{ "schemaVersion": "1.0", "item": { "slug": "headless-vault-cli", "name": "Headless Vault CLI", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/logancyang/headless-vault-cli", "canonicalUrl": "https://clawhub.ai/logancyang/headless-vault-cli", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/headless-vault-cli", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=headless-vault-cli", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "vault.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/headless-vault-cli" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/headless-vault-cli", "agentPageUrl": "https://openagent3.xyz/skills/headless-vault-cli/agent", "manifestUrl": "https://openagent3.xyz/skills/headless-vault-cli/agent.json", "briefUrl": "https://openagent3.xyz/skills/headless-vault-cli/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Headless Vault CLI", "body": "Access Markdown notes on your personal computer from this VPS-hosted bot via SSH tunnel.\n\nTerminology: \"Local machine\" = your personal computer (macOS or Linux) where your notes live. This skill runs on the VPS and connects to your machine via a reverse SSH tunnel." }, { "title": "Prerequisites", "body": "This is an instruction-only skill. Before using it, the user must complete a one-time setup on their local machine:\n\nInstall vaultctl on the local machine (see setup instructions)\nConfigure SSH forced-command on the local machine's ~/.ssh/authorized_keys to restrict the VPS key to only run vaultctl (see Security Model below)\nStart a reverse SSH tunnel from the local machine to the VPS, exposing localhost:2222\nSet the environment variable VAULT_SSH_USER to the local machine's username" }, { "title": "Security Model", "body": "This skill connects to the local machine over a pre-configured reverse SSH tunnel. Access is restricted by design:\n\nForced-command restriction: The VPS SSH key is added to the local machine's ~/.ssh/authorized_keys with a forced-command wrapper, so the VPS can ONLY execute vaultctl — no interactive shell, no arbitrary commands (rm, curl, etc.)\nVault sandboxing: vaultctl validates all file paths are inside VAULT_ROOT and rejects path traversal attempts (.., symlinks outside vault)\nNon-destructive: Only create (new files) and append (existing files) are supported — no delete, rename, move, or overwrite\nNo credentials stored: SSH authentication uses the VPS's existing SSH keypair; no additional secrets are stored by this skill\n\nExample authorized_keys entry on the local machine:\n\ncommand=\"/usr/local/bin/vaultctl-wrapper\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAA... vps-key\n\nThis ensures the VPS can only run vaultctl commands, even if the tunnel is compromised." }, { "title": "Available Commands", "body": "You have access to these commands ONLY. Do not attempt commands not listed here (no rename, delete, move, or edit commands exist).\n\nCommandDescriptiontreeList vault directory structureresolveFind note by path or titleinfoGet file metadata (lines, bytes, sha256, mtime)readRead note contentcreateCreate a NEW note (fails if file exists)appendAppend content to EXISTING note" }, { "title": "How to Run Commands", "body": "All commands are executed via SSH:\n\nssh -4 -p ${VAULT_SSH_PORT:-2222} ${VAULT_SSH_USER}@${VAULT_SSH_HOST:-localhost} vaultctl [args]\n\nAlways use -4 to force IPv4 (avoids IPv6 timeout issues)." }, { "title": "Environment Variables", "body": "These must be set in the skill's runtime environment on the VPS:\n\nVariableRequiredDefaultDescriptionVAULT_SSH_USERYes—Local machine username for SSH tunnelVAULT_SSH_PORTNo2222SSH tunnel port on localhostVAULT_SSH_HOSTNolocalhostSSH tunnel host" }, { "title": "tree - List vault structure", "body": "ssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree --depth 2\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree --all\n\nOptions:\n\n--depth N - Maximum depth to traverse\n--all - Include all files, not just .md" }, { "title": "resolve - Find note by path or title", "body": "ALWAYS use --base64 for path and title arguments to prevent shell injection:\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl resolve --path UHJvamVjdHMvUGxhbi5tZA== --base64\n\n# echo -n \"Meeting Notes\" | base64 → TWVldGluZyBOb3Rlcw==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl resolve --title TWVldGluZyBOb3Rlcw== --base64" }, { "title": "info - Get file metadata", "body": "ALWAYS use --base64 for the path argument:\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl info UHJvamVjdHMvUGxhbi5tZA== --base64\n\nReturns JSON: {\"path\": \"...\", \"lines\": N, \"bytes\": N, \"sha256\": \"...\", \"mtime\": N}" }, { "title": "read - Read note content", "body": "ALWAYS use --base64 for the path argument:\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl read UHJvamVjdHMvUGxhbi5tZA== --base64\n\nReturns JSON: {\"path\": \"...\", \"content\": \"...\"}" }, { "title": "create - Create a NEW note", "body": "IMPORTANT: Use --base64 flag with BOTH path AND content base64 encoded. This is required for paths/content with spaces or special characters.\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create --base64\n\nExample to create \"Notes/Morning Brief.md\" with content \"# Hello\\n\\nWorld\":\n\n# Encode path: echo -n \"Notes/Morning Brief.md\" | base64 → Tm90ZXMvTW9ybmluZyBCcmllZi5tZA==\n# Encode content: echo -n \"# Hello\\n\\nWorld\" | base64 → IyBIZWxsbwoKV29ybGQ=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create Tm90ZXMvTW9ybmluZyBCcmllZi5tZA== IyBIZWxsbwoKV29ybGQ= --base64\n\nCreates parent directories automatically\nFails if file already exists (use append to add to existing files)\nFile must have .md extension\nNEVER duplicate the title as a heading inside the note content (e.g., for \"My Note.md\", don't start content with \"# My Note\")" }, { "title": "append - Append to EXISTING note", "body": "ssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl append --base64\n\nFails if file does not exist (use create for new files)" }, { "title": "What You CANNOT Do", "body": "These operations are NOT supported:\n\nRename files or folders\nDelete files or folders\nMove files between folders\nEdit specific parts of a file (only append to end)\nCreate folders without a file (folders are created automatically with create)" }, { "title": "Tips", "body": "Always run vaultctl tree first to see what notes exist\nUse vaultctl resolve --title --base64 to find a note by name\nAll output is JSON\nThe local machine must be online with tunnel running\nALWAYS use --base64 for ALL path and content arguments — this is mandatory for security, not optional" }, { "title": "Examples", "body": "Important: Always run tree first if you're unsure what notes exist. This prevents errors from wrong paths or duplicate names." }, { "title": "Example 1: User asks to read a note (check first)", "body": "User: \"Show me my project plan\"\n\nStep 1 - Check what exists:\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\n\nOutput:\n\n{\"tree\": [{\"path\": \"Projects\", \"type\": \"dir\"}, {\"path\": \"Projects/Plan.md\", \"type\": \"file\"}]}\n\nStep 2 - Now read the correct path (always base64 encode):\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl read UHJvamVjdHMvUGxhbi5tZA== --base64\n\nOutput:\n\n{\"path\": \"Projects/Plan.md\", \"content\": \"# Project Plan\\n\\n## Goals\\n...\"}" }, { "title": "Example 2: User asks to create a note (check first to avoid duplicates)", "body": "User: \"Create a meeting notes file\"\n\nStep 1 - Check what already exists:\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\n\nOutput:\n\n{\"tree\": [{\"path\": \"Projects\", \"type\": \"dir\"}, {\"path\": \"Projects/Plan.md\", \"type\": \"file\"}]}\n\nStep 2 - No \"Meeting Notes\" exists, safe to create (do NOT duplicate title as heading):\n\n# echo -n \"Meeting Notes.md\" | base64 → TWVldGluZyBOb3Rlcy5tZA==\n# echo -n \"## Agenda\\n\\n- Item 1\\n- Item 2\\n\" | base64 → IyMgQWdlbmRhCgotIEl0ZW0gMQotIEl0ZW0gMgo=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create TWVldGluZyBOb3Rlcy5tZA== IyMgQWdlbmRhCgotIEl0ZW0gMQotIEl0ZW0gMgo= --base64\n\nOutput:\n\n{\"status\": \"ok\", \"path\": \"Meeting Notes.md\"}" }, { "title": "Example 3: User asks about vault contents", "body": "User: \"What's in my notes?\"\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree --depth 2\n\nOutput:\n\n{\"tree\": [{\"path\": \"Projects\", \"type\": \"dir\"}, {\"path\": \"Projects/Plan.md\", \"type\": \"file\"}, {\"path\": \"Ideas.md\", \"type\": \"file\"}]}\n\nThen summarize for user: \"You have a Projects folder with Plan.md, and an Ideas.md file at the root.\"" }, { "title": "Example 4: Complex workflow with source and output notes", "body": "User: \"According to the source note 'AI Digest Sources.md', browse the sources and output the digest to 'digest/2025-01-28-digest.md'\"\n\nStep 1 - Check what exists:\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\n\nOutput:\n\n{\"tree\": [{\"path\": \"AI Digest Sources.md\", \"type\": \"file\"}, {\"path\": \"digest\", \"type\": \"dir\"}, {\"path\": \"digest/2025-01-27-digest.md\", \"type\": \"file\"}]}\n\nStep 2 - Validate:\n\nSource \"AI Digest Sources.md\" exists\nOutput \"digest/2025-01-28-digest.md\" does NOT exist, will use create\n\n(If source didn't exist: STOP and ask user \"I couldn't find 'AI Digest Sources.md'. Did you mean one of these: [list alternatives]?\")\n\n(If output already existed: use append instead of create)\n\nStep 3 - Read the source note (always base64 encode):\n\n# echo -n \"AI Digest Sources.md\" | base64 → QUkgRGlnZXN0IFNvdXJjZXMubWQ=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl read QUkgRGlnZXN0IFNvdXJjZXMubWQ= --base64\n\nOutput:\n\n{\"path\": \"AI Digest Sources.md\", \"content\": \"# AI Digest Sources\\n\\n- https://example.com/article1\\n- https://example.com/article2\\n\"}\n\nStep 4 - Browse sources and generate digest content (done by bot outside this skill)\n\nStep 5 - Write output to vault (do NOT duplicate title as heading):\n\n# echo -n \"digest/2025-01-28-digest.md\" | base64 → ZGlnZXN0LzIwMjUtMDEtMjgtZGlnZXN0Lm1k\n# echo -n \"## Summary\\n\\nKey points from today's sources...\\n\" | base64 → IyMgU3VtbWFyeQoKS2V5IHBvaW50cyBmcm9tIHRvZGF5J3Mgc291cmNlcy4uLgo=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create ZGlnZXN0LzIwMjUtMDEtMjgtZGlnZXN0Lm1k IyMgU3VtbWFyeQoKS2V5IHBvaW50cyBmcm9tIHRvZGF5J3Mgc291cmNlcy4uLgo= --base64\n\n(If output already existed, use append instead:)\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl append ZGlnZXN0LzIwMjUtMDEtMjgtZGlnZXN0Lm1k IyMgVXBkYXRlCi4uLg== --base64" } ], "body": "Headless Vault CLI\n\nAccess Markdown notes on your personal computer from this VPS-hosted bot via SSH tunnel.\n\nTerminology: \"Local machine\" = your personal computer (macOS or Linux) where your notes live. This skill runs on the VPS and connects to your machine via a reverse SSH tunnel.\n\nPrerequisites\n\nThis is an instruction-only skill. Before using it, the user must complete a one-time setup on their local machine:\n\nInstall vaultctl on the local machine (see setup instructions)\nConfigure SSH forced-command on the local machine's ~/.ssh/authorized_keys to restrict the VPS key to only run vaultctl (see Security Model below)\nStart a reverse SSH tunnel from the local machine to the VPS, exposing localhost:2222\nSet the environment variable VAULT_SSH_USER to the local machine's username\nSecurity Model\n\nThis skill connects to the local machine over a pre-configured reverse SSH tunnel. Access is restricted by design:\n\nForced-command restriction: The VPS SSH key is added to the local machine's ~/.ssh/authorized_keys with a forced-command wrapper, so the VPS can ONLY execute vaultctl — no interactive shell, no arbitrary commands (rm, curl, etc.)\nVault sandboxing: vaultctl validates all file paths are inside VAULT_ROOT and rejects path traversal attempts (.., symlinks outside vault)\nNon-destructive: Only create (new files) and append (existing files) are supported — no delete, rename, move, or overwrite\nNo credentials stored: SSH authentication uses the VPS's existing SSH keypair; no additional secrets are stored by this skill\n\nExample authorized_keys entry on the local machine:\n\ncommand=\"/usr/local/bin/vaultctl-wrapper\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAA... vps-key\n\n\nThis ensures the VPS can only run vaultctl commands, even if the tunnel is compromised.\n\nAvailable Commands\n\nYou have access to these commands ONLY. Do not attempt commands not listed here (no rename, delete, move, or edit commands exist).\n\nCommand\tDescription\ntree\tList vault directory structure\nresolve\tFind note by path or title\ninfo\tGet file metadata (lines, bytes, sha256, mtime)\nread\tRead note content\ncreate\tCreate a NEW note (fails if file exists)\nappend\tAppend content to EXISTING note\nHow to Run Commands\n\nAll commands are executed via SSH:\n\nssh -4 -p ${VAULT_SSH_PORT:-2222} ${VAULT_SSH_USER}@${VAULT_SSH_HOST:-localhost} vaultctl [args]\n\n\nAlways use -4 to force IPv4 (avoids IPv6 timeout issues).\n\nEnvironment Variables\n\nThese must be set in the skill's runtime environment on the VPS:\n\nVariable\tRequired\tDefault\tDescription\nVAULT_SSH_USER\tYes\t—\tLocal machine username for SSH tunnel\nVAULT_SSH_PORT\tNo\t2222\tSSH tunnel port on localhost\nVAULT_SSH_HOST\tNo\tlocalhost\tSSH tunnel host\nCommand Reference\ntree - List vault structure\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree --depth 2\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree --all\n\n\nOptions:\n\n--depth N - Maximum depth to traverse\n--all - Include all files, not just .md\nresolve - Find note by path or title\n\nALWAYS use --base64 for path and title arguments to prevent shell injection:\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl resolve --path UHJvamVjdHMvUGxhbi5tZA== --base64\n\n# echo -n \"Meeting Notes\" | base64 → TWVldGluZyBOb3Rlcw==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl resolve --title TWVldGluZyBOb3Rlcw== --base64\n\ninfo - Get file metadata\n\nALWAYS use --base64 for the path argument:\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl info UHJvamVjdHMvUGxhbi5tZA== --base64\n\n\nReturns JSON: {\"path\": \"...\", \"lines\": N, \"bytes\": N, \"sha256\": \"...\", \"mtime\": N}\n\nread - Read note content\n\nALWAYS use --base64 for the path argument:\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl read UHJvamVjdHMvUGxhbi5tZA== --base64\n\n\nReturns JSON: {\"path\": \"...\", \"content\": \"...\"}\n\ncreate - Create a NEW note\n\nIMPORTANT: Use --base64 flag with BOTH path AND content base64 encoded. This is required for paths/content with spaces or special characters.\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create --base64\n\n\nExample to create \"Notes/Morning Brief.md\" with content \"# Hello\\n\\nWorld\":\n\n# Encode path: echo -n \"Notes/Morning Brief.md\" | base64 → Tm90ZXMvTW9ybmluZyBCcmllZi5tZA==\n# Encode content: echo -n \"# Hello\\n\\nWorld\" | base64 → IyBIZWxsbwoKV29ybGQ=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create Tm90ZXMvTW9ybmluZyBCcmllZi5tZA== IyBIZWxsbwoKV29ybGQ= --base64\n\nCreates parent directories automatically\nFails if file already exists (use append to add to existing files)\nFile must have .md extension\nNEVER duplicate the title as a heading inside the note content (e.g., for \"My Note.md\", don't start content with \"# My Note\")\nappend - Append to EXISTING note\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl append --base64\n\nFails if file does not exist (use create for new files)\nWhat You CANNOT Do\n\nThese operations are NOT supported:\n\nRename files or folders\nDelete files or folders\nMove files between folders\nEdit specific parts of a file (only append to end)\nCreate folders without a file (folders are created automatically with create)\nTips\nAlways run vaultctl tree first to see what notes exist\nUse vaultctl resolve --title --base64 to find a note by name\nAll output is JSON\nThe local machine must be online with tunnel running\nALWAYS use --base64 for ALL path and content arguments — this is mandatory for security, not optional\nExamples\n\nImportant: Always run tree first if you're unsure what notes exist. This prevents errors from wrong paths or duplicate names.\n\nExample 1: User asks to read a note (check first)\n\nUser: \"Show me my project plan\"\n\nStep 1 - Check what exists:\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\n\n\nOutput:\n\n{\"tree\": [{\"path\": \"Projects\", \"type\": \"dir\"}, {\"path\": \"Projects/Plan.md\", \"type\": \"file\"}]}\n\n\nStep 2 - Now read the correct path (always base64 encode):\n\n# echo -n \"Projects/Plan.md\" | base64 → UHJvamVjdHMvUGxhbi5tZA==\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl read UHJvamVjdHMvUGxhbi5tZA== --base64\n\n\nOutput:\n\n{\"path\": \"Projects/Plan.md\", \"content\": \"# Project Plan\\n\\n## Goals\\n...\"}\n\nExample 2: User asks to create a note (check first to avoid duplicates)\n\nUser: \"Create a meeting notes file\"\n\nStep 1 - Check what already exists:\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\n\n\nOutput:\n\n{\"tree\": [{\"path\": \"Projects\", \"type\": \"dir\"}, {\"path\": \"Projects/Plan.md\", \"type\": \"file\"}]}\n\n\nStep 2 - No \"Meeting Notes\" exists, safe to create (do NOT duplicate title as heading):\n\n# echo -n \"Meeting Notes.md\" | base64 → TWVldGluZyBOb3Rlcy5tZA==\n# echo -n \"## Agenda\\n\\n- Item 1\\n- Item 2\\n\" | base64 → IyMgQWdlbmRhCgotIEl0ZW0gMQotIEl0ZW0gMgo=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create TWVldGluZyBOb3Rlcy5tZA== IyMgQWdlbmRhCgotIEl0ZW0gMQotIEl0ZW0gMgo= --base64\n\n\nOutput:\n\n{\"status\": \"ok\", \"path\": \"Meeting Notes.md\"}\n\nExample 3: User asks about vault contents\n\nUser: \"What's in my notes?\"\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree --depth 2\n\n\nOutput:\n\n{\"tree\": [{\"path\": \"Projects\", \"type\": \"dir\"}, {\"path\": \"Projects/Plan.md\", \"type\": \"file\"}, {\"path\": \"Ideas.md\", \"type\": \"file\"}]}\n\n\nThen summarize for user: \"You have a Projects folder with Plan.md, and an Ideas.md file at the root.\"\n\nExample 4: Complex workflow with source and output notes\n\nUser: \"According to the source note 'AI Digest Sources.md', browse the sources and output the digest to 'digest/2025-01-28-digest.md'\"\n\nStep 1 - Check what exists:\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl tree\n\n\nOutput:\n\n{\"tree\": [{\"path\": \"AI Digest Sources.md\", \"type\": \"file\"}, {\"path\": \"digest\", \"type\": \"dir\"}, {\"path\": \"digest/2025-01-27-digest.md\", \"type\": \"file\"}]}\n\n\nStep 2 - Validate:\n\nSource \"AI Digest Sources.md\" exists\nOutput \"digest/2025-01-28-digest.md\" does NOT exist, will use create\n\n(If source didn't exist: STOP and ask user \"I couldn't find 'AI Digest Sources.md'. Did you mean one of these: [list alternatives]?\")\n\n(If output already existed: use append instead of create)\n\nStep 3 - Read the source note (always base64 encode):\n\n# echo -n \"AI Digest Sources.md\" | base64 → QUkgRGlnZXN0IFNvdXJjZXMubWQ=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl read QUkgRGlnZXN0IFNvdXJjZXMubWQ= --base64\n\n\nOutput:\n\n{\"path\": \"AI Digest Sources.md\", \"content\": \"# AI Digest Sources\\n\\n- https://example.com/article1\\n- https://example.com/article2\\n\"}\n\n\nStep 4 - Browse sources and generate digest content (done by bot outside this skill)\n\nStep 5 - Write output to vault (do NOT duplicate title as heading):\n\n# echo -n \"digest/2025-01-28-digest.md\" | base64 → ZGlnZXN0LzIwMjUtMDEtMjgtZGlnZXN0Lm1k\n# echo -n \"## Summary\\n\\nKey points from today's sources...\\n\" | base64 → IyMgU3VtbWFyeQoKS2V5IHBvaW50cyBmcm9tIHRvZGF5J3Mgc291cmNlcy4uLgo=\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl create ZGlnZXN0LzIwMjUtMDEtMjgtZGlnZXN0Lm1k IyMgU3VtbWFyeQoKS2V5IHBvaW50cyBmcm9tIHRvZGF5J3Mgc291cmNlcy4uLgo= --base64\n\n\n(If output already existed, use append instead:)\n\nssh -4 -p 2222 ${VAULT_SSH_USER}@localhost vaultctl append ZGlnZXN0LzIwMjUtMDEtMjgtZGlnZXN0Lm1k IyMgVXBkYXRlCi4uLg== --base64" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/logancyang/headless-vault-cli", "publisherUrl": "https://clawhub.ai/logancyang/headless-vault-cli", "owner": "logancyang", "version": "1.2.6", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/headless-vault-cli", "downloadUrl": "https://openagent3.xyz/downloads/headless-vault-cli", "agentUrl": "https://openagent3.xyz/skills/headless-vault-cli/agent", "manifestUrl": "https://openagent3.xyz/skills/headless-vault-cli/agent.json", "briefUrl": "https://openagent3.xyz/skills/headless-vault-cli/agent.md" } }