{ "schemaVersion": "1.0", "item": { "slug": "devtools-secrets", "name": "Devtools Secrets", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/basher83/devtools-secrets", "canonicalUrl": "https://clawhub.ai/basher83/devtools-secrets", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/devtools-secrets", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=devtools-secrets", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/fnox-configuration.md", "references/infisical-patterns.md", "references/mise-integration.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/devtools-secrets" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/devtools-secrets", "agentPageUrl": "https://openagent3.xyz/skills/devtools-secrets/agent", "manifestUrl": "https://openagent3.xyz/skills/devtools-secrets/agent.json", "briefUrl": "https://openagent3.xyz/skills/devtools-secrets/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "DevTools Secrets", "body": "Knowledge and guardrails for the mise + fnox + infisical secrets toolchain." }, { "title": "Toolchain Validation", "body": "IMPORTANT: Check tool availability before proceeding with any guidance.\n\nmise: !command -v mise >/dev/null 2>&1 && echo \"INSTALLED ($(mise --version 2>/dev/null | head -1))\" || echo \"MISSING — install with: curl https://mise.run | sh\"\nfnox: !command -v fnox >/dev/null 2>&1 && echo \"INSTALLED ($(fnox --version 2>/dev/null | head -1))\" || echo \"MISSING — install with: mise use -g fnox\"\ninfisical: !command -v infisical >/dev/null 2>&1 && echo \"INSTALLED ($(infisical --version 2>/dev/null | head -1))\" || echo \"MISSING — install with: mise use -g infisical\"\n\nIf any tool above shows MISSING, stop and help the user install it before\nproceeding. Do not provide configuration guidance for tools that aren't\ninstalled." }, { "title": "Project Config State", "body": "fnox.toml: !test -f fnox.toml && echo \"YES\" || echo \"NO (run: fnox init)\"\n.infisical.json: !test -f .infisical.json && cat .infisical.json || echo \"NO (run: infisical init)\"\nmise.toml env section: !grep -A5 '^\\[env\\]' mise.toml 2>/dev/null || echo \"No env section\"" }, { "title": "System/Global Config", "body": "mise global config: !test -f ~/.config/mise/config.toml && head -10 ~/.config/mise/config.toml || echo \"No global mise config\"\nfnox global config: !test -f ~/.config/fnox/config.toml && head -10 ~/.config/fnox/config.toml || echo \"No global fnox config\"\ninfisical logged in: !infisical user get 2>/dev/null | head -3 || echo \"Not logged in or not installed\"" }, { "title": "Tool Roles", "body": "ToolRolemiseTask runner + env manager. Orchestrates dev tooling, runs tasks, manages env vars through plugins.fnoxUnified secret interface. Abstracts over multiple secret backends (infisical, age, env files) with a single CLI.infisicalRemote secrets backend. Stores, syncs, and injects secrets from a central server.\n\nThese tools complement each other: infisical stores secrets remotely, fnox\nprovides a unified local interface to them, and mise orchestrates tasks that\nconsume secrets via fnox." }, { "title": "Integration Chain", "body": "The typical flow:\n\nfnox.toml defines infisical as a provider with project/environment config\nfnox exec -- resolves secrets from the provider and injects them as env vars\nmise tasks can wrap fnox exec to run commands with secrets injected\nAlternatively, mise env plugins can call fnox directly for auto-injection on cd" }, { "title": "Secrets Enforcement", "body": "This project enforces secrets hygiene via always-on hooks in\n.claude/settings.json (not scoped to this skill):\n\nblock-hardcoded-secrets.py — Blocks Edit/Write operations containing\nhardcoded API keys, tokens, passwords, or known secret prefixes (sk-, ghp_,\nAKIA, xox[bpras]-)\nblock-bare-secret-exports.py — Blocks Bash commands that export\nsecret-like env vars without wrapping in fnox exec or infisical run\n\nThese hooks are always active regardless of whether this skill is loaded." }, { "title": "Configuration Patterns", "body": "Detailed configuration for each tool is in the reference files:\n\n@references/mise-integration.md — mise env plugins, tasks, fnox integration\n@references/fnox-configuration.md — fnox.toml structure, providers, profiles\n@references/infisical-patterns.md — infisical CLI, scanning, CI/CD" }, { "title": "Gotchas", "body": "Order matters: fnox.toml must exist before fnox exec works. Run\nfnox init if missing.\nProfile mismatches: fnox profiles (dev/staging/prod) must match infisical\nenvironment slugs. A mismatch silently returns empty secrets.\n.infisical.json is safe to commit — it contains project IDs and\nworkspace config, not secrets.\nfnox.toml may contain sensitive paths — review before committing if\nusing age-encrypted file provider.\nmise env plugins run on cd — if a plugin calls fnox and fnox is\nmisconfigured, you get errors on every directory change.\ninfisical auth expires — infisical login tokens have a TTL. CI/CD\nshould use INFISICAL_TOKEN (service token) instead.\nToken path scope is explicit — a service token scoped to / cannot\naccess secrets in child paths like /git_actions. Each path requires its\nown token or use --recursive with the CLI directly." } ], "body": "DevTools Secrets\n\nKnowledge and guardrails for the mise + fnox + infisical secrets toolchain.\n\nToolchain Validation\n\nIMPORTANT: Check tool availability before proceeding with any guidance.\n\nmise: !command -v mise >/dev/null 2>&1 && echo \"INSTALLED ($(mise --version 2>/dev/null | head -1))\" || echo \"MISSING — install with: curl https://mise.run | sh\"\nfnox: !command -v fnox >/dev/null 2>&1 && echo \"INSTALLED ($(fnox --version 2>/dev/null | head -1))\" || echo \"MISSING — install with: mise use -g fnox\"\ninfisical: !command -v infisical >/dev/null 2>&1 && echo \"INSTALLED ($(infisical --version 2>/dev/null | head -1))\" || echo \"MISSING — install with: mise use -g infisical\"\n\nIf any tool above shows MISSING, stop and help the user install it before proceeding. Do not provide configuration guidance for tools that aren't installed.\n\nProject Config State\nfnox.toml: !test -f fnox.toml && echo \"YES\" || echo \"NO (run: fnox init)\"\n.infisical.json: !test -f .infisical.json && cat .infisical.json || echo \"NO (run: infisical init)\"\nmise.toml env section: !grep -A5 '^\\[env\\]' mise.toml 2>/dev/null || echo \"No env section\"\nSystem/Global Config\nmise global config: !test -f ~/.config/mise/config.toml && head -10 ~/.config/mise/config.toml || echo \"No global mise config\"\nfnox global config: !test -f ~/.config/fnox/config.toml && head -10 ~/.config/fnox/config.toml || echo \"No global fnox config\"\ninfisical logged in: !infisical user get 2>/dev/null | head -3 || echo \"Not logged in or not installed\"\nTool Roles\nTool\tRole\nmise\tTask runner + env manager. Orchestrates dev tooling, runs tasks, manages env vars through plugins.\nfnox\tUnified secret interface. Abstracts over multiple secret backends (infisical, age, env files) with a single CLI.\ninfisical\tRemote secrets backend. Stores, syncs, and injects secrets from a central server.\n\nThese tools complement each other: infisical stores secrets remotely, fnox provides a unified local interface to them, and mise orchestrates tasks that consume secrets via fnox.\n\nIntegration Chain\n\nThe typical flow:\n\nfnox.toml defines infisical as a provider with project/environment config\nfnox exec -- resolves secrets from the provider and injects them as env vars\nmise tasks can wrap fnox exec to run commands with secrets injected\nAlternatively, mise env plugins can call fnox directly for auto-injection on cd\nSecrets Enforcement\n\nThis project enforces secrets hygiene via always-on hooks in .claude/settings.json (not scoped to this skill):\n\nblock-hardcoded-secrets.py — Blocks Edit/Write operations containing hardcoded API keys, tokens, passwords, or known secret prefixes (sk-, ghp_, AKIA, xox[bpras]-)\nblock-bare-secret-exports.py — Blocks Bash commands that export secret-like env vars without wrapping in fnox exec or infisical run\n\nThese hooks are always active regardless of whether this skill is loaded.\n\nConfiguration Patterns\n\nDetailed configuration for each tool is in the reference files:\n\n@references/mise-integration.md — mise env plugins, tasks, fnox integration\n@references/fnox-configuration.md — fnox.toml structure, providers, profiles\n@references/infisical-patterns.md — infisical CLI, scanning, CI/CD\nGotchas\nOrder matters: fnox.toml must exist before fnox exec works. Run fnox init if missing.\nProfile mismatches: fnox profiles (dev/staging/prod) must match infisical environment slugs. A mismatch silently returns empty secrets.\n.infisical.json is safe to commit — it contains project IDs and workspace config, not secrets.\nfnox.toml may contain sensitive paths — review before committing if using age-encrypted file provider.\nmise env plugins run on cd — if a plugin calls fnox and fnox is misconfigured, you get errors on every directory change.\ninfisical auth expires — infisical login tokens have a TTL. CI/CD should use INFISICAL_TOKEN (service token) instead.\nToken path scope is explicit — a service token scoped to / cannot access secrets in child paths like /git_actions. Each path requires its own token or use --recursive with the CLI directly." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/basher83/devtools-secrets", "publisherUrl": "https://clawhub.ai/basher83/devtools-secrets", "owner": "basher83", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/devtools-secrets", "downloadUrl": "https://openagent3.xyz/downloads/devtools-secrets", "agentUrl": "https://openagent3.xyz/skills/devtools-secrets/agent", "manifestUrl": "https://openagent3.xyz/skills/devtools-secrets/agent.json", "briefUrl": "https://openagent3.xyz/skills/devtools-secrets/agent.md" } }