Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Developer Tools
Credential Manager
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices.
skill openclawclawhub Free
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices.
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- CHANGELOG.md, CONSOLIDATION-RULE.md, CORE-PRINCIPLE.md, README.md, SKILL.md, references/security.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.3.0
Provenance
- Publisher
- Callmedas69
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Credential Manager
STATUS: MANDATORY SECURITY FOUNDATION Consolidate scattered API keys and credentials into a secure, centralized .env file.
⚠️ This Is Not Optional
Centralized .env credential management is a core requirement for OpenClaw security. If your credentials are scattered across multiple files, stop and consolidate them now. THE RULE: All credentials MUST be in ~/.openclaw/.env ONLY. No workspace, no skills, no scripts directories. See: CORE-PRINCIPLE.md - Why this is non-negotiable CONSOLIDATION-RULE.md - The single source principle
The Foundation
Every OpenClaw deployment MUST have: ~/.openclaw/.env (mode 600) This is your single source of truth for all credentials. No exceptions. Why? Single location = easier to secure File mode 600 = only you can read Git-ignored = won't accidentally commit Validated format = catches errors Audit trail = know what changed Scattered credentials = scattered attack surface. This skill fixes that.
What This Skill Does
Scans for credentials in common locations Backs up existing credential files (timestamped) Consolidates into ~/.openclaw/.env Secures with proper permissions (600) Validates security and format Enforces best practices Cleans up old files after migration
Detection Parameters
The skill automatically detects credentials by scanning for: File Patterns: credentials.json files in config directories .env files Memory files with -creds or credentials in the name Sensitive Key Patterns: API keys, access tokens, bearer tokens Secrets, passwords, passphrases OAuth consumer keys Private keys, signing keys, wallet keys Mnemonics and seed phrases Security Checks: File permissions (must be 600) Git-ignore protection Format validation
Full Migration (Recommended)
# Scan for credentials ./scripts/scan.py # Review and consolidate ./scripts/consolidate.py # Validate security ./scripts/validate.py
Individual Operations
# Scan only ./scripts/scan.py # Consolidate specific service ./scripts/consolidate.py --service x # Backup without removing ./scripts/consolidate.py --backup-only # Clean up old files ./scripts/cleanup.py --confirm
Common Credential Locations
The skill scans these locations: ~/.config/*/credentials.json ~/.openclaw/workspace/memory/*-creds.json ~/.openclaw/workspace/memory/*credentials*.json ~/.env (if exists, merges)
Security Features
✅ File permissions: Sets .env to mode 600 (owner only) ✅ Git protection: Creates/updates .gitignore ✅ Backups: Timestamped backups before changes ✅ Validation: Checks format, permissions, and duplicates ✅ Template: Creates .env.example (safe to share)
Output Structure
After migration: ~/.openclaw/ ├── .env # All credentials (secure) ├── .env.example # Template (safe) ├── .gitignore # Protects .env ├── CREDENTIALS.md # Documentation └── backups/ └── credentials-old-YYYYMMDD/ # Backup of old files
Supported Services
Common services auto-detected: X (Twitter): OAuth 1.0a credentials Molten: Agent intent matching Moltbook: Agent social network Botchan/4claw: Net Protocol OpenAI, Anthropic, Google: AI providers GitHub, GitLab: Code hosting Generic: API_KEY, *_TOKEN, *_SECRET patterns See references/supported-services.md for full list.
Security Best Practices
See references/security.md for detailed security guidelines. Quick checklist: ✅ .env has 600 permissions ✅ .env is git-ignored ✅ No credentials in code or logs ✅ Rotate keys periodically ✅ Use separate keys per environment
Scripts
All scripts support --help for detailed usage.
scan.py
# Scan and report ./scripts/scan.py # Include custom paths ./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds # JSON output ./scripts/scan.py --format json
consolidate.py
# Interactive mode (prompts before changes) ./scripts/consolidate.py # Auto-confirm (no prompts) ./scripts/consolidate.py --yes # Backup only ./scripts/consolidate.py --backup-only # Specific service ./scripts/consolidate.py --service molten
validate.py
# Full validation ./scripts/validate.py # Check permissions only ./scripts/validate.py --check permissions # Fix issues automatically ./scripts/validate.py --fix
cleanup.py
# Dry run (shows what would be deleted) ./scripts/cleanup.py # Actually delete old files ./scripts/cleanup.py --confirm # Keep backups ./scripts/cleanup.py --confirm --keep-backups
Migration Workflow
Step 1: Discovery ./scripts/scan.py Review output to see what will be migrated. Step 2: Backup & Consolidate ./scripts/consolidate.py Creates backups, builds .env, sets permissions. Step 3: Validation ./scripts/validate.py Ensures everything is secure and correct. Step 4: Test Test your applications/skills with the new .env file. Step 5: Cleanup ./scripts/cleanup.py --confirm Removes old credential files (backups remain).
For Skill Developers: Enforce This Standard
Other OpenClaw skills MUST validate credentials are secure before using them:
Python Skills
#!/usr/bin/env python3 import sys from pathlib import Path # Add credential-manager scripts to path sys.path.insert(0, str(Path.home() / '.openclaw/skills/credential-manager/scripts')) # Enforce secure .env (exits if not compliant) from enforce import require_secure_env, get_credential require_secure_env() # Now safe to load credentials api_key = get_credential('SERVICE_API_KEY')
Bash Skills
#!/usr/bin/env bash set -euo pipefail # Validate .env exists and is secure if ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then exit 1 fi # Now safe to load source ~/.openclaw/.env This creates a fail-fast system: If credentials aren't properly secured, skills refuse to run. Users are forced to fix it.
Loading Credentials
After migration, load from .env:
Python
import os from pathlib import Path # Load .env env_file = Path.home() / '.openclaw' / '.env' with open(env_file) as f: for line in f: if '=' in line and not line.strip().startswith('#'): key, val = line.strip().split('=', 1) os.environ[key] = val # Use credentials api_key = os.getenv('SERVICE_API_KEY')
Bash
# Load .env set -a source ~/.openclaw/.env set +a # Use credentials echo "$SERVICE_API_KEY"
Using Existing Loaders
If you migrated using OpenClaw scripts: from load_credentials import get_credentials creds = get_credentials('x')
Adding New Credentials
Edit ~/.openclaw/.env: # Add new service NEW_SERVICE_API_KEY=your_key_here NEW_SERVICE_SECRET=your_secret_here Update template too: # Edit .env.example NEW_SERVICE_API_KEY=your_key_here NEW_SERVICE_SECRET=your_secret_here
Rollback
If something goes wrong: # Find your backup ls -la ~/.openclaw/backups/ # Restore specific file cp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \ ~/.config/x/credentials.json
Notes
Non-destructive by default: Original files backed up before removal Idempotent: Safe to run multiple times Extensible: Add custom credential patterns in scripts Secure: Never logs full credentials, only metadata
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
6 Docs
- SKILL.md
- CHANGELOG.md
- CONSOLIDATION-RULE.md
- CORE-PRINCIPLE.md
- README.md
- references/security.md