sends them to your human: # curl curl -s -X POST https://api.1claw.xyz/v1/agents/enroll \ -H "Content-Type: application/json" \ -d '{"name":"my-agent","human_email":"human@example.com"}' # TypeScript SDK (static method, no auth needed) import { AgentsResource } from "@1claw/sdk"; await AgentsResource.enroll("https://api.1claw.xyz", { name: "my-agent", human_email: "human@example.com", }); # CLI (no auth needed) npx @1claw/cli agent enroll my-agent --email human@example.com The human receives the Agent ID + API key by email. They then configure policies for your access.
Option 1: MCP server (recommended for AI agents)
Add to your MCP client configuration. Only the API key is required — agent ID and vault are auto-discovered. { "mcpServers": { "1claw": { "command": "npx", "args": ["-y", "@1claw/mcp"], "env": { "ONECLAW_AGENT_API_KEY": "<agent-api-key>" } } } } Optional overrides: ONECLAW_AGENT_ID (explicit agent), ONECLAW_VAULT_ID (explicit vault). Hosted HTTP streaming mode: URL: https://mcp.1claw.xyz/mcp Headers: Authorization: Bearer <agent-jwt> X-Vault-ID: <vault-uuid>
Option 2: TypeScript SDK
npm install @1claw/sdk import { createClient } from "@1claw/sdk"; const client = createClient({ baseUrl: "https://api.1claw.xyz", apiKey: process.env.ONECLAW_AGENT_API_KEY, });
Option 3: Direct REST API
Authenticate, then pass the Bearer token on every request. # Exchange agent API key for a JWT (key-only — agent_id is auto-resolved) RESP=$(curl -s -X POST https://api.1claw.xyz/v1/auth/agent-token \ -H "Content-Type: application/json" \ -d '{"api_key":"<key>"}') TOKEN=$(echo "$RESP" | jq -r .access_token) AGENT_ID=$(echo "$RESP" | jq -r .agent_id) # Use the JWT curl -H "Authorization: Bearer $TOKEN" https://api.1claw.xyz/v1/vaults Alternative: 1ck_ API keys (personal or agent) can be used directly as Bearer tokens — no JWT exchange needed.
Agent auth flow
Human registers an agent in the dashboard or via POST /v1/agents with an auth_method (api_key default, mtls, or oidc_client_credentials). For api_key agents → receives agent_id + api_key (prefix ocv_). For mTLS/OIDC agents → receives agent_id only (no API key). All agents auto-receive an Ed25519 SSH keypair (public key on agent record, private key in __agent-keys vault). API key agents exchange credentials: POST /v1/auth/agent-token with { "api_key": "<key>" } (or { "agent_id": "<uuid>", "api_key": "<key>" }) → returns { "access_token": "<jwt>", "expires_in": 3600, "agent_id": "<uuid>", "vault_ids": ["..."] }. Agent ID is optional — the server resolves it from the key prefix. Agent uses Authorization: Bearer <jwt> on all subsequent requests. JWT scopes derive from the agent's access policies (path patterns). If no policies exist, scopes are empty (zero access). The agent's vault_ids are also included in the JWT — requests to unlisted vaults are rejected. Token TTL defaults to ~1 hour but can be set per-agent via token_ttl_seconds. The MCP server auto-refreshes 60s before expiry.
API key auth
Tokens starting with 1ck_ (human personal API keys) or ocv_ (agent API keys) can be used as Bearer tokens directly on any authenticated endpoint.
list_secrets
List all secrets in the vault. Returns paths, types, and versions — never values. ParameterTypeRequiredDescriptionprefixstringnoPath prefix to filter (e.g. api-keys/)
get_secret
Fetch the decrypted value of a secret. Use immediately before the API call that needs it. Never store the value or include it in summaries. ParameterTypeRequiredDescriptionpathstringyesSecret path (e.g. api-keys/stripe)
put_secret
Store a new secret or update an existing one. Each call creates a new version. ParameterTypeRequiredDefaultDescriptionpathstringyesSecret pathvaluestringyesThe secret valuetypestringnoapi_keyOne of: api_key, password, private_key, certificate, file, note, ssh_key, env_bundlemetadataobjectnoArbitrary JSON metadataexpires_atstringnoISO 8601 expiry datetimemax_access_countnumbernoMax reads before auto-expiry (0 = unlimited)
delete_secret
Soft-delete a secret. Reversible by an admin. ParameterTypeRequiredDescriptionpathstringyesSecret path to delete
describe_secret
Get metadata (type, version, expiry) without fetching the value. Use to check existence. ParameterTypeRequiredDescriptionpathstringyesSecret path
rotate_and_store
Store a new value for an existing secret, creating a new version. Use after regenerating a key. ParameterTypeRequiredDescriptionpathstringyesSecret pathvaluestringyesNew secret value
get_env_bundle
Fetch an env_bundle secret and parse its KEY=VALUE lines as JSON. ParameterTypeRequiredDescriptionpathstringyesPath to an env_bundle secret
create_vault
Create a new vault for organizing secrets. ParameterTypeRequiredDescriptionnamestringyesVault name (1–255 chars)descriptionstringnoShort description
list_vaults
List all vaults accessible to you. No parameters.
grant_access
Grant a user or agent access to a vault path pattern. ParameterTypeRequiredDefaultDescriptionvault_idstring (UUID)yesVault IDprincipal_typeuser | agentyesWho to grant access toprincipal_idstring (UUID)yesThe user or agent UUIDpermissionsstring[]no["read"]["read"], ["write"], or ["read","write"]secret_path_patternstringno**Glob pattern for secret paths
share_secret
Share a secret via link, with your creator, or with a specific user/agent. ParameterTypeRequiredDescriptionsecret_idstring (UUID)yesThe secret's UUIDrecipient_typeuser | agent | anyone_with_link | creatoryescreator shares with the human who registered this agent — no ID neededrecipient_idstring (UUID)conditionalRequired for user and agent typesexpires_atstringyesISO 8601 expirymax_access_countnumberno (default 5)Max reads (0 = unlimited) Targeted shares (creator/user/agent) require the recipient to explicitly accept before access.
simulate_transaction
Simulate an EVM transaction via Tenderly without signing. Returns balance changes, gas estimates, success/revert status. ParameterTypeRequiredDefaultDescriptiontostringyesDestination address (0x-prefixed)valuestringyesValue in ETH (e.g. "0.01")chainstringyesChain name or chain ID (see Supported Chains)datastringnoHex-encoded calldatasigning_key_pathstringnokeys/{chain}-signerVault path to signing keygas_limitnumberno21000Gas limit
submit_transaction
Submit an EVM transaction for signing and optional broadcast. Requires intents_api_enabled. ParameterTypeRequiredDefaultDescriptiontostringyesDestination addressvaluestringyesValue in ETHchainstringyesChain name or chain IDdatastringnoHex-encoded calldatasigning_key_pathstringnokeys/{chain}-signerVault path to signing keynoncenumbernoauto-resolvedTransaction noncegas_pricestringnoGas price in wei (legacy mode)gas_limitnumberno21000Gas limitmax_fee_per_gasstringnoEIP-1559 max fee in wei (triggers Type 2)max_priority_fee_per_gasstringnoEIP-1559 priority fee in weisimulate_firstbooleannotrueRun Tenderly simulation before signing
REST API Quick Reference
Base URL: https://api.1claw.xyz. All authenticated endpoints require Authorization: Bearer <token>.
Auth (public — no token required)
MethodPathDescriptionPOST/v1/auth/tokenLogin (email + password) → { access_token }POST/v1/auth/agent-tokenAgent login (agent_id + api_key) → { access_token }POST/v1/auth/googleGoogle OAuthPOST/v1/auth/signupCreate account → sends verification emailPOST/v1/auth/verify-emailVerify email token → creates userPOST/v1/auth/mfa/verifyVerify MFA code during login
Auth (authenticated)
MethodPathDescriptionGET/v1/auth/meGet current user profilePATCH/v1/auth/meUpdate profile (display_name, marketing_emails)DELETE/v1/auth/meDelete account (body: { "confirmation": "DELETE MY ACCOUNT" })DELETE/v1/auth/tokenRevoke current tokenPOST/v1/auth/change-passwordChange password
Vaults
MethodPathDescriptionPOST/v1/vaultsCreate vault ({ name, description? }) → 201GET/v1/vaultsList vaults → { vaults: [...] }GET/v1/vaults/{id}Get vault detailsDELETE/v1/vaults/{id}Delete vault → 204POST/v1/vaults/{id}/cmekEnable CMEK ({ fingerprint })DELETE/v1/vaults/{id}/cmekDisable CMEKPOST/v1/vaults/{id}/cmek-rotateStart CMEK key rotation (headers: X-CMEK-Old-Key, X-CMEK-New-Key)GET/v1/vaults/{id}/cmek-rotate/{job_id}Get rotation job status
Secrets
MethodPathDescriptionPUT/v1/vaults/{id}/secrets/{path}Store/update secret ({ type, value, metadata?, expires_at?, max_access_count? }) → 201GET/v1/vaults/{id}/secrets/{path}Read secret → { path, type, value, version, metadata }DELETE/v1/vaults/{id}/secrets/{path}Delete secret → 204GET/v1/vaults/{id}/secrets?prefix=...List secrets (metadata only, no values)
Agents
MethodPathDescriptionPOST/v1/agentsCreate agent → { agent: {...}, api_key: "ocv_..." }GET/v1/agentsList agents → { agents: [...] }GET/v1/agents/{id}Get agentGET/v1/agents/meGet current agent (self)PATCH/v1/agents/{id}Update agent (is_active, scopes, intents_api_enabled, guardrails)DELETE/v1/agents/{id}Delete agent → 204POST/v1/agents/{id}/rotate-keyRotate agent API key → { api_key: "ocv_..." }POST/v1/agents/{id}/rotate-identity-keysRotate agent SSH + ECDH keypairs (user-only; keys in __agent-keys vault)
Policies (Access Control)
MethodPathDescriptionPOST/v1/vaults/{id}/policiesCreate policy ({ principal_type, principal_id, secret_path_pattern, permissions, conditions?, expires_at? })GET/v1/vaults/{id}/policiesList policies for vaultPUT/v1/vaults/{id}/policies/{pid}Update policy (permissions, conditions, expires_at only)DELETE/v1/vaults/{id}/policies/{pid}Delete policy → 204
Sharing
MethodPathDescriptionPOST/v1/secrets/{id}/shareCreate share linkGET/v1/shares/outboundList shares you createdGET/v1/shares/inboundList shares sent to youPOST/v1/shares/{id}/acceptAccept an inbound sharePOST/v1/shares/{id}/declineDecline an inbound shareDELETE/v1/share/{id}Revoke a shareGET/v1/share/{id}Access a share (public, may require passphrase)
Intents API (requires intents_api_enabled)
MethodPathDescriptionPOST/v1/agents/{id}/transactionsSubmit transaction for signing. Optional Idempotency-Key header for replay protection (24h TTL)GET/v1/agents/{id}/transactionsList agent's transactions. signed_tx redacted unless ?include_signed_tx=trueGET/v1/agents/{id}/transactions/{txid}Get transaction details. signed_tx redacted unless ?include_signed_tx=truePOST/v1/agents/{id}/transactions/simulateSimulate single transactionPOST/v1/agents/{id}/transactions/simulate-bundleSimulate transaction bundle
Audit
MethodPathDescriptionGET/v1/audit/events?limit=N&action=...&from=...&to=...Query audit events
Billing
MethodPathDescriptionGET/v1/billing/subscriptionSubscription status, usage, credit balanceGET/v1/billing/credits/balanceCredit balance + expiring creditsGET/v1/billing/credits/transactionsCredit transaction ledgerPATCH/v1/billing/overage-methodSet overage method (credits or x402)GET/v1/billing/usageUsage summary (current month)GET/v1/billing/historyUsage event history
Chains
MethodPathDescriptionGET/v1/chainsList supported chainsGET/v1/chains/{name_or_id}Get chain details
Other
MethodPathDescriptionGET/v1/healthHealth check → { status, service, version }GET/v1/health/hsmHSM health → { status, hsm_provider, connected }POST/GET/DELETE/v1/auth/api-keys[/{id}]Manage personal API keysGET/POST/DELETE/v1/security/ip-rules[/{id}]Manage IP allowlist/blocklistGET/PATCH/DELETE/v1/org/members[/{id}]Manage org members
SDK Method Reference
All methods return Promise<OneclawResponse<T>>. Access via client.<resource>.<method>(...). ResourceMethodDescriptionvaultscreate({ name, description? })Create vaultvaultsget(vaultId)Get vaultvaultslist()List vaultsvaultsdelete(vaultId)Delete vaultsecretsset(vaultId, key, value, { type?, metadata?, expires_at?, max_access_count? })Store/update secretsecretsget(vaultId, key)Read secret (decrypted)secretslist(vaultId, prefix?)List secret metadatasecretsdelete(vaultId, key)Delete secretsecretsrotate(vaultId, key, newValue)Rotate secret to new versionagentscreate({ name, description?, scopes?, expires_at?, intents_api_enabled?, token_ttl_seconds?, vault_ids? })Create agent → returns agent + api_keyagentsget(agentId)Get agentagentslist()List agentsagentsupdate(agentId, { is_active?, scopes?, intents_api_enabled?, tx_*? })Update agentagentsdelete(agentId)Delete agentagentsrotateKey(agentId)Rotate agent API keyagentssubmitTransaction(agentId, { to, value, chain, ... })Submit EVM transactionagentssimulateTransaction(agentId, { to, value, chain, ... })Simulate transactionagentssimulateBundle(agentId, bundle)Simulate transaction bundleagentsgetTransaction(agentId, txId)Get transactionagentslistTransactions(agentId)List agent transactionsaccessgrantAgent(vaultId, agentId, permissions, { path?, conditions?, expires_at? })Grant agent accessaccessgrantHuman(vaultId, userId, permissions, { path?, conditions?, expires_at? })Grant user accessaccesslistGrants(vaultId)List policiesaccessupdate(vaultId, policyId, { permissions?, conditions?, expires_at? })Update policyaccessrevoke(vaultId, policyId)Revoke policysharingcreate(secretId, { recipient_type, recipient_id?, expires_at, max_access_count? })Create sharesharingaccess(shareId)Access shared secretsharinglistOutbound()Shares you createdsharinglistInbound()Shares sent to yousharingaccept(shareId)Accept inbound sharesharingdecline(shareId)Decline inbound sharesharingrevoke(shareId)Revoke outbound shareauditquery({ action?, actor_id?, from?, to?, limit?, offset? })Query audit eventsbillingusage()Current month usagebillinghistory(limit?)Usage event historyauthlogin({ email, password })Human loginauthagentToken({ agent_id, api_key })Agent JWT exchangeauthlogout()Revoke tokenapiKeyscreate({ name, scopes?, expires_at? })Create personal API keyapiKeyslist()List API keysapiKeysrevoke(keyId)Revoke keychainslist()List supported chainschainsget(identifier)Get chain by name or IDorglistMembers()List org membersorgupdateMemberRole(userId, role)Update member roleorgremoveMember(userId)Remove member
OpenAPI spec for custom SDKs
The API spec is published as an npm package for generating clients in any language: npm install @1claw/openapi-spec Ships openapi.yaml and openapi.json. Use with any OpenAPI 3.1 codegen tool: # TypeScript npx openapi-typescript node_modules/@1claw/openapi-spec/openapi.yaml -o ./types.ts # Python openapi-generator generate -i node_modules/@1claw/openapi-spec/openapi.yaml -g python -o ./oneclaw-py # Go oapi-codegen -package oneclaw node_modules/@1claw/openapi-spec/openapi.yaml > oneclaw.go SDK also re-exports generated types: import type { ApiSchemas } from "@1claw/sdk".
Supported Chains
Default chain registry (query GET /v1/chains for live list): NameChain IDTestnetethereum1nobase8453nooptimism10noarbitrum-one42161nopolygon137nosepolia11155111yesbase-sepolia84532yes Use chain names (e.g. "base", "sepolia") or numeric chain IDs in transaction requests.
Access Control Model
Agents do not get blanket access. A human must create a policy to grant an agent access to specific secret paths. Path patterns: Glob syntax — api-keys/*, db/**, ** (all) Permissions: read, write (delete requires write) Conditions: IP allowlist, time windows (JSON) Expiry: Optional ISO 8601 date If no policy matches → 403 Forbidden. Vault creators always have full access (owner bypass).
Vault binding and token scoping
Agents can be restricted beyond policies: vault_ids: Restrict the agent to specific vaults. If non-empty, any request to a vault not in the list returns 403. token_ttl_seconds: Custom JWT expiry per agent (e.g., 300 for 5-minute tokens). Scopes from policies: JWT scopes are derived from the agent's access policies. If an agent has no policies and no explicit scopes, it has zero access. Set via dashboard, CLI (--token-ttl, --vault-ids), SDK, or API.
Customer-Managed Encryption Keys (CMEK)
Enterprise opt-in feature (Business tier and above). A human generates a 256-bit AES key in the dashboard — the key never leaves their device. Only its SHA-256 fingerprint is stored on the server. Enable: POST /v1/vaults/{id}/cmek with { fingerprint } Disable: DELETE /v1/vaults/{id}/cmek Rotate: POST /v1/vaults/{id}/cmek-rotate (server-assisted, batched in 100s) Secrets stored in a CMEK vault have cmek_encrypted: true in responses Agents reading from a CMEK vault receive the encrypted blob. The CMEK key is required to decrypt client-side. This is designed for organizations with compliance requirements — the default HSM encryption is already strong.
Intents API
When intents_api_enabled = true (set by a human): Agent gains transaction signing via the Intents API (keys stay in HSM) Agent is blocked from reading private_key and ssh_key secrets directly (403) Default signing key path: keys/{chain}-signer. Override with signing_key_path. Replay protection (Idempotency-Key) Include an Idempotency-Key: <unique-string> header on POST /v1/agents/{id}/transactions. The server SHA-256 hashes the key and caches the result for 24 hours. Duplicate submissions with the same key return the cached response instead of re-signing and re-broadcasting. If two concurrent requests share a key, one returns 409 (retry after a moment). Server-side nonce serialization When nonce is omitted from a transaction request, the server resolves it automatically via eth_getTransactionCount (pending) and serializes concurrent callers with SELECT FOR UPDATE. This prevents two in-flight submissions from the same agent+chain+address from receiving the same nonce. You can still pass an explicit nonce to override. signed_tx field gating GET endpoints (/v1/agents/{id}/transactions and /v1/agents/{id}/transactions/{txid}) redact the signed_tx field by default to reduce exfiltration risk. To include it, pass ?include_signed_tx=true. The initial POST response always includes signed_tx for the originating caller.
Transaction guardrails
Human-configured, server-enforced limits on what the Intents API allows: GuardrailFieldEffectAllowed destinationstx_to_allowlistOnly listed addresses permitted. Empty = unrestrictedMax value per txtx_max_value_ethSingle-tx cap in ETH. NULL = unlimitedDaily spend limittx_daily_limit_ethRolling 24h cumulative cap. NULL = unlimitedAllowed chainstx_allowed_chainsChain names. Empty = all chains Agents cannot modify their own guardrails. Violations return 403 with a descriptive error.
Shroud per-agent LLM proxy
When shroud_enabled = true (set by a human), the agent's LLM traffic is routed through Shroud (shroud.1claw.xyz) for secret redaction, PII scrubbing, prompt injection defense, threat detection, and policy enforcement inside a TEE. shroud_config is an optional JSON object that lets humans fine-tune the proxy behavior per agent: Basic settings FieldTypeDescriptionpii_policy"block" | "redact" | "warn" | "allow"How PII in LLM traffic is handledinjection_thresholdnumber (0.0–1.0)Prompt injection detection sensitivitycontext_injection_thresholdnumber (0.0–1.0)Context injection detection sensitivityallowed_providersstring[]LLM providers the agent may use (empty = all)allowed_modelsstring[]Models the agent may use (empty = all)denied_modelsstring[]Models explicitly blockedmax_tokens_per_requestnumberToken cap per LLM requestmax_requests_per_minutenumberPer-minute rate limitmax_requests_per_daynumberPer-day rate limitdaily_budget_usdnumberDaily LLM spend cap in USDenable_secret_redactionbooleanRedact vault secrets from LLM contextenable_response_filteringbooleanFilter sensitive data from LLM responses Threat detection settings Multi-layered detection for prompt injection, command injection, social engineering, and data exfiltration attempts: FieldTypeDescriptionunicode_normalizationobjectHomoglyph/zero-width character normalization (see below)command_injection_detectionobjectDetect shell commands, path traversal, reverse shellssocial_engineering_detectionobjectDetect urgency, authority claims, secrecy requests, bypass attemptsencoding_detectionobjectDetect base64, hex, Unicode escapes that may hide payloadsnetwork_detectionobjectDetect blocked domains, IP URLs, data exfiltration patternsfilesystem_detectionobjectDetect sensitive paths (/etc/passwd, .ssh/, .env, etc.)sanitization_modestring"block" (reject threats), "sanitize" (strip), "warn" (log)threat_loggingbooleanLog detected threats for audit (default: true) unicode_normalization object: FieldTypeDefaultDescriptionenabledbooleantrueEnable Unicode normalizationstrip_zero_widthbooleantrueRemove zero-width characters (U+200B, U+200C)normalize_homoglyphsbooleantrueConvert look-alike characters (Cyrillic а → a)normalization_formstring"NFKC"Unicode form: "NFC", "NFKC", "NFD", "NFKD" command_injection_detection object: FieldTypeDefaultDescriptionactionstring"block""block", "sanitize", or "warn"strictnessstring"default""strict" (more patterns), "default", "relaxed" social_engineering_detection object: FieldTypeDefaultDescriptionactionstring"warn""block" or "warn"sensitivitystring"medium""low" (more triggers), "medium", "high" encoding_detection object: FieldTypeDefaultDescriptionactionstring"warn""block", "decode", or "warn"detect_base64booleantrueDetect base64 encoded contentdetect_hexbooleantrueDetect \xNN hex escapesdetect_unicodebooleantrueDetect \uNNNN Unicode escapes network_detection object: FieldTypeDefaultDescriptionactionstring"warn""block" or "warn"blocked_domainsstring[]pastebin, ngrok, etc.Domains to block (subdomains auto)allowed_domainsstring[][]Allowlist (empty = blocklist mode) filesystem_detection object: FieldTypeDefaultDescriptionactionstring"log""block", "sanitize", or "log"blocked_pathsstring[]/etc/passwd, .ssh/, .env, etc.Paths to detect SDK: await client.agents.create({ name: "my-agent", shroud_enabled: true, shroud_config: { pii_policy: "redact", injection_threshold: 0.8, allowed_providers: ["openai", "anthropic"], max_requests_per_day: 1000, daily_budget_usd: 10.0, enable_secret_redaction: true, // Threat detection unicode_normalization: { enabled: true, normalize_homoglyphs: true }, command_injection_detection: { action: "block", strictness: "default" }, social_engineering_detection: { action: "warn", sensitivity: "medium" }, encoding_detection: { action: "warn", detect_base64: true }, network_detection: { action: "warn", blocked_domains: ["pastebin.com"] }, filesystem_detection: { action: "log" }, sanitization_mode: "block", threat_logging: true, }, }); await client.agents.update(agentId, { shroud_enabled: true, shroud_config: { pii_policy: "block", injection_threshold: 0.9 }, }); CLI: 1claw agent create my-agent --shroud 1claw agent update <agent-id> --shroud true 1claw agent update <agent-id> --shroud false MCP: When shroud_enabled is true, the agent can send LLM requests through shroud.1claw.xyz. The Shroud proxy enforces the agent's shroud_config policy automatically — no client-side changes needed.
Share with Your Human
Agents can share secrets back with the human who created or enrolled them. Use recipient_type: "creator" — no email or user ID needed. Via MCP: share_secret(secret_id: "...", recipient_type: "creator", expires_at: "2026-12-31T00:00:00Z") Via SDK: await client.sharing.create(secretId, { recipient_type: "creator", expires_at: "2026-12-31T00:00:00Z", max_access_count: 5, }); The human sees the share in their Inbound shares and accepts it. This is the primary pattern for agents that discover or generate credentials and need to report them to their human.
Fleet Patterns
When many agents operate in the same organization: Vault organization: Use a shared vault with path-scoped policies (e.g. agents/{name}/**) or per-agent vaults for strict isolation. Bulk provisioning: Use the authenticated POST /v1/agents endpoint with a human API key to create many agents, or stagger self-enrollment calls to respect the 10-min per-email cooldown. Vault binding: Set vault_ids on each agent to restrict JWT scope beyond what policies allow. Token TTL: Shorten to 5 min for ephemeral tasks (token_ttl_seconds: 300), keep default 1h for long-running agents. Transaction guardrails: Apply tx_max_value_eth, tx_daily_limit_eth, and tx_allowed_chains to all Intents API agents. Monitoring: Filter the audit log by agent ID to track per-agent activity. Use billing usage to monitor org-wide consumption.
Security Model
Credentials are configured by the human, not the agent. The MCP server reads them from env vars. The agent never sees its own credentials. The MCP server authenticates on the agent's behalf. Access is deny-by-default. Even with valid credentials, only policy-allowed secrets are accessible. Secret values are fetched just-in-time and must never be stored, echoed, or included in summaries. Agents cannot create email-based shares (prevents unsolicited email sharing). Intents API is opt-in. When enabled, raw key reads are blocked. Transaction guardrails are human-controlled and server-enforced. Token revocation: DELETE /v1/auth/token (or SDK auth.logout()) revokes the current Bearer token; revoked tokens return 401. Request body limit: 5MB max; larger requests return 413.
Error Handling
CodeMeaningAction400Bad requestCheck request body format401Not authenticatedToken expired — re-authenticate402Quota exhausted / payment requiredBody may include required_usd, message. Intents submit over quota: 0.25% of tx value; top up credits or send X-PAYMENT for required amount. Otherwise upgrade at 1claw.xyz/settings/billing403No permissionAsk user to grant access via a policy. Or: guardrail violation (check error detail)403Resource limit reached (type: "resource_limit_exceeded")Tier limit on vaults/secrets/agents hit — ask user to upgrade at 1claw.xyz/settings/billing404Not foundCheck path with list_secrets405Method not allowedWrong HTTP verb for this endpoint409ConflictResource already exists (e.g. duplicate vault name)410GoneSecret expired or max access count reached — ask user to store a new version422Validation error or simulation revertedCheck input. For simulate_first: transaction would revert413Payload too largeRequest body over 5MB — reduce payload size429Rate limitedWait and retry. Auth routes: 5 req burst, 1/sec. Share creation: 10/min/org All error responses include a detail field with a human-readable message.
Best Practices
Fetch secrets just-in-time. Call get_secret immediately before the API call that needs the credential. Never echo secret values. Say "I retrieved the API key and used it" — never include raw values in responses. Use describe_secret first to check existence or validity before fetching the full value. Use list_secrets to discover available credentials before guessing paths. Rotate after regeneration. If you regenerate an API key at a provider, immediately rotate_and_store the new value. Use grant_access for vault-level sharing — creates a fine-grained policy with path patterns. Use share_secret for one-off sharing — creates a time-limited, access-counted share link. Simulate before signing. Always use simulate_first: true (default) or call simulate_transaction before submit_transaction. Check list_vaults before creating. Avoid creating duplicate vaults. Handle 402 gracefully. Billing/quota errors should be surfaced to the user, not retried.
Billing Tiers
TierRequests/moVaultsSecretsAgentsPriceFree1,0003502$0Pro25,0002550010$29/moBusiness100,0001005,00050$149/mo (+ CMEK)EnterpriseCustomUnlimitedUnlimitedUnlimitedContact (+ CMEK + KMS delegation) Overage methods: prepaid credits (top up via Stripe, deducted per request) or x402 micropayments (per-query on-chain payments on Base). Audit, org, security, chain, billing, and auth endpoints are free and never consume quota.
Links
Dashboard: 1claw.xyz Docs: docs.1claw.xyz Status: 1claw.xyz/status API: https://api.1claw.xyz SDK: @1claw/sdk on npm OpenAPI Spec: @1claw/openapi-spec on npm MCP Server: @1claw/mcp on npm CLI: @1claw/cli on npm GitHub: github.com/1clawAI Support: ops@1claw.xyz
Category context
Long-tail utilities that do not fit the current primary taxonomy cleanly.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
4 Docs
- SKILL.md
- CONFIG.md
- EXAMPLES.md
- README.md