{ "schemaVersion": "1.0", "item": { "slug": "credential-manager", "name": "Credential Manager", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/Callmedas69/credential-manager", "canonicalUrl": "https://clawhub.ai/Callmedas69/credential-manager", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/credential-manager", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=credential-manager", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "CONSOLIDATION-RULE.md", "CORE-PRINCIPLE.md", "README.md", "SKILL.md", "references/security.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/credential-manager" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/credential-manager", "agentPageUrl": "https://openagent3.xyz/skills/credential-manager/agent", "manifestUrl": "https://openagent3.xyz/skills/credential-manager/agent.json", "briefUrl": "https://openagent3.xyz/skills/credential-manager/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Credential Manager", "body": "STATUS: MANDATORY SECURITY FOUNDATION\n\nConsolidate scattered API keys and credentials into a secure, centralized .env file." }, { "title": "⚠️ This Is Not Optional", "body": "Centralized .env credential management is a core requirement for OpenClaw security. If your credentials are scattered across multiple files, stop and consolidate them now.\n\nTHE RULE: All credentials MUST be in ~/.openclaw/.env ONLY. No workspace, no skills, no scripts directories.\n\nSee:\n\nCORE-PRINCIPLE.md - Why this is non-negotiable\nCONSOLIDATION-RULE.md - The single source principle" }, { "title": "The Foundation", "body": "Every OpenClaw deployment MUST have:\n\n~/.openclaw/.env (mode 600)\n\nThis is your single source of truth for all credentials. No exceptions.\n\nWhy?\n\nSingle location = easier to secure\nFile mode 600 = only you can read\nGit-ignored = won't accidentally commit\nValidated format = catches errors\nAudit trail = know what changed\n\nScattered credentials = scattered attack surface. This skill fixes that." }, { "title": "What This Skill Does", "body": "Scans for credentials in common locations\nBacks up existing credential files (timestamped)\nConsolidates into ~/.openclaw/.env\nSecures with proper permissions (600)\nValidates security and format\nEnforces best practices\nCleans up old files after migration" }, { "title": "Detection Parameters", "body": "The skill automatically detects credentials by scanning for:\n\nFile Patterns:\n\ncredentials.json files in config directories\n.env files\nMemory files with -creds or credentials in the name\n\nSensitive Key Patterns:\n\nAPI keys, access tokens, bearer tokens\nSecrets, passwords, passphrases\nOAuth consumer keys\nPrivate keys, signing keys, wallet keys\nMnemonics and seed phrases\n\nSecurity Checks:\n\nFile permissions (must be 600)\nGit-ignore protection\nFormat validation" }, { "title": "Full Migration (Recommended)", "body": "# Scan for credentials\n./scripts/scan.py\n\n# Review and consolidate\n./scripts/consolidate.py\n\n# Validate security\n./scripts/validate.py" }, { "title": "Individual Operations", "body": "# Scan only\n./scripts/scan.py\n\n# Consolidate specific service\n./scripts/consolidate.py --service x\n\n# Backup without removing\n./scripts/consolidate.py --backup-only\n\n# Clean up old files\n./scripts/cleanup.py --confirm" }, { "title": "Common Credential Locations", "body": "The skill scans these locations:\n\n~/.config/*/credentials.json\n~/.openclaw/workspace/memory/*-creds.json\n~/.openclaw/workspace/memory/*credentials*.json\n~/.env (if exists, merges)" }, { "title": "Security Features", "body": "✅ File permissions: Sets .env to mode 600 (owner only)\n✅ Git protection: Creates/updates .gitignore\n✅ Backups: Timestamped backups before changes\n✅ Validation: Checks format, permissions, and duplicates\n✅ Template: Creates .env.example (safe to share)" }, { "title": "Output Structure", "body": "After migration:\n\n~/.openclaw/\n├── .env # All credentials (secure)\n├── .env.example # Template (safe)\n├── .gitignore # Protects .env\n├── CREDENTIALS.md # Documentation\n└── backups/\n └── credentials-old-YYYYMMDD/ # Backup of old files" }, { "title": "Supported Services", "body": "Common services auto-detected:\n\nX (Twitter): OAuth 1.0a credentials\nMolten: Agent intent matching\nMoltbook: Agent social network\nBotchan/4claw: Net Protocol\nOpenAI, Anthropic, Google: AI providers\nGitHub, GitLab: Code hosting\nGeneric: API_KEY, *_TOKEN, *_SECRET patterns\n\nSee references/supported-services.md for full list." }, { "title": "Security Best Practices", "body": "See references/security.md for detailed security guidelines.\n\nQuick checklist:\n\n✅ .env has 600 permissions\n✅ .env is git-ignored\n✅ No credentials in code or logs\n✅ Rotate keys periodically\n✅ Use separate keys per environment" }, { "title": "Scripts", "body": "All scripts support --help for detailed usage." }, { "title": "scan.py", "body": "# Scan and report\n./scripts/scan.py\n\n# Include custom paths\n./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds\n\n# JSON output\n./scripts/scan.py --format json" }, { "title": "consolidate.py", "body": "# Interactive mode (prompts before changes)\n./scripts/consolidate.py\n\n# Auto-confirm (no prompts)\n./scripts/consolidate.py --yes\n\n# Backup only\n./scripts/consolidate.py --backup-only\n\n# Specific service\n./scripts/consolidate.py --service molten" }, { "title": "validate.py", "body": "# Full validation\n./scripts/validate.py\n\n# Check permissions only\n./scripts/validate.py --check permissions\n\n# Fix issues automatically\n./scripts/validate.py --fix" }, { "title": "cleanup.py", "body": "# Dry run (shows what would be deleted)\n./scripts/cleanup.py\n\n# Actually delete old files\n./scripts/cleanup.py --confirm\n\n# Keep backups\n./scripts/cleanup.py --confirm --keep-backups" }, { "title": "Migration Workflow", "body": "Step 1: Discovery\n\n./scripts/scan.py\n\nReview output to see what will be migrated.\n\nStep 2: Backup & Consolidate\n\n./scripts/consolidate.py\n\nCreates backups, builds .env, sets permissions.\n\nStep 3: Validation\n\n./scripts/validate.py\n\nEnsures everything is secure and correct.\n\nStep 4: Test\nTest your applications/skills with the new .env file.\n\nStep 5: Cleanup\n\n./scripts/cleanup.py --confirm\n\nRemoves old credential files (backups remain)." }, { "title": "For Skill Developers: Enforce This Standard", "body": "Other OpenClaw skills MUST validate credentials are secure before using them:" }, { "title": "Python Skills", "body": "#!/usr/bin/env python3\nimport sys\nfrom pathlib import Path\n\n# Add credential-manager scripts to path\nsys.path.insert(0, str(Path.home() / '.openclaw/skills/credential-manager/scripts'))\n\n# Enforce secure .env (exits if not compliant)\nfrom enforce import require_secure_env, get_credential\n\nrequire_secure_env()\n\n# Now safe to load credentials\napi_key = get_credential('SERVICE_API_KEY')" }, { "title": "Bash Skills", "body": "#!/usr/bin/env bash\nset -euo pipefail\n\n# Validate .env exists and is secure\nif ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then\n exit 1\nfi\n\n# Now safe to load\nsource ~/.openclaw/.env\n\nThis creates a fail-fast system: If credentials aren't properly secured, skills refuse to run. Users are forced to fix it." }, { "title": "Loading Credentials", "body": "After migration, load from .env:" }, { "title": "Python", "body": "import os\nfrom pathlib import Path\n\n# Load .env\nenv_file = Path.home() / '.openclaw' / '.env'\nwith open(env_file) as f:\n for line in f:\n if '=' in line and not line.strip().startswith('#'):\n key, val = line.strip().split('=', 1)\n os.environ[key] = val\n\n# Use credentials\napi_key = os.getenv('SERVICE_API_KEY')" }, { "title": "Bash", "body": "# Load .env\nset -a\nsource ~/.openclaw/.env\nset +a\n\n# Use credentials\necho \"$SERVICE_API_KEY\"" }, { "title": "Using Existing Loaders", "body": "If you migrated using OpenClaw scripts:\n\nfrom load_credentials import get_credentials\ncreds = get_credentials('x')" }, { "title": "Adding New Credentials", "body": "Edit ~/.openclaw/.env:\n\n# Add new service\nNEW_SERVICE_API_KEY=your_key_here\nNEW_SERVICE_SECRET=your_secret_here\n\nUpdate template too:\n\n# Edit .env.example\nNEW_SERVICE_API_KEY=your_key_here\nNEW_SERVICE_SECRET=your_secret_here" }, { "title": "Rollback", "body": "If something goes wrong:\n\n# Find your backup\nls -la ~/.openclaw/backups/\n\n# Restore specific file\ncp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \\\n ~/.config/x/credentials.json" }, { "title": "Notes", "body": "Non-destructive by default: Original files backed up before removal\nIdempotent: Safe to run multiple times\nExtensible: Add custom credential patterns in scripts\nSecure: Never logs full credentials, only metadata" } ], "body": "Credential Manager\n\nSTATUS: MANDATORY SECURITY FOUNDATION\n\nConsolidate scattered API keys and credentials into a secure, centralized .env file.\n\n⚠️ This Is Not Optional\n\nCentralized .env credential management is a core requirement for OpenClaw security. If your credentials are scattered across multiple files, stop and consolidate them now.\n\nTHE RULE: All credentials MUST be in ~/.openclaw/.env ONLY. No workspace, no skills, no scripts directories.\n\nSee:\n\nCORE-PRINCIPLE.md - Why this is non-negotiable\nCONSOLIDATION-RULE.md - The single source principle\nThe Foundation\n\nEvery OpenClaw deployment MUST have:\n\n~/.openclaw/.env (mode 600)\n\n\nThis is your single source of truth for all credentials. No exceptions.\n\nWhy?\n\nSingle location = easier to secure\nFile mode 600 = only you can read\nGit-ignored = won't accidentally commit\nValidated format = catches errors\nAudit trail = know what changed\n\nScattered credentials = scattered attack surface. This skill fixes that.\n\nWhat This Skill Does\nScans for credentials in common locations\nBacks up existing credential files (timestamped)\nConsolidates into ~/.openclaw/.env\nSecures with proper permissions (600)\nValidates security and format\nEnforces best practices\nCleans up old files after migration\nDetection Parameters\n\nThe skill automatically detects credentials by scanning for:\n\nFile Patterns:\n\ncredentials.json files in config directories\n.env files\nMemory files with -creds or credentials in the name\n\nSensitive Key Patterns:\n\nAPI keys, access tokens, bearer tokens\nSecrets, passwords, passphrases\nOAuth consumer keys\nPrivate keys, signing keys, wallet keys\nMnemonics and seed phrases\n\nSecurity Checks:\n\nFile permissions (must be 600)\nGit-ignore protection\nFormat validation\nQuick Start\nFull Migration (Recommended)\n# Scan for credentials\n./scripts/scan.py\n\n# Review and consolidate\n./scripts/consolidate.py\n\n# Validate security\n./scripts/validate.py\n\nIndividual Operations\n# Scan only\n./scripts/scan.py\n\n# Consolidate specific service\n./scripts/consolidate.py --service x\n\n# Backup without removing\n./scripts/consolidate.py --backup-only\n\n# Clean up old files\n./scripts/cleanup.py --confirm\n\nCommon Credential Locations\n\nThe skill scans these locations:\n\n~/.config/*/credentials.json\n~/.openclaw/workspace/memory/*-creds.json\n~/.openclaw/workspace/memory/*credentials*.json\n~/.env (if exists, merges)\n\nSecurity Features\n\n✅ File permissions: Sets .env to mode 600 (owner only) ✅ Git protection: Creates/updates .gitignore ✅ Backups: Timestamped backups before changes ✅ Validation: Checks format, permissions, and duplicates ✅ Template: Creates .env.example (safe to share)\n\nOutput Structure\n\nAfter migration:\n\n~/.openclaw/\n├── .env # All credentials (secure)\n├── .env.example # Template (safe)\n├── .gitignore # Protects .env\n├── CREDENTIALS.md # Documentation\n└── backups/\n └── credentials-old-YYYYMMDD/ # Backup of old files\n\nSupported Services\n\nCommon services auto-detected:\n\nX (Twitter): OAuth 1.0a credentials\nMolten: Agent intent matching\nMoltbook: Agent social network\nBotchan/4claw: Net Protocol\nOpenAI, Anthropic, Google: AI providers\nGitHub, GitLab: Code hosting\nGeneric: API_KEY, *_TOKEN, *_SECRET patterns\n\nSee references/supported-services.md for full list.\n\nSecurity Best Practices\n\nSee references/security.md for detailed security guidelines.\n\nQuick checklist:\n\n✅ .env has 600 permissions\n✅ .env is git-ignored\n✅ No credentials in code or logs\n✅ Rotate keys periodically\n✅ Use separate keys per environment\nScripts\n\nAll scripts support --help for detailed usage.\n\nscan.py\n# Scan and report\n./scripts/scan.py\n\n# Include custom paths\n./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds\n\n# JSON output\n./scripts/scan.py --format json\n\nconsolidate.py\n# Interactive mode (prompts before changes)\n./scripts/consolidate.py\n\n# Auto-confirm (no prompts)\n./scripts/consolidate.py --yes\n\n# Backup only\n./scripts/consolidate.py --backup-only\n\n# Specific service\n./scripts/consolidate.py --service molten\n\nvalidate.py\n# Full validation\n./scripts/validate.py\n\n# Check permissions only\n./scripts/validate.py --check permissions\n\n# Fix issues automatically\n./scripts/validate.py --fix\n\ncleanup.py\n# Dry run (shows what would be deleted)\n./scripts/cleanup.py\n\n# Actually delete old files\n./scripts/cleanup.py --confirm\n\n# Keep backups\n./scripts/cleanup.py --confirm --keep-backups\n\nMigration Workflow\n\nStep 1: Discovery\n\n./scripts/scan.py\n\n\nReview output to see what will be migrated.\n\nStep 2: Backup & Consolidate\n\n./scripts/consolidate.py\n\n\nCreates backups, builds .env, sets permissions.\n\nStep 3: Validation\n\n./scripts/validate.py\n\n\nEnsures everything is secure and correct.\n\nStep 4: Test Test your applications/skills with the new .env file.\n\nStep 5: Cleanup\n\n./scripts/cleanup.py --confirm\n\n\nRemoves old credential files (backups remain).\n\nFor Skill Developers: Enforce This Standard\n\nOther OpenClaw skills MUST validate credentials are secure before using them:\n\nPython Skills\n#!/usr/bin/env python3\nimport sys\nfrom pathlib import Path\n\n# Add credential-manager scripts to path\nsys.path.insert(0, str(Path.home() / '.openclaw/skills/credential-manager/scripts'))\n\n# Enforce secure .env (exits if not compliant)\nfrom enforce import require_secure_env, get_credential\n\nrequire_secure_env()\n\n# Now safe to load credentials\napi_key = get_credential('SERVICE_API_KEY')\n\nBash Skills\n#!/usr/bin/env bash\nset -euo pipefail\n\n# Validate .env exists and is secure\nif ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then\n exit 1\nfi\n\n# Now safe to load\nsource ~/.openclaw/.env\n\n\nThis creates a fail-fast system: If credentials aren't properly secured, skills refuse to run. Users are forced to fix it.\n\nLoading Credentials\n\nAfter migration, load from .env:\n\nPython\nimport os\nfrom pathlib import Path\n\n# Load .env\nenv_file = Path.home() / '.openclaw' / '.env'\nwith open(env_file) as f:\n for line in f:\n if '=' in line and not line.strip().startswith('#'):\n key, val = line.strip().split('=', 1)\n os.environ[key] = val\n\n# Use credentials\napi_key = os.getenv('SERVICE_API_KEY')\n\nBash\n# Load .env\nset -a\nsource ~/.openclaw/.env\nset +a\n\n# Use credentials\necho \"$SERVICE_API_KEY\"\n\nUsing Existing Loaders\n\nIf you migrated using OpenClaw scripts:\n\nfrom load_credentials import get_credentials\ncreds = get_credentials('x')\n\nAdding New Credentials\n\nEdit ~/.openclaw/.env:\n\n# Add new service\nNEW_SERVICE_API_KEY=your_key_here\nNEW_SERVICE_SECRET=your_secret_here\n\n\nUpdate template too:\n\n# Edit .env.example\nNEW_SERVICE_API_KEY=your_key_here\nNEW_SERVICE_SECRET=your_secret_here\n\nRollback\n\nIf something goes wrong:\n\n# Find your backup\nls -la ~/.openclaw/backups/\n\n# Restore specific file\ncp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \\\n ~/.config/x/credentials.json\n\nNotes\nNon-destructive by default: Original files backed up before removal\nIdempotent: Safe to run multiple times\nExtensible: Add custom credential patterns in scripts\nSecure: Never logs full credentials, only metadata" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Callmedas69/credential-manager", "publisherUrl": "https://clawhub.ai/Callmedas69/credential-manager", "owner": "Callmedas69", "version": "1.3.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/credential-manager", "downloadUrl": "https://openagent3.xyz/downloads/credential-manager", "agentUrl": "https://openagent3.xyz/skills/credential-manager/agent", "manifestUrl": "https://openagent3.xyz/skills/credential-manager/agent.json", "briefUrl": "https://openagent3.xyz/skills/credential-manager/agent.md" } }