{ "schemaVersion": "1.0", "item": { "slug": "1claw", "name": "1claw", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/kmjones1979/1claw", "canonicalUrl": "https://clawhub.ai/kmjones1979/1claw", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/1claw", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1claw", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "EXAMPLES.md", "README.md", "CONFIG.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/1claw" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/1claw", "agentPageUrl": "https://openagent3.xyz/skills/1claw/agent", "manifestUrl": "https://openagent3.xyz/skills/1claw/agent.json", "briefUrl": "https://openagent3.xyz/skills/1claw/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "1Claw — HSM-Backed Secret Management for AI Agents", "body": "1Claw is a cloud HSM-backed secrets manager. Agents access API keys, passwords, and credentials at runtime without them ever entering the conversation context. Secrets are encrypted with keys that never leave the HSM.\n\nAPI base URL: https://api.1claw.xyz\nShroud (TEE proxy): https://shroud.1claw.xyz\nMCP endpoint: https://mcp.1claw.xyz/mcp\nDashboard: https://1claw.xyz\nDocs: https://docs.1claw.xyz" }, { "title": "When to use this skill", "body": "You need an API key, password, or credential to complete a task\nYou want to store a newly generated credential securely\nYou need to share a secret with a user or another agent\nYou need to rotate a credential after regenerating it\nYou want to check what secrets are available before using one\nYou need to sign or simulate an EVM transaction without exposing private keys\nYou want TEE-grade key isolation for transaction signing (use Shroud at shroud.1claw.xyz)" }, { "title": "Option 0: Self-enrollment (new agents)", "body": "If you don't have credentials yet, self-enroll — this sends them to your human:\n\n# curl\ncurl -s -X POST https://api.1claw.xyz/v1/agents/enroll \\\n -H \"Content-Type: application/json\" \\\n -d '{\"name\":\"my-agent\",\"human_email\":\"human@example.com\"}'\n\n# TypeScript SDK (static method, no auth needed)\nimport { AgentsResource } from \"@1claw/sdk\";\nawait AgentsResource.enroll(\"https://api.1claw.xyz\", {\n name: \"my-agent\",\n human_email: \"human@example.com\",\n});\n\n# CLI (no auth needed)\nnpx @1claw/cli agent enroll my-agent --email human@example.com\n\nThe human receives the Agent ID + API key by email. They then configure policies for your access." }, { "title": "Option 1: MCP server (recommended for AI agents)", "body": "Add to your MCP client configuration. Only the API key is required — agent ID and vault are auto-discovered.\n\n{\n \"mcpServers\": {\n \"1claw\": {\n \"command\": \"npx\",\n \"args\": [\"-y\", \"@1claw/mcp\"],\n \"env\": {\n \"ONECLAW_AGENT_API_KEY\": \"\"\n }\n }\n }\n}\n\nOptional overrides: ONECLAW_AGENT_ID (explicit agent), ONECLAW_VAULT_ID (explicit vault).\n\nHosted HTTP streaming mode:\n\nURL: https://mcp.1claw.xyz/mcp\nHeaders:\n Authorization: Bearer \n X-Vault-ID: " }, { "title": "Option 2: TypeScript SDK", "body": "npm install @1claw/sdk\n\nimport { createClient } from \"@1claw/sdk\";\n\nconst client = createClient({\n baseUrl: \"https://api.1claw.xyz\",\n apiKey: process.env.ONECLAW_AGENT_API_KEY,\n});" }, { "title": "Option 3: Direct REST API", "body": "Authenticate, then pass the Bearer token on every request.\n\n# Exchange agent API key for a JWT (key-only — agent_id is auto-resolved)\nRESP=$(curl -s -X POST https://api.1claw.xyz/v1/auth/agent-token \\\n -H \"Content-Type: application/json\" \\\n -d '{\"api_key\":\"\"}')\nTOKEN=$(echo \"$RESP\" | jq -r .access_token)\nAGENT_ID=$(echo \"$RESP\" | jq -r .agent_id)\n\n# Use the JWT\ncurl -H \"Authorization: Bearer $TOKEN\" https://api.1claw.xyz/v1/vaults\n\nAlternative: 1ck_ API keys (personal or agent) can be used directly as Bearer tokens — no JWT exchange needed." }, { "title": "Agent auth flow", "body": "Human registers an agent in the dashboard or via POST /v1/agents with an auth_method (api_key default, mtls, or oidc_client_credentials). For api_key agents → receives agent_id + api_key (prefix ocv_). For mTLS/OIDC agents → receives agent_id only (no API key).\nAll agents auto-receive an Ed25519 SSH keypair (public key on agent record, private key in __agent-keys vault).\nAPI key agents exchange credentials: POST /v1/auth/agent-token with { \"api_key\": \"\" } (or { \"agent_id\": \"\", \"api_key\": \"\" }) → returns { \"access_token\": \"\", \"expires_in\": 3600, \"agent_id\": \"\", \"vault_ids\": [\"...\"] }. Agent ID is optional — the server resolves it from the key prefix.\nAgent uses Authorization: Bearer on all subsequent requests.\nJWT scopes derive from the agent's access policies (path patterns). If no policies exist, scopes are empty (zero access). The agent's vault_ids are also included in the JWT — requests to unlisted vaults are rejected.\nToken TTL defaults to ~1 hour but can be set per-agent via token_ttl_seconds. The MCP server auto-refreshes 60s before expiry." }, { "title": "API key auth", "body": "Tokens starting with 1ck_ (human personal API keys) or ocv_ (agent API keys) can be used as Bearer tokens directly on any authenticated endpoint." }, { "title": "list_secrets", "body": "List all secrets in the vault. Returns paths, types, and versions — never values.\n\nParameterTypeRequiredDescriptionprefixstringnoPath prefix to filter (e.g. api-keys/)" }, { "title": "get_secret", "body": "Fetch the decrypted value of a secret. Use immediately before the API call that needs it. Never store the value or include it in summaries.\n\nParameterTypeRequiredDescriptionpathstringyesSecret path (e.g. api-keys/stripe)" }, { "title": "put_secret", "body": "Store a new secret or update an existing one. Each call creates a new version.\n\nParameterTypeRequiredDefaultDescriptionpathstringyesSecret pathvaluestringyesThe secret valuetypestringnoapi_keyOne of: api_key, password, private_key, certificate, file, note, ssh_key, env_bundlemetadataobjectnoArbitrary JSON metadataexpires_atstringnoISO 8601 expiry datetimemax_access_countnumbernoMax reads before auto-expiry (0 = unlimited)" }, { "title": "delete_secret", "body": "Soft-delete a secret. Reversible by an admin.\n\nParameterTypeRequiredDescriptionpathstringyesSecret path to delete" }, { "title": "describe_secret", "body": "Get metadata (type, version, expiry) without fetching the value. Use to check existence.\n\nParameterTypeRequiredDescriptionpathstringyesSecret path" }, { "title": "rotate_and_store", "body": "Store a new value for an existing secret, creating a new version. Use after regenerating a key.\n\nParameterTypeRequiredDescriptionpathstringyesSecret pathvaluestringyesNew secret value" }, { "title": "get_env_bundle", "body": "Fetch an env_bundle secret and parse its KEY=VALUE lines as JSON.\n\nParameterTypeRequiredDescriptionpathstringyesPath to an env_bundle secret" }, { "title": "create_vault", "body": "Create a new vault for organizing secrets.\n\nParameterTypeRequiredDescriptionnamestringyesVault name (1–255 chars)descriptionstringnoShort description" }, { "title": "list_vaults", "body": "List all vaults accessible to you. No parameters." }, { "title": "grant_access", "body": "Grant a user or agent access to a vault path pattern.\n\nParameterTypeRequiredDefaultDescriptionvault_idstring (UUID)yesVault IDprincipal_typeuser | agentyesWho to grant access toprincipal_idstring (UUID)yesThe user or agent UUIDpermissionsstring[]no[\"read\"][\"read\"], [\"write\"], or [\"read\",\"write\"]secret_path_patternstringno**Glob pattern for secret paths" }, { "title": "share_secret", "body": "Share a secret via link, with your creator, or with a specific user/agent.\n\nParameterTypeRequiredDescriptionsecret_idstring (UUID)yesThe secret's UUIDrecipient_typeuser | agent | anyone_with_link | creatoryescreator shares with the human who registered this agent — no ID neededrecipient_idstring (UUID)conditionalRequired for user and agent typesexpires_atstringyesISO 8601 expirymax_access_countnumberno (default 5)Max reads (0 = unlimited)\n\nTargeted shares (creator/user/agent) require the recipient to explicitly accept before access." }, { "title": "simulate_transaction", "body": "Simulate an EVM transaction via Tenderly without signing. Returns balance changes, gas estimates, success/revert status.\n\nParameterTypeRequiredDefaultDescriptiontostringyesDestination address (0x-prefixed)valuestringyesValue in ETH (e.g. \"0.01\")chainstringyesChain name or chain ID (see Supported Chains)datastringnoHex-encoded calldatasigning_key_pathstringnokeys/{chain}-signerVault path to signing keygas_limitnumberno21000Gas limit" }, { "title": "submit_transaction", "body": "Submit an EVM transaction for signing and optional broadcast. Requires intents_api_enabled.\n\nParameterTypeRequiredDefaultDescriptiontostringyesDestination addressvaluestringyesValue in ETHchainstringyesChain name or chain IDdatastringnoHex-encoded calldatasigning_key_pathstringnokeys/{chain}-signerVault path to signing keynoncenumbernoauto-resolvedTransaction noncegas_pricestringnoGas price in wei (legacy mode)gas_limitnumberno21000Gas limitmax_fee_per_gasstringnoEIP-1559 max fee in wei (triggers Type 2)max_priority_fee_per_gasstringnoEIP-1559 priority fee in weisimulate_firstbooleannotrueRun Tenderly simulation before signing" }, { "title": "REST API Quick Reference", "body": "Base URL: https://api.1claw.xyz. All authenticated endpoints require Authorization: Bearer ." }, { "title": "Auth (public — no token required)", "body": "MethodPathDescriptionPOST/v1/auth/tokenLogin (email + password) → { access_token }POST/v1/auth/agent-tokenAgent login (agent_id + api_key) → { access_token }POST/v1/auth/googleGoogle OAuthPOST/v1/auth/signupCreate account → sends verification emailPOST/v1/auth/verify-emailVerify email token → creates userPOST/v1/auth/mfa/verifyVerify MFA code during login" }, { "title": "Auth (authenticated)", "body": "MethodPathDescriptionGET/v1/auth/meGet current user profilePATCH/v1/auth/meUpdate profile (display_name, marketing_emails)DELETE/v1/auth/meDelete account (body: { \"confirmation\": \"DELETE MY ACCOUNT\" })DELETE/v1/auth/tokenRevoke current tokenPOST/v1/auth/change-passwordChange password" }, { "title": "Vaults", "body": "MethodPathDescriptionPOST/v1/vaultsCreate vault ({ name, description? }) → 201GET/v1/vaultsList vaults → { vaults: [...] }GET/v1/vaults/{id}Get vault detailsDELETE/v1/vaults/{id}Delete vault → 204POST/v1/vaults/{id}/cmekEnable CMEK ({ fingerprint })DELETE/v1/vaults/{id}/cmekDisable CMEKPOST/v1/vaults/{id}/cmek-rotateStart CMEK key rotation (headers: X-CMEK-Old-Key, X-CMEK-New-Key)GET/v1/vaults/{id}/cmek-rotate/{job_id}Get rotation job status" }, { "title": "Secrets", "body": "MethodPathDescriptionPUT/v1/vaults/{id}/secrets/{path}Store/update secret ({ type, value, metadata?, expires_at?, max_access_count? }) → 201GET/v1/vaults/{id}/secrets/{path}Read secret → { path, type, value, version, metadata }DELETE/v1/vaults/{id}/secrets/{path}Delete secret → 204GET/v1/vaults/{id}/secrets?prefix=...List secrets (metadata only, no values)" }, { "title": "Agents", "body": "MethodPathDescriptionPOST/v1/agentsCreate agent → { agent: {...}, api_key: \"ocv_...\" }GET/v1/agentsList agents → { agents: [...] }GET/v1/agents/{id}Get agentGET/v1/agents/meGet current agent (self)PATCH/v1/agents/{id}Update agent (is_active, scopes, intents_api_enabled, guardrails)DELETE/v1/agents/{id}Delete agent → 204POST/v1/agents/{id}/rotate-keyRotate agent API key → { api_key: \"ocv_...\" }POST/v1/agents/{id}/rotate-identity-keysRotate agent SSH + ECDH keypairs (user-only; keys in __agent-keys vault)" }, { "title": "Policies (Access Control)", "body": "MethodPathDescriptionPOST/v1/vaults/{id}/policiesCreate policy ({ principal_type, principal_id, secret_path_pattern, permissions, conditions?, expires_at? })GET/v1/vaults/{id}/policiesList policies for vaultPUT/v1/vaults/{id}/policies/{pid}Update policy (permissions, conditions, expires_at only)DELETE/v1/vaults/{id}/policies/{pid}Delete policy → 204" }, { "title": "Sharing", "body": "MethodPathDescriptionPOST/v1/secrets/{id}/shareCreate share linkGET/v1/shares/outboundList shares you createdGET/v1/shares/inboundList shares sent to youPOST/v1/shares/{id}/acceptAccept an inbound sharePOST/v1/shares/{id}/declineDecline an inbound shareDELETE/v1/share/{id}Revoke a shareGET/v1/share/{id}Access a share (public, may require passphrase)" }, { "title": "Intents API (requires intents_api_enabled)", "body": "MethodPathDescriptionPOST/v1/agents/{id}/transactionsSubmit transaction for signing. Optional Idempotency-Key header for replay protection (24h TTL)GET/v1/agents/{id}/transactionsList agent's transactions. signed_tx redacted unless ?include_signed_tx=trueGET/v1/agents/{id}/transactions/{txid}Get transaction details. signed_tx redacted unless ?include_signed_tx=truePOST/v1/agents/{id}/transactions/simulateSimulate single transactionPOST/v1/agents/{id}/transactions/simulate-bundleSimulate transaction bundle" }, { "title": "Audit", "body": "MethodPathDescriptionGET/v1/audit/events?limit=N&action=...&from=...&to=...Query audit events" }, { "title": "Billing", "body": "MethodPathDescriptionGET/v1/billing/subscriptionSubscription status, usage, credit balanceGET/v1/billing/credits/balanceCredit balance + expiring creditsGET/v1/billing/credits/transactionsCredit transaction ledgerPATCH/v1/billing/overage-methodSet overage method (credits or x402)GET/v1/billing/usageUsage summary (current month)GET/v1/billing/historyUsage event history" }, { "title": "Chains", "body": "MethodPathDescriptionGET/v1/chainsList supported chainsGET/v1/chains/{name_or_id}Get chain details" }, { "title": "Other", "body": "MethodPathDescriptionGET/v1/healthHealth check → { status, service, version }GET/v1/health/hsmHSM health → { status, hsm_provider, connected }POST/GET/DELETE/v1/auth/api-keys[/{id}]Manage personal API keysGET/POST/DELETE/v1/security/ip-rules[/{id}]Manage IP allowlist/blocklistGET/PATCH/DELETE/v1/org/members[/{id}]Manage org members" }, { "title": "SDK Method Reference", "body": "All methods return Promise>. Access via client..(...).\n\nResourceMethodDescriptionvaultscreate({ name, description? })Create vaultvaultsget(vaultId)Get vaultvaultslist()List vaultsvaultsdelete(vaultId)Delete vaultsecretsset(vaultId, key, value, { type?, metadata?, expires_at?, max_access_count? })Store/update secretsecretsget(vaultId, key)Read secret (decrypted)secretslist(vaultId, prefix?)List secret metadatasecretsdelete(vaultId, key)Delete secretsecretsrotate(vaultId, key, newValue)Rotate secret to new versionagentscreate({ name, description?, scopes?, expires_at?, intents_api_enabled?, token_ttl_seconds?, vault_ids? })Create agent → returns agent + api_keyagentsget(agentId)Get agentagentslist()List agentsagentsupdate(agentId, { is_active?, scopes?, intents_api_enabled?, tx_*? })Update agentagentsdelete(agentId)Delete agentagentsrotateKey(agentId)Rotate agent API keyagentssubmitTransaction(agentId, { to, value, chain, ... })Submit EVM transactionagentssimulateTransaction(agentId, { to, value, chain, ... })Simulate transactionagentssimulateBundle(agentId, bundle)Simulate transaction bundleagentsgetTransaction(agentId, txId)Get transactionagentslistTransactions(agentId)List agent transactionsaccessgrantAgent(vaultId, agentId, permissions, { path?, conditions?, expires_at? })Grant agent accessaccessgrantHuman(vaultId, userId, permissions, { path?, conditions?, expires_at? })Grant user accessaccesslistGrants(vaultId)List policiesaccessupdate(vaultId, policyId, { permissions?, conditions?, expires_at? })Update policyaccessrevoke(vaultId, policyId)Revoke policysharingcreate(secretId, { recipient_type, recipient_id?, expires_at, max_access_count? })Create sharesharingaccess(shareId)Access shared secretsharinglistOutbound()Shares you createdsharinglistInbound()Shares sent to yousharingaccept(shareId)Accept inbound sharesharingdecline(shareId)Decline inbound sharesharingrevoke(shareId)Revoke outbound shareauditquery({ action?, actor_id?, from?, to?, limit?, offset? })Query audit eventsbillingusage()Current month usagebillinghistory(limit?)Usage event historyauthlogin({ email, password })Human loginauthagentToken({ agent_id, api_key })Agent JWT exchangeauthlogout()Revoke tokenapiKeyscreate({ name, scopes?, expires_at? })Create personal API keyapiKeyslist()List API keysapiKeysrevoke(keyId)Revoke keychainslist()List supported chainschainsget(identifier)Get chain by name or IDorglistMembers()List org membersorgupdateMemberRole(userId, role)Update member roleorgremoveMember(userId)Remove member" }, { "title": "OpenAPI spec for custom SDKs", "body": "The API spec is published as an npm package for generating clients in any language:\n\nnpm install @1claw/openapi-spec\n\nShips openapi.yaml and openapi.json. Use with any OpenAPI 3.1 codegen tool:\n\n# TypeScript\nnpx openapi-typescript node_modules/@1claw/openapi-spec/openapi.yaml -o ./types.ts\n\n# Python\nopenapi-generator generate -i node_modules/@1claw/openapi-spec/openapi.yaml -g python -o ./oneclaw-py\n\n# Go\noapi-codegen -package oneclaw node_modules/@1claw/openapi-spec/openapi.yaml > oneclaw.go\n\nSDK also re-exports generated types: import type { ApiSchemas } from \"@1claw/sdk\"." }, { "title": "Supported Chains", "body": "Default chain registry (query GET /v1/chains for live list):\n\nNameChain IDTestnetethereum1nobase8453nooptimism10noarbitrum-one42161nopolygon137nosepolia11155111yesbase-sepolia84532yes\n\nUse chain names (e.g. \"base\", \"sepolia\") or numeric chain IDs in transaction requests." }, { "title": "Access Control Model", "body": "Agents do not get blanket access. A human must create a policy to grant an agent access to specific secret paths.\n\nPath patterns: Glob syntax — api-keys/*, db/**, ** (all)\nPermissions: read, write (delete requires write)\nConditions: IP allowlist, time windows (JSON)\nExpiry: Optional ISO 8601 date\n\nIf no policy matches → 403 Forbidden. Vault creators always have full access (owner bypass)." }, { "title": "Vault binding and token scoping", "body": "Agents can be restricted beyond policies:\n\nvault_ids: Restrict the agent to specific vaults. If non-empty, any request to a vault not in the list returns 403.\ntoken_ttl_seconds: Custom JWT expiry per agent (e.g., 300 for 5-minute tokens).\nScopes from policies: JWT scopes are derived from the agent's access policies. If an agent has no policies and no explicit scopes, it has zero access.\n\nSet via dashboard, CLI (--token-ttl, --vault-ids), SDK, or API." }, { "title": "Customer-Managed Encryption Keys (CMEK)", "body": "Enterprise opt-in feature (Business tier and above). A human generates a 256-bit AES key in the dashboard — the key never leaves their device. Only its SHA-256 fingerprint is stored on the server.\n\nEnable: POST /v1/vaults/{id}/cmek with { fingerprint }\nDisable: DELETE /v1/vaults/{id}/cmek\nRotate: POST /v1/vaults/{id}/cmek-rotate (server-assisted, batched in 100s)\nSecrets stored in a CMEK vault have cmek_encrypted: true in responses\n\nAgents reading from a CMEK vault receive the encrypted blob. The CMEK key is required to decrypt client-side. This is designed for organizations with compliance requirements — the default HSM encryption is already strong." }, { "title": "Intents API", "body": "When intents_api_enabled = true (set by a human):\n\nAgent gains transaction signing via the Intents API (keys stay in HSM)\nAgent is blocked from reading private_key and ssh_key secrets directly (403)\n\nDefault signing key path: keys/{chain}-signer. Override with signing_key_path.\n\nReplay protection (Idempotency-Key)\n\nInclude an Idempotency-Key: header on POST /v1/agents/{id}/transactions. The server SHA-256 hashes the key and caches the result for 24 hours. Duplicate submissions with the same key return the cached response instead of re-signing and re-broadcasting. If two concurrent requests share a key, one returns 409 (retry after a moment).\n\nServer-side nonce serialization\n\nWhen nonce is omitted from a transaction request, the server resolves it automatically via eth_getTransactionCount (pending) and serializes concurrent callers with SELECT FOR UPDATE. This prevents two in-flight submissions from the same agent+chain+address from receiving the same nonce. You can still pass an explicit nonce to override.\n\nsigned_tx field gating\n\nGET endpoints (/v1/agents/{id}/transactions and /v1/agents/{id}/transactions/{txid}) redact the signed_tx field by default to reduce exfiltration risk. To include it, pass ?include_signed_tx=true. The initial POST response always includes signed_tx for the originating caller." }, { "title": "Transaction guardrails", "body": "Human-configured, server-enforced limits on what the Intents API allows:\n\nGuardrailFieldEffectAllowed destinationstx_to_allowlistOnly listed addresses permitted. Empty = unrestrictedMax value per txtx_max_value_ethSingle-tx cap in ETH. NULL = unlimitedDaily spend limittx_daily_limit_ethRolling 24h cumulative cap. NULL = unlimitedAllowed chainstx_allowed_chainsChain names. Empty = all chains\n\nAgents cannot modify their own guardrails. Violations return 403 with a descriptive error." }, { "title": "Shroud per-agent LLM proxy", "body": "When shroud_enabled = true (set by a human), the agent's LLM traffic is routed through Shroud (shroud.1claw.xyz) for secret redaction, PII scrubbing, prompt injection defense, threat detection, and policy enforcement inside a TEE.\n\nshroud_config is an optional JSON object that lets humans fine-tune the proxy behavior per agent:\n\nBasic settings\n\nFieldTypeDescriptionpii_policy\"block\" | \"redact\" | \"warn\" | \"allow\"How PII in LLM traffic is handledinjection_thresholdnumber (0.0–1.0)Prompt injection detection sensitivitycontext_injection_thresholdnumber (0.0–1.0)Context injection detection sensitivityallowed_providersstring[]LLM providers the agent may use (empty = all)allowed_modelsstring[]Models the agent may use (empty = all)denied_modelsstring[]Models explicitly blockedmax_tokens_per_requestnumberToken cap per LLM requestmax_requests_per_minutenumberPer-minute rate limitmax_requests_per_daynumberPer-day rate limitdaily_budget_usdnumberDaily LLM spend cap in USDenable_secret_redactionbooleanRedact vault secrets from LLM contextenable_response_filteringbooleanFilter sensitive data from LLM responses\n\nThreat detection settings\n\nMulti-layered detection for prompt injection, command injection, social engineering, and data exfiltration attempts:\n\nFieldTypeDescriptionunicode_normalizationobjectHomoglyph/zero-width character normalization (see below)command_injection_detectionobjectDetect shell commands, path traversal, reverse shellssocial_engineering_detectionobjectDetect urgency, authority claims, secrecy requests, bypass attemptsencoding_detectionobjectDetect base64, hex, Unicode escapes that may hide payloadsnetwork_detectionobjectDetect blocked domains, IP URLs, data exfiltration patternsfilesystem_detectionobjectDetect sensitive paths (/etc/passwd, .ssh/, .env, etc.)sanitization_modestring\"block\" (reject threats), \"sanitize\" (strip), \"warn\" (log)threat_loggingbooleanLog detected threats for audit (default: true)\n\nunicode_normalization object:\n\nFieldTypeDefaultDescriptionenabledbooleantrueEnable Unicode normalizationstrip_zero_widthbooleantrueRemove zero-width characters (U+200B, U+200C)normalize_homoglyphsbooleantrueConvert look-alike characters (Cyrillic а → a)normalization_formstring\"NFKC\"Unicode form: \"NFC\", \"NFKC\", \"NFD\", \"NFKD\"\n\ncommand_injection_detection object:\n\nFieldTypeDefaultDescriptionactionstring\"block\"\"block\", \"sanitize\", or \"warn\"strictnessstring\"default\"\"strict\" (more patterns), \"default\", \"relaxed\"\n\nsocial_engineering_detection object:\n\nFieldTypeDefaultDescriptionactionstring\"warn\"\"block\" or \"warn\"sensitivitystring\"medium\"\"low\" (more triggers), \"medium\", \"high\"\n\nencoding_detection object:\n\nFieldTypeDefaultDescriptionactionstring\"warn\"\"block\", \"decode\", or \"warn\"detect_base64booleantrueDetect base64 encoded contentdetect_hexbooleantrueDetect \\xNN hex escapesdetect_unicodebooleantrueDetect \\uNNNN Unicode escapes\n\nnetwork_detection object:\n\nFieldTypeDefaultDescriptionactionstring\"warn\"\"block\" or \"warn\"blocked_domainsstring[]pastebin, ngrok, etc.Domains to block (subdomains auto)allowed_domainsstring[][]Allowlist (empty = blocklist mode)\n\nfilesystem_detection object:\n\nFieldTypeDefaultDescriptionactionstring\"log\"\"block\", \"sanitize\", or \"log\"blocked_pathsstring[]/etc/passwd, .ssh/, .env, etc.Paths to detect\n\nSDK:\n\nawait client.agents.create({\n name: \"my-agent\",\n shroud_enabled: true,\n shroud_config: {\n pii_policy: \"redact\",\n injection_threshold: 0.8,\n allowed_providers: [\"openai\", \"anthropic\"],\n max_requests_per_day: 1000,\n daily_budget_usd: 10.0,\n enable_secret_redaction: true,\n // Threat detection\n unicode_normalization: { enabled: true, normalize_homoglyphs: true },\n command_injection_detection: { action: \"block\", strictness: \"default\" },\n social_engineering_detection: { action: \"warn\", sensitivity: \"medium\" },\n encoding_detection: { action: \"warn\", detect_base64: true },\n network_detection: { action: \"warn\", blocked_domains: [\"pastebin.com\"] },\n filesystem_detection: { action: \"log\" },\n sanitization_mode: \"block\",\n threat_logging: true,\n },\n});\n\nawait client.agents.update(agentId, {\n shroud_enabled: true,\n shroud_config: { pii_policy: \"block\", injection_threshold: 0.9 },\n});\n\nCLI:\n\n1claw agent create my-agent --shroud\n1claw agent update --shroud true\n1claw agent update --shroud false\n\nMCP: When shroud_enabled is true, the agent can send LLM requests through shroud.1claw.xyz. The Shroud proxy enforces the agent's shroud_config policy automatically — no client-side changes needed." }, { "title": "Share with Your Human", "body": "Agents can share secrets back with the human who created or enrolled them. Use recipient_type: \"creator\" — no email or user ID needed.\n\nVia MCP:\n\nshare_secret(secret_id: \"...\", recipient_type: \"creator\", expires_at: \"2026-12-31T00:00:00Z\")\n\nVia SDK:\n\nawait client.sharing.create(secretId, {\n recipient_type: \"creator\",\n expires_at: \"2026-12-31T00:00:00Z\",\n max_access_count: 5,\n});\n\nThe human sees the share in their Inbound shares and accepts it. This is the primary pattern for agents that discover or generate credentials and need to report them to their human." }, { "title": "Fleet Patterns", "body": "When many agents operate in the same organization:\n\nVault organization: Use a shared vault with path-scoped policies (e.g. agents/{name}/**) or per-agent vaults for strict isolation.\nBulk provisioning: Use the authenticated POST /v1/agents endpoint with a human API key to create many agents, or stagger self-enrollment calls to respect the 10-min per-email cooldown.\nVault binding: Set vault_ids on each agent to restrict JWT scope beyond what policies allow.\nToken TTL: Shorten to 5 min for ephemeral tasks (token_ttl_seconds: 300), keep default 1h for long-running agents.\nTransaction guardrails: Apply tx_max_value_eth, tx_daily_limit_eth, and tx_allowed_chains to all Intents API agents.\nMonitoring: Filter the audit log by agent ID to track per-agent activity. Use billing usage to monitor org-wide consumption." }, { "title": "Security Model", "body": "Credentials are configured by the human, not the agent. The MCP server reads them from env vars.\nThe agent never sees its own credentials. The MCP server authenticates on the agent's behalf.\nAccess is deny-by-default. Even with valid credentials, only policy-allowed secrets are accessible.\nSecret values are fetched just-in-time and must never be stored, echoed, or included in summaries.\nAgents cannot create email-based shares (prevents unsolicited email sharing).\nIntents API is opt-in. When enabled, raw key reads are blocked.\nTransaction guardrails are human-controlled and server-enforced.\nToken revocation: DELETE /v1/auth/token (or SDK auth.logout()) revokes the current Bearer token; revoked tokens return 401.\nRequest body limit: 5MB max; larger requests return 413." }, { "title": "Error Handling", "body": "CodeMeaningAction400Bad requestCheck request body format401Not authenticatedToken expired — re-authenticate402Quota exhausted / payment requiredBody may include required_usd, message. Intents submit over quota: 0.25% of tx value; top up credits or send X-PAYMENT for required amount. Otherwise upgrade at 1claw.xyz/settings/billing403No permissionAsk user to grant access via a policy. Or: guardrail violation (check error detail)403Resource limit reached (type: \"resource_limit_exceeded\")Tier limit on vaults/secrets/agents hit — ask user to upgrade at 1claw.xyz/settings/billing404Not foundCheck path with list_secrets405Method not allowedWrong HTTP verb for this endpoint409ConflictResource already exists (e.g. duplicate vault name)410GoneSecret expired or max access count reached — ask user to store a new version422Validation error or simulation revertedCheck input. For simulate_first: transaction would revert413Payload too largeRequest body over 5MB — reduce payload size429Rate limitedWait and retry. Auth routes: 5 req burst, 1/sec. Share creation: 10/min/org\n\nAll error responses include a detail field with a human-readable message." }, { "title": "Best Practices", "body": "Fetch secrets just-in-time. Call get_secret immediately before the API call that needs the credential.\nNever echo secret values. Say \"I retrieved the API key and used it\" — never include raw values in responses.\nUse describe_secret first to check existence or validity before fetching the full value.\nUse list_secrets to discover available credentials before guessing paths.\nRotate after regeneration. If you regenerate an API key at a provider, immediately rotate_and_store the new value.\nUse grant_access for vault-level sharing — creates a fine-grained policy with path patterns.\nUse share_secret for one-off sharing — creates a time-limited, access-counted share link.\nSimulate before signing. Always use simulate_first: true (default) or call simulate_transaction before submit_transaction.\nCheck list_vaults before creating. Avoid creating duplicate vaults.\nHandle 402 gracefully. Billing/quota errors should be surfaced to the user, not retried." }, { "title": "Billing Tiers", "body": "TierRequests/moVaultsSecretsAgentsPriceFree1,0003502$0Pro25,0002550010$29/moBusiness100,0001005,00050$149/mo (+ CMEK)EnterpriseCustomUnlimitedUnlimitedUnlimitedContact (+ CMEK + KMS delegation)\n\nOverage methods: prepaid credits (top up via Stripe, deducted per request) or x402 micropayments (per-query on-chain payments on Base).\n\nAudit, org, security, chain, billing, and auth endpoints are free and never consume quota." }, { "title": "Links", "body": "Dashboard: 1claw.xyz\nDocs: docs.1claw.xyz\nStatus: 1claw.xyz/status\nAPI: https://api.1claw.xyz\nSDK: @1claw/sdk on npm\nOpenAPI Spec: @1claw/openapi-spec on npm\nMCP Server: @1claw/mcp on npm\nCLI: @1claw/cli on npm\nGitHub: github.com/1clawAI\nSupport: ops@1claw.xyz" } ], "body": "1Claw — HSM-Backed Secret Management for AI Agents\n\n1Claw is a cloud HSM-backed secrets manager. Agents access API keys, passwords, and credentials at runtime without them ever entering the conversation context. Secrets are encrypted with keys that never leave the HSM.\n\nAPI base URL: https://api.1claw.xyz Shroud (TEE proxy): https://shroud.1claw.xyz MCP endpoint: https://mcp.1claw.xyz/mcp Dashboard: https://1claw.xyz Docs: https://docs.1claw.xyz\n\nWhen to use this skill\nYou need an API key, password, or credential to complete a task\nYou want to store a newly generated credential securely\nYou need to share a secret with a user or another agent\nYou need to rotate a credential after regenerating it\nYou want to check what secrets are available before using one\nYou need to sign or simulate an EVM transaction without exposing private keys\nYou want TEE-grade key isolation for transaction signing (use Shroud at shroud.1claw.xyz)\nSetup\nOption 0: Self-enrollment (new agents)\n\nIf you don't have credentials yet, self-enroll — this sends them to your human:\n\n# curl\ncurl -s -X POST https://api.1claw.xyz/v1/agents/enroll \\\n -H \"Content-Type: application/json\" \\\n -d '{\"name\":\"my-agent\",\"human_email\":\"human@example.com\"}'\n\n# TypeScript SDK (static method, no auth needed)\nimport { AgentsResource } from \"@1claw/sdk\";\nawait AgentsResource.enroll(\"https://api.1claw.xyz\", {\n name: \"my-agent\",\n human_email: \"human@example.com\",\n});\n\n# CLI (no auth needed)\nnpx @1claw/cli agent enroll my-agent --email human@example.com\n\n\nThe human receives the Agent ID + API key by email. They then configure policies for your access.\n\nOption 1: MCP server (recommended for AI agents)\n\nAdd to your MCP client configuration. Only the API key is required — agent ID and vault are auto-discovered.\n\n{\n \"mcpServers\": {\n \"1claw\": {\n \"command\": \"npx\",\n \"args\": [\"-y\", \"@1claw/mcp\"],\n \"env\": {\n \"ONECLAW_AGENT_API_KEY\": \"\"\n }\n }\n }\n}\n\n\nOptional overrides: ONECLAW_AGENT_ID (explicit agent), ONECLAW_VAULT_ID (explicit vault).\n\nHosted HTTP streaming mode:\n\nURL: https://mcp.1claw.xyz/mcp\nHeaders:\n Authorization: Bearer \n X-Vault-ID: \n\nOption 2: TypeScript SDK\nnpm install @1claw/sdk\n\nimport { createClient } from \"@1claw/sdk\";\n\nconst client = createClient({\n baseUrl: \"https://api.1claw.xyz\",\n apiKey: process.env.ONECLAW_AGENT_API_KEY,\n});\n\nOption 3: Direct REST API\n\nAuthenticate, then pass the Bearer token on every request.\n\n# Exchange agent API key for a JWT (key-only — agent_id is auto-resolved)\nRESP=$(curl -s -X POST https://api.1claw.xyz/v1/auth/agent-token \\\n -H \"Content-Type: application/json\" \\\n -d '{\"api_key\":\"\"}')\nTOKEN=$(echo \"$RESP\" | jq -r .access_token)\nAGENT_ID=$(echo \"$RESP\" | jq -r .agent_id)\n\n# Use the JWT\ncurl -H \"Authorization: Bearer $TOKEN\" https://api.1claw.xyz/v1/vaults\n\n\nAlternative: 1ck_ API keys (personal or agent) can be used directly as Bearer tokens — no JWT exchange needed.\n\nAuthentication\nAgent auth flow\nHuman registers an agent in the dashboard or via POST /v1/agents with an auth_method (api_key default, mtls, or oidc_client_credentials). For api_key agents → receives agent_id + api_key (prefix ocv_). For mTLS/OIDC agents → receives agent_id only (no API key).\nAll agents auto-receive an Ed25519 SSH keypair (public key on agent record, private key in __agent-keys vault).\nAPI key agents exchange credentials: POST /v1/auth/agent-token with { \"api_key\": \"\" } (or { \"agent_id\": \"\", \"api_key\": \"\" }) → returns { \"access_token\": \"\", \"expires_in\": 3600, \"agent_id\": \"\", \"vault_ids\": [\"...\"] }. Agent ID is optional — the server resolves it from the key prefix.\nAgent uses Authorization: Bearer on all subsequent requests.\nJWT scopes derive from the agent's access policies (path patterns). If no policies exist, scopes are empty (zero access). The agent's vault_ids are also included in the JWT — requests to unlisted vaults are rejected.\nToken TTL defaults to ~1 hour but can be set per-agent via token_ttl_seconds. The MCP server auto-refreshes 60s before expiry.\nAPI key auth\n\nTokens starting with 1ck_ (human personal API keys) or ocv_ (agent API keys) can be used as Bearer tokens directly on any authenticated endpoint.\n\nMCP Tools Reference\nlist_secrets\n\nList all secrets in the vault. Returns paths, types, and versions — never values.\n\nParameter\tType\tRequired\tDescription\nprefix\tstring\tno\tPath prefix to filter (e.g. api-keys/)\nget_secret\n\nFetch the decrypted value of a secret. Use immediately before the API call that needs it. Never store the value or include it in summaries.\n\nParameter\tType\tRequired\tDescription\npath\tstring\tyes\tSecret path (e.g. api-keys/stripe)\nput_secret\n\nStore a new secret or update an existing one. Each call creates a new version.\n\nParameter\tType\tRequired\tDefault\tDescription\npath\tstring\tyes\t\tSecret path\nvalue\tstring\tyes\t\tThe secret value\ntype\tstring\tno\tapi_key\tOne of: api_key, password, private_key, certificate, file, note, ssh_key, env_bundle\nmetadata\tobject\tno\t\tArbitrary JSON metadata\nexpires_at\tstring\tno\t\tISO 8601 expiry datetime\nmax_access_count\tnumber\tno\t\tMax reads before auto-expiry (0 = unlimited)\ndelete_secret\n\nSoft-delete a secret. Reversible by an admin.\n\nParameter\tType\tRequired\tDescription\npath\tstring\tyes\tSecret path to delete\ndescribe_secret\n\nGet metadata (type, version, expiry) without fetching the value. Use to check existence.\n\nParameter\tType\tRequired\tDescription\npath\tstring\tyes\tSecret path\nrotate_and_store\n\nStore a new value for an existing secret, creating a new version. Use after regenerating a key.\n\nParameter\tType\tRequired\tDescription\npath\tstring\tyes\tSecret path\nvalue\tstring\tyes\tNew secret value\nget_env_bundle\n\nFetch an env_bundle secret and parse its KEY=VALUE lines as JSON.\n\nParameter\tType\tRequired\tDescription\npath\tstring\tyes\tPath to an env_bundle secret\ncreate_vault\n\nCreate a new vault for organizing secrets.\n\nParameter\tType\tRequired\tDescription\nname\tstring\tyes\tVault name (1–255 chars)\ndescription\tstring\tno\tShort description\nlist_vaults\n\nList all vaults accessible to you. No parameters.\n\ngrant_access\n\nGrant a user or agent access to a vault path pattern.\n\nParameter\tType\tRequired\tDefault\tDescription\nvault_id\tstring (UUID)\tyes\t\tVault ID\nprincipal_type\tuser | agent\tyes\t\tWho to grant access to\nprincipal_id\tstring (UUID)\tyes\t\tThe user or agent UUID\npermissions\tstring[]\tno\t[\"read\"]\t[\"read\"], [\"write\"], or [\"read\",\"write\"]\nsecret_path_pattern\tstring\tno\t**\tGlob pattern for secret paths\nshare_secret\n\nShare a secret via link, with your creator, or with a specific user/agent.\n\nParameter\tType\tRequired\tDescription\nsecret_id\tstring (UUID)\tyes\tThe secret's UUID\nrecipient_type\tuser | agent | anyone_with_link | creator\tyes\tcreator shares with the human who registered this agent — no ID needed\nrecipient_id\tstring (UUID)\tconditional\tRequired for user and agent types\nexpires_at\tstring\tyes\tISO 8601 expiry\nmax_access_count\tnumber\tno (default 5)\tMax reads (0 = unlimited)\n\nTargeted shares (creator/user/agent) require the recipient to explicitly accept before access.\n\nsimulate_transaction\n\nSimulate an EVM transaction via Tenderly without signing. Returns balance changes, gas estimates, success/revert status.\n\nParameter\tType\tRequired\tDefault\tDescription\nto\tstring\tyes\t\tDestination address (0x-prefixed)\nvalue\tstring\tyes\t\tValue in ETH (e.g. \"0.01\")\nchain\tstring\tyes\t\tChain name or chain ID (see Supported Chains)\ndata\tstring\tno\t\tHex-encoded calldata\nsigning_key_path\tstring\tno\tkeys/{chain}-signer\tVault path to signing key\ngas_limit\tnumber\tno\t21000\tGas limit\nsubmit_transaction\n\nSubmit an EVM transaction for signing and optional broadcast. Requires intents_api_enabled.\n\nParameter\tType\tRequired\tDefault\tDescription\nto\tstring\tyes\t\tDestination address\nvalue\tstring\tyes\t\tValue in ETH\nchain\tstring\tyes\t\tChain name or chain ID\ndata\tstring\tno\t\tHex-encoded calldata\nsigning_key_path\tstring\tno\tkeys/{chain}-signer\tVault path to signing key\nnonce\tnumber\tno\tauto-resolved\tTransaction nonce\ngas_price\tstring\tno\t\tGas price in wei (legacy mode)\ngas_limit\tnumber\tno\t21000\tGas limit\nmax_fee_per_gas\tstring\tno\t\tEIP-1559 max fee in wei (triggers Type 2)\nmax_priority_fee_per_gas\tstring\tno\t\tEIP-1559 priority fee in wei\nsimulate_first\tboolean\tno\ttrue\tRun Tenderly simulation before signing\nREST API Quick Reference\n\nBase URL: https://api.1claw.xyz. All authenticated endpoints require Authorization: Bearer .\n\nAuth (public — no token required)\nMethod\tPath\tDescription\nPOST\t/v1/auth/token\tLogin (email + password) → { access_token }\nPOST\t/v1/auth/agent-token\tAgent login (agent_id + api_key) → { access_token }\nPOST\t/v1/auth/google\tGoogle OAuth\nPOST\t/v1/auth/signup\tCreate account → sends verification email\nPOST\t/v1/auth/verify-email\tVerify email token → creates user\nPOST\t/v1/auth/mfa/verify\tVerify MFA code during login\nAuth (authenticated)\nMethod\tPath\tDescription\nGET\t/v1/auth/me\tGet current user profile\nPATCH\t/v1/auth/me\tUpdate profile (display_name, marketing_emails)\nDELETE\t/v1/auth/me\tDelete account (body: { \"confirmation\": \"DELETE MY ACCOUNT\" })\nDELETE\t/v1/auth/token\tRevoke current token\nPOST\t/v1/auth/change-password\tChange password\nVaults\nMethod\tPath\tDescription\nPOST\t/v1/vaults\tCreate vault ({ name, description? }) → 201\nGET\t/v1/vaults\tList vaults → { vaults: [...] }\nGET\t/v1/vaults/{id}\tGet vault details\nDELETE\t/v1/vaults/{id}\tDelete vault → 204\nPOST\t/v1/vaults/{id}/cmek\tEnable CMEK ({ fingerprint })\nDELETE\t/v1/vaults/{id}/cmek\tDisable CMEK\nPOST\t/v1/vaults/{id}/cmek-rotate\tStart CMEK key rotation (headers: X-CMEK-Old-Key, X-CMEK-New-Key)\nGET\t/v1/vaults/{id}/cmek-rotate/{job_id}\tGet rotation job status\nSecrets\nMethod\tPath\tDescription\nPUT\t/v1/vaults/{id}/secrets/{path}\tStore/update secret ({ type, value, metadata?, expires_at?, max_access_count? }) → 201\nGET\t/v1/vaults/{id}/secrets/{path}\tRead secret → { path, type, value, version, metadata }\nDELETE\t/v1/vaults/{id}/secrets/{path}\tDelete secret → 204\nGET\t/v1/vaults/{id}/secrets?prefix=...\tList secrets (metadata only, no values)\nAgents\nMethod\tPath\tDescription\nPOST\t/v1/agents\tCreate agent → { agent: {...}, api_key: \"ocv_...\" }\nGET\t/v1/agents\tList agents → { agents: [...] }\nGET\t/v1/agents/{id}\tGet agent\nGET\t/v1/agents/me\tGet current agent (self)\nPATCH\t/v1/agents/{id}\tUpdate agent (is_active, scopes, intents_api_enabled, guardrails)\nDELETE\t/v1/agents/{id}\tDelete agent → 204\nPOST\t/v1/agents/{id}/rotate-key\tRotate agent API key → { api_key: \"ocv_...\" }\nPOST\t/v1/agents/{id}/rotate-identity-keys\tRotate agent SSH + ECDH keypairs (user-only; keys in __agent-keys vault)\nPolicies (Access Control)\nMethod\tPath\tDescription\nPOST\t/v1/vaults/{id}/policies\tCreate policy ({ principal_type, principal_id, secret_path_pattern, permissions, conditions?, expires_at? })\nGET\t/v1/vaults/{id}/policies\tList policies for vault\nPUT\t/v1/vaults/{id}/policies/{pid}\tUpdate policy (permissions, conditions, expires_at only)\nDELETE\t/v1/vaults/{id}/policies/{pid}\tDelete policy → 204\nSharing\nMethod\tPath\tDescription\nPOST\t/v1/secrets/{id}/share\tCreate share link\nGET\t/v1/shares/outbound\tList shares you created\nGET\t/v1/shares/inbound\tList shares sent to you\nPOST\t/v1/shares/{id}/accept\tAccept an inbound share\nPOST\t/v1/shares/{id}/decline\tDecline an inbound share\nDELETE\t/v1/share/{id}\tRevoke a share\nGET\t/v1/share/{id}\tAccess a share (public, may require passphrase)\nIntents API (requires intents_api_enabled)\nMethod\tPath\tDescription\nPOST\t/v1/agents/{id}/transactions\tSubmit transaction for signing. Optional Idempotency-Key header for replay protection (24h TTL)\nGET\t/v1/agents/{id}/transactions\tList agent's transactions. signed_tx redacted unless ?include_signed_tx=true\nGET\t/v1/agents/{id}/transactions/{txid}\tGet transaction details. signed_tx redacted unless ?include_signed_tx=true\nPOST\t/v1/agents/{id}/transactions/simulate\tSimulate single transaction\nPOST\t/v1/agents/{id}/transactions/simulate-bundle\tSimulate transaction bundle\nAudit\nMethod\tPath\tDescription\nGET\t/v1/audit/events?limit=N&action=...&from=...&to=...\tQuery audit events\nBilling\nMethod\tPath\tDescription\nGET\t/v1/billing/subscription\tSubscription status, usage, credit balance\nGET\t/v1/billing/credits/balance\tCredit balance + expiring credits\nGET\t/v1/billing/credits/transactions\tCredit transaction ledger\nPATCH\t/v1/billing/overage-method\tSet overage method (credits or x402)\nGET\t/v1/billing/usage\tUsage summary (current month)\nGET\t/v1/billing/history\tUsage event history\nChains\nMethod\tPath\tDescription\nGET\t/v1/chains\tList supported chains\nGET\t/v1/chains/{name_or_id}\tGet chain details\nOther\nMethod\tPath\tDescription\nGET\t/v1/health\tHealth check → { status, service, version }\nGET\t/v1/health/hsm\tHSM health → { status, hsm_provider, connected }\nPOST/GET/DELETE\t/v1/auth/api-keys[/{id}]\tManage personal API keys\nGET/POST/DELETE\t/v1/security/ip-rules[/{id}]\tManage IP allowlist/blocklist\nGET/PATCH/DELETE\t/v1/org/members[/{id}]\tManage org members\nSDK Method Reference\n\nAll methods return Promise>. Access via client..(...).\n\nResource\tMethod\tDescription\nvaults\tcreate({ name, description? })\tCreate vault\nvaults\tget(vaultId)\tGet vault\nvaults\tlist()\tList vaults\nvaults\tdelete(vaultId)\tDelete vault\nsecrets\tset(vaultId, key, value, { type?, metadata?, expires_at?, max_access_count? })\tStore/update secret\nsecrets\tget(vaultId, key)\tRead secret (decrypted)\nsecrets\tlist(vaultId, prefix?)\tList secret metadata\nsecrets\tdelete(vaultId, key)\tDelete secret\nsecrets\trotate(vaultId, key, newValue)\tRotate secret to new version\nagents\tcreate({ name, description?, scopes?, expires_at?, intents_api_enabled?, token_ttl_seconds?, vault_ids? })\tCreate agent → returns agent + api_key\nagents\tget(agentId)\tGet agent\nagents\tlist()\tList agents\nagents\tupdate(agentId, { is_active?, scopes?, intents_api_enabled?, tx_*? })\tUpdate agent\nagents\tdelete(agentId)\tDelete agent\nagents\trotateKey(agentId)\tRotate agent API key\nagents\tsubmitTransaction(agentId, { to, value, chain, ... })\tSubmit EVM transaction\nagents\tsimulateTransaction(agentId, { to, value, chain, ... })\tSimulate transaction\nagents\tsimulateBundle(agentId, bundle)\tSimulate transaction bundle\nagents\tgetTransaction(agentId, txId)\tGet transaction\nagents\tlistTransactions(agentId)\tList agent transactions\naccess\tgrantAgent(vaultId, agentId, permissions, { path?, conditions?, expires_at? })\tGrant agent access\naccess\tgrantHuman(vaultId, userId, permissions, { path?, conditions?, expires_at? })\tGrant user access\naccess\tlistGrants(vaultId)\tList policies\naccess\tupdate(vaultId, policyId, { permissions?, conditions?, expires_at? })\tUpdate policy\naccess\trevoke(vaultId, policyId)\tRevoke policy\nsharing\tcreate(secretId, { recipient_type, recipient_id?, expires_at, max_access_count? })\tCreate share\nsharing\taccess(shareId)\tAccess shared secret\nsharing\tlistOutbound()\tShares you created\nsharing\tlistInbound()\tShares sent to you\nsharing\taccept(shareId)\tAccept inbound share\nsharing\tdecline(shareId)\tDecline inbound share\nsharing\trevoke(shareId)\tRevoke outbound share\naudit\tquery({ action?, actor_id?, from?, to?, limit?, offset? })\tQuery audit events\nbilling\tusage()\tCurrent month usage\nbilling\thistory(limit?)\tUsage event history\nauth\tlogin({ email, password })\tHuman login\nauth\tagentToken({ agent_id, api_key })\tAgent JWT exchange\nauth\tlogout()\tRevoke token\napiKeys\tcreate({ name, scopes?, expires_at? })\tCreate personal API key\napiKeys\tlist()\tList API keys\napiKeys\trevoke(keyId)\tRevoke key\nchains\tlist()\tList supported chains\nchains\tget(identifier)\tGet chain by name or ID\norg\tlistMembers()\tList org members\norg\tupdateMemberRole(userId, role)\tUpdate member role\norg\tremoveMember(userId)\tRemove member\nOpenAPI spec for custom SDKs\n\nThe API spec is published as an npm package for generating clients in any language:\n\nnpm install @1claw/openapi-spec\n\n\nShips openapi.yaml and openapi.json. Use with any OpenAPI 3.1 codegen tool:\n\n# TypeScript\nnpx openapi-typescript node_modules/@1claw/openapi-spec/openapi.yaml -o ./types.ts\n\n# Python\nopenapi-generator generate -i node_modules/@1claw/openapi-spec/openapi.yaml -g python -o ./oneclaw-py\n\n# Go\noapi-codegen -package oneclaw node_modules/@1claw/openapi-spec/openapi.yaml > oneclaw.go\n\n\nSDK also re-exports generated types: import type { ApiSchemas } from \"@1claw/sdk\".\n\nSupported Chains\n\nDefault chain registry (query GET /v1/chains for live list):\n\nName\tChain ID\tTestnet\nethereum\t1\tno\nbase\t8453\tno\noptimism\t10\tno\narbitrum-one\t42161\tno\npolygon\t137\tno\nsepolia\t11155111\tyes\nbase-sepolia\t84532\tyes\n\nUse chain names (e.g. \"base\", \"sepolia\") or numeric chain IDs in transaction requests.\n\nAccess Control Model\n\nAgents do not get blanket access. A human must create a policy to grant an agent access to specific secret paths.\n\nPath patterns: Glob syntax — api-keys/*, db/**, ** (all)\nPermissions: read, write (delete requires write)\nConditions: IP allowlist, time windows (JSON)\nExpiry: Optional ISO 8601 date\n\nIf no policy matches → 403 Forbidden. Vault creators always have full access (owner bypass).\n\nVault binding and token scoping\n\nAgents can be restricted beyond policies:\n\nvault_ids: Restrict the agent to specific vaults. If non-empty, any request to a vault not in the list returns 403.\ntoken_ttl_seconds: Custom JWT expiry per agent (e.g., 300 for 5-minute tokens).\nScopes from policies: JWT scopes are derived from the agent's access policies. If an agent has no policies and no explicit scopes, it has zero access.\n\nSet via dashboard, CLI (--token-ttl, --vault-ids), SDK, or API.\n\nCustomer-Managed Encryption Keys (CMEK)\n\nEnterprise opt-in feature (Business tier and above). A human generates a 256-bit AES key in the dashboard — the key never leaves their device. Only its SHA-256 fingerprint is stored on the server.\n\nEnable: POST /v1/vaults/{id}/cmek with { fingerprint }\nDisable: DELETE /v1/vaults/{id}/cmek\nRotate: POST /v1/vaults/{id}/cmek-rotate (server-assisted, batched in 100s)\nSecrets stored in a CMEK vault have cmek_encrypted: true in responses\n\nAgents reading from a CMEK vault receive the encrypted blob. The CMEK key is required to decrypt client-side. This is designed for organizations with compliance requirements — the default HSM encryption is already strong.\n\nIntents API\n\nWhen intents_api_enabled = true (set by a human):\n\nAgent gains transaction signing via the Intents API (keys stay in HSM)\nAgent is blocked from reading private_key and ssh_key secrets directly (403)\n\nDefault signing key path: keys/{chain}-signer. Override with signing_key_path.\n\nReplay protection (Idempotency-Key)\n\nInclude an Idempotency-Key: header on POST /v1/agents/{id}/transactions. The server SHA-256 hashes the key and caches the result for 24 hours. Duplicate submissions with the same key return the cached response instead of re-signing and re-broadcasting. If two concurrent requests share a key, one returns 409 (retry after a moment).\n\nServer-side nonce serialization\n\nWhen nonce is omitted from a transaction request, the server resolves it automatically via eth_getTransactionCount (pending) and serializes concurrent callers with SELECT FOR UPDATE. This prevents two in-flight submissions from the same agent+chain+address from receiving the same nonce. You can still pass an explicit nonce to override.\n\nsigned_tx field gating\n\nGET endpoints (/v1/agents/{id}/transactions and /v1/agents/{id}/transactions/{txid}) redact the signed_tx field by default to reduce exfiltration risk. To include it, pass ?include_signed_tx=true. The initial POST response always includes signed_tx for the originating caller.\n\nTransaction guardrails\n\nHuman-configured, server-enforced limits on what the Intents API allows:\n\nGuardrail\tField\tEffect\nAllowed destinations\ttx_to_allowlist\tOnly listed addresses permitted. Empty = unrestricted\nMax value per tx\ttx_max_value_eth\tSingle-tx cap in ETH. NULL = unlimited\nDaily spend limit\ttx_daily_limit_eth\tRolling 24h cumulative cap. NULL = unlimited\nAllowed chains\ttx_allowed_chains\tChain names. Empty = all chains\n\nAgents cannot modify their own guardrails. Violations return 403 with a descriptive error.\n\nShroud per-agent LLM proxy\n\nWhen shroud_enabled = true (set by a human), the agent's LLM traffic is routed through Shroud (shroud.1claw.xyz) for secret redaction, PII scrubbing, prompt injection defense, threat detection, and policy enforcement inside a TEE.\n\nshroud_config is an optional JSON object that lets humans fine-tune the proxy behavior per agent:\n\nBasic settings\nField\tType\tDescription\npii_policy\t\"block\" | \"redact\" | \"warn\" | \"allow\"\tHow PII in LLM traffic is handled\ninjection_threshold\tnumber (0.0–1.0)\tPrompt injection detection sensitivity\ncontext_injection_threshold\tnumber (0.0–1.0)\tContext injection detection sensitivity\nallowed_providers\tstring[]\tLLM providers the agent may use (empty = all)\nallowed_models\tstring[]\tModels the agent may use (empty = all)\ndenied_models\tstring[]\tModels explicitly blocked\nmax_tokens_per_request\tnumber\tToken cap per LLM request\nmax_requests_per_minute\tnumber\tPer-minute rate limit\nmax_requests_per_day\tnumber\tPer-day rate limit\ndaily_budget_usd\tnumber\tDaily LLM spend cap in USD\nenable_secret_redaction\tboolean\tRedact vault secrets from LLM context\nenable_response_filtering\tboolean\tFilter sensitive data from LLM responses\nThreat detection settings\n\nMulti-layered detection for prompt injection, command injection, social engineering, and data exfiltration attempts:\n\nField\tType\tDescription\nunicode_normalization\tobject\tHomoglyph/zero-width character normalization (see below)\ncommand_injection_detection\tobject\tDetect shell commands, path traversal, reverse shells\nsocial_engineering_detection\tobject\tDetect urgency, authority claims, secrecy requests, bypass attempts\nencoding_detection\tobject\tDetect base64, hex, Unicode escapes that may hide payloads\nnetwork_detection\tobject\tDetect blocked domains, IP URLs, data exfiltration patterns\nfilesystem_detection\tobject\tDetect sensitive paths (/etc/passwd, .ssh/, .env, etc.)\nsanitization_mode\tstring\t\"block\" (reject threats), \"sanitize\" (strip), \"warn\" (log)\nthreat_logging\tboolean\tLog detected threats for audit (default: true)\n\nunicode_normalization object:\n\nField\tType\tDefault\tDescription\nenabled\tboolean\ttrue\tEnable Unicode normalization\nstrip_zero_width\tboolean\ttrue\tRemove zero-width characters (U+200B, U+200C)\nnormalize_homoglyphs\tboolean\ttrue\tConvert look-alike characters (Cyrillic а → a)\nnormalization_form\tstring\t\"NFKC\"\tUnicode form: \"NFC\", \"NFKC\", \"NFD\", \"NFKD\"\n\ncommand_injection_detection object:\n\nField\tType\tDefault\tDescription\naction\tstring\t\"block\"\t\"block\", \"sanitize\", or \"warn\"\nstrictness\tstring\t\"default\"\t\"strict\" (more patterns), \"default\", \"relaxed\"\n\nsocial_engineering_detection object:\n\nField\tType\tDefault\tDescription\naction\tstring\t\"warn\"\t\"block\" or \"warn\"\nsensitivity\tstring\t\"medium\"\t\"low\" (more triggers), \"medium\", \"high\"\n\nencoding_detection object:\n\nField\tType\tDefault\tDescription\naction\tstring\t\"warn\"\t\"block\", \"decode\", or \"warn\"\ndetect_base64\tboolean\ttrue\tDetect base64 encoded content\ndetect_hex\tboolean\ttrue\tDetect \\xNN hex escapes\ndetect_unicode\tboolean\ttrue\tDetect \\uNNNN Unicode escapes\n\nnetwork_detection object:\n\nField\tType\tDefault\tDescription\naction\tstring\t\"warn\"\t\"block\" or \"warn\"\nblocked_domains\tstring[]\tpastebin, ngrok, etc.\tDomains to block (subdomains auto)\nallowed_domains\tstring[]\t[]\tAllowlist (empty = blocklist mode)\n\nfilesystem_detection object:\n\nField\tType\tDefault\tDescription\naction\tstring\t\"log\"\t\"block\", \"sanitize\", or \"log\"\nblocked_paths\tstring[]\t/etc/passwd, .ssh/, .env, etc.\tPaths to detect\n\nSDK:\n\nawait client.agents.create({\n name: \"my-agent\",\n shroud_enabled: true,\n shroud_config: {\n pii_policy: \"redact\",\n injection_threshold: 0.8,\n allowed_providers: [\"openai\", \"anthropic\"],\n max_requests_per_day: 1000,\n daily_budget_usd: 10.0,\n enable_secret_redaction: true,\n // Threat detection\n unicode_normalization: { enabled: true, normalize_homoglyphs: true },\n command_injection_detection: { action: \"block\", strictness: \"default\" },\n social_engineering_detection: { action: \"warn\", sensitivity: \"medium\" },\n encoding_detection: { action: \"warn\", detect_base64: true },\n network_detection: { action: \"warn\", blocked_domains: [\"pastebin.com\"] },\n filesystem_detection: { action: \"log\" },\n sanitization_mode: \"block\",\n threat_logging: true,\n },\n});\n\nawait client.agents.update(agentId, {\n shroud_enabled: true,\n shroud_config: { pii_policy: \"block\", injection_threshold: 0.9 },\n});\n\n\nCLI:\n\n1claw agent create my-agent --shroud\n1claw agent update --shroud true\n1claw agent update --shroud false\n\n\nMCP: When shroud_enabled is true, the agent can send LLM requests through shroud.1claw.xyz. The Shroud proxy enforces the agent's shroud_config policy automatically — no client-side changes needed.\n\nShare with Your Human\n\nAgents can share secrets back with the human who created or enrolled them. Use recipient_type: \"creator\" — no email or user ID needed.\n\nVia MCP:\n\nshare_secret(secret_id: \"...\", recipient_type: \"creator\", expires_at: \"2026-12-31T00:00:00Z\")\n\n\nVia SDK:\n\nawait client.sharing.create(secretId, {\n recipient_type: \"creator\",\n expires_at: \"2026-12-31T00:00:00Z\",\n max_access_count: 5,\n});\n\n\nThe human sees the share in their Inbound shares and accepts it. This is the primary pattern for agents that discover or generate credentials and need to report them to their human.\n\nFleet Patterns\n\nWhen many agents operate in the same organization:\n\nVault organization: Use a shared vault with path-scoped policies (e.g. agents/{name}/**) or per-agent vaults for strict isolation.\nBulk provisioning: Use the authenticated POST /v1/agents endpoint with a human API key to create many agents, or stagger self-enrollment calls to respect the 10-min per-email cooldown.\nVault binding: Set vault_ids on each agent to restrict JWT scope beyond what policies allow.\nToken TTL: Shorten to 5 min for ephemeral tasks (token_ttl_seconds: 300), keep default 1h for long-running agents.\nTransaction guardrails: Apply tx_max_value_eth, tx_daily_limit_eth, and tx_allowed_chains to all Intents API agents.\nMonitoring: Filter the audit log by agent ID to track per-agent activity. Use billing usage to monitor org-wide consumption.\nSecurity Model\nCredentials are configured by the human, not the agent. The MCP server reads them from env vars.\nThe agent never sees its own credentials. The MCP server authenticates on the agent's behalf.\nAccess is deny-by-default. Even with valid credentials, only policy-allowed secrets are accessible.\nSecret values are fetched just-in-time and must never be stored, echoed, or included in summaries.\nAgents cannot create email-based shares (prevents unsolicited email sharing).\nIntents API is opt-in. When enabled, raw key reads are blocked.\nTransaction guardrails are human-controlled and server-enforced.\nToken revocation: DELETE /v1/auth/token (or SDK auth.logout()) revokes the current Bearer token; revoked tokens return 401.\nRequest body limit: 5MB max; larger requests return 413.\nError Handling\nCode\tMeaning\tAction\n400\tBad request\tCheck request body format\n401\tNot authenticated\tToken expired — re-authenticate\n402\tQuota exhausted / payment required\tBody may include required_usd, message. Intents submit over quota: 0.25% of tx value; top up credits or send X-PAYMENT for required amount. Otherwise upgrade at 1claw.xyz/settings/billing\n403\tNo permission\tAsk user to grant access via a policy. Or: guardrail violation (check error detail)\n403\tResource limit reached (type: \"resource_limit_exceeded\")\tTier limit on vaults/secrets/agents hit — ask user to upgrade at 1claw.xyz/settings/billing\n404\tNot found\tCheck path with list_secrets\n405\tMethod not allowed\tWrong HTTP verb for this endpoint\n409\tConflict\tResource already exists (e.g. duplicate vault name)\n410\tGone\tSecret expired or max access count reached — ask user to store a new version\n422\tValidation error or simulation reverted\tCheck input. For simulate_first: transaction would revert\n413\tPayload too large\tRequest body over 5MB — reduce payload size\n429\tRate limited\tWait and retry. Auth routes: 5 req burst, 1/sec. Share creation: 10/min/org\n\nAll error responses include a detail field with a human-readable message.\n\nBest Practices\nFetch secrets just-in-time. Call get_secret immediately before the API call that needs the credential.\nNever echo secret values. Say \"I retrieved the API key and used it\" — never include raw values in responses.\nUse describe_secret first to check existence or validity before fetching the full value.\nUse list_secrets to discover available credentials before guessing paths.\nRotate after regeneration. If you regenerate an API key at a provider, immediately rotate_and_store the new value.\nUse grant_access for vault-level sharing — creates a fine-grained policy with path patterns.\nUse share_secret for one-off sharing — creates a time-limited, access-counted share link.\nSimulate before signing. Always use simulate_first: true (default) or call simulate_transaction before submit_transaction.\nCheck list_vaults before creating. Avoid creating duplicate vaults.\nHandle 402 gracefully. Billing/quota errors should be surfaced to the user, not retried.\nBilling Tiers\nTier\tRequests/mo\tVaults\tSecrets\tAgents\tPrice\nFree\t1,000\t3\t50\t2\t$0\nPro\t25,000\t25\t500\t10\t$29/mo\nBusiness\t100,000\t100\t5,000\t50\t$149/mo (+ CMEK)\nEnterprise\tCustom\tUnlimited\tUnlimited\tUnlimited\tContact (+ CMEK + KMS delegation)\n\nOverage methods: prepaid credits (top up via Stripe, deducted per request) or x402 micropayments (per-query on-chain payments on Base).\n\nAudit, org, security, chain, billing, and auth endpoints are free and never consume quota.\n\nLinks\nDashboard: 1claw.xyz\nDocs: docs.1claw.xyz\nStatus: 1claw.xyz/status\nAPI: https://api.1claw.xyz\nSDK: @1claw/sdk on npm\nOpenAPI Spec: @1claw/openapi-spec on npm\nMCP Server: @1claw/mcp on npm\nCLI: @1claw/cli on npm\nGitHub: github.com/1clawAI\nSupport: ops@1claw.xyz" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/kmjones1979/1claw", "publisherUrl": "https://clawhub.ai/kmjones1979/1claw", "owner": "kmjones1979", "version": "1.1.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/1claw", "downloadUrl": "https://openagent3.xyz/downloads/1claw", "agentUrl": "https://openagent3.xyz/skills/1claw/agent", "manifestUrl": "https://openagent3.xyz/skills/1claw/agent.json", "briefUrl": "https://openagent3.xyz/skills/1claw/agent.md" } }