{ "schemaVersion": "1.0", "item": { "slug": "openclaw", "name": "Openclaw", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/zscole/openclaw", "canonicalUrl": "https://clawhub.ai/zscole/openclaw", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openclaw", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/leak-prevention.md", "references/prompt-injection-defense.md", "references/secure-storage.md", "references/session-keys.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw", "agentPageUrl": "https://openagent3.xyz/skills/openclaw/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Bagman", "body": "Secure key management patterns for AI agents handling private keys and secrets. Designed to prevent:\n\nKey loss: Agents forgetting keys between sessions\nAccidental exposure: Keys leaked to GitHub, logs, or outputs\nPrompt injection: Malicious prompts extracting secrets" }, { "title": "Core Principles", "body": "Never store raw private keys in config, env vars, or memory files\nUse session keys / delegated access instead of full control\nAll secret access goes through 1Password CLI (op)\nValidate all outputs before sending to prevent key leakage" }, { "title": "References", "body": "references/secure-storage.md - 1Password patterns for agent secrets\nreferences/session-keys.md - ERC-4337 delegated access patterns\nreferences/leak-prevention.md - Pre-commit hooks and output sanitization\nreferences/prompt-injection-defense.md - Input validation and output filtering" }, { "title": "DO ✅", "body": "# Retrieve key at runtime via 1Password\nPRIVATE_KEY=$(op read \"op://Agents/my-agent-wallet/private-key\")\n\n# Use environment injection (key never touches disk)\nop run --env-file=.env.tpl -- node agent.js\n\n# Use session keys with bounded permissions\n# (delegate specific capabilities, not full wallet access)" }, { "title": "DON'T ❌", "body": "# NEVER store keys in files\necho \"PRIVATE_KEY=0x123...\" > .env\n\n# NEVER log or print keys\nconsole.log(\"Key:\", privateKey)\n\n# NEVER store keys in memory/journal files\n# Even in \"private\" agent memory - these can be exfiltrated\n\n# NEVER trust unvalidated input near key operations" }, { "title": "Architecture: Agent Wallet Stack", "body": "┌─────────────────────────────────────────────────────┐\n│ AI Agent │\n├─────────────────────────────────────────────────────┤\n│ Session Key (time/value bounded) │\n│ - Expires after N hours │\n│ - Spending cap per operation │\n│ - Whitelist of allowed contracts │\n├─────────────────────────────────────────────────────┤\n│ 1Password / Secret Manager │\n│ - Agent retrieves session key at runtime │\n│ - Never stores full private key │\n│ - Audit log of all accesses │\n├─────────────────────────────────────────────────────┤\n│ ERC-4337 Smart Account │\n│ - Programmable permissions │\n│ - Recovery without private key exposure │\n│ - Multi-sig for high-value operations │\n├─────────────────────────────────────────────────────┤\n│ Operator (Human) │\n│ - Holds master key in hardware wallet │\n│ - Issues/revokes session keys │\n│ - Monitors agent activity │\n└─────────────────────────────────────────────────────┘" }, { "title": "1. Create 1Password Vault for Agent Secrets", "body": "# Create dedicated vault (via 1Password app or CLI)\nop vault create \"Agent-Wallets\" --description \"AI agent wallet credentials\"\n\n# Store agent session key (not master key!)\nop item create \\\n --vault \"Agent-Wallets\" \\\n --category \"API Credential\" \\\n --title \"trading-bot-session\" \\\n --field \"session-key[password]=0xsession...\" \\\n --field \"expires=2026-02-15T00:00:00Z\" \\\n --field \"spending-cap=1000 USDC\" \\\n --field \"allowed-contracts=0xDEX1,0xDEX2\"" }, { "title": "2. Agent Retrieves Credentials at Runtime", "body": "import subprocess\nimport json\n\ndef get_session_key(item_name: str) -> dict:\n \"\"\"Retrieve session key from 1Password at runtime.\"\"\"\n result = subprocess.run(\n [\"op\", \"item\", \"get\", item_name, \"--vault\", \"Agent-Wallets\", \"--format\", \"json\"],\n capture_output=True, text=True, check=True\n )\n item = json.loads(result.stdout)\n \n # Extract fields\n fields = {f[\"label\"]: f.get(\"value\") for f in item.get(\"fields\", [])}\n \n # Validate session hasn't expired\n from datetime import datetime\n expires = datetime.fromisoformat(fields.get(\"expires\", \"2000-01-01\"))\n if datetime.now() > expires:\n raise ValueError(\"Session key expired - request new key from operator\")\n \n return {\n \"session_key\": fields.get(\"session-key\"),\n \"expires\": fields.get(\"expires\"),\n \"spending_cap\": fields.get(\"spending-cap\"),\n \"allowed_contracts\": fields.get(\"allowed-contracts\", \"\").split(\",\")\n }" }, { "title": "3. Never Log or Store the Key", "body": "# ❌ BAD - Key in logs\nlogger.info(f\"Using key: {session_key}\")\n\n# ✅ GOOD - Redacted identifier\nlogger.info(f\"Using session key: {session_key[:8]}...{session_key[-4:]}\")\n\n# ❌ BAD - Key in memory file\nwith open(\"memory/today.md\", \"a\") as f:\n f.write(f\"Session key: {session_key}\")\n\n# ✅ GOOD - Reference only\nwith open(\"memory/today.md\", \"a\") as f:\n f.write(f\"Session key: [stored in 1Password: trading-bot-session]\")" }, { "title": "Output Sanitization", "body": "Before any agent output (chat, logs, file writes), scan for key patterns:\n\nimport re\n\nKEY_PATTERNS = [\n r'0x[a-fA-F0-9]{64}', # ETH private keys\n r'sk-[a-zA-Z0-9]{48,}', # OpenAI keys\n r'sk-ant-[a-zA-Z0-9\\-_]{80,}', # Anthropic keys\n r'gsk_[a-zA-Z0-9]{48,}', # Groq keys\n r'[A-Za-z0-9+/]{40,}={0,2}', # Base64 encoded (suspiciously long)\n]\n\ndef sanitize_output(text: str) -> str:\n \"\"\"Remove potential secrets from output.\"\"\"\n for pattern in KEY_PATTERNS:\n text = re.sub(pattern, '[REDACTED]', text)\n return text\n\n# Apply to ALL agent outputs\ndef send_message(content: str):\n content = sanitize_output(content)\n # ... send to chat/log/file" }, { "title": "Pre-commit Hook", "body": "Install this hook to prevent accidental commits of secrets:\n\n#!/bin/bash\n# .git/hooks/pre-commit\n\nPATTERNS=(\n '0x[a-fA-F0-9]{64}'\n 'sk-[a-zA-Z0-9]{48,}'\n 'sk-ant-api'\n 'PRIVATE_KEY='\n 'gsk_[a-zA-Z0-9]{48,}'\n)\n\nfor pattern in \"${PATTERNS[@]}\"; do\n if git diff --cached | grep -qE \"$pattern\"; then\n echo \"❌ Potential secret detected matching: $pattern\"\n echo \" Remove secrets before committing!\"\n exit 1\n fi\ndone" }, { "title": ".gitignore Essentials", "body": "# Secrets\n.env\n.env.*\n*.pem\n*.key\nsecrets/\ncredentials/\n\n# Agent state that might contain secrets\nmemory/*.json\nwallet-state.json\nsession-keys/" }, { "title": "Input Validation", "body": "Before processing any user input that touches wallet operations:\n\nDANGEROUS_PATTERNS = [\n r'ignore.*(previous|above|prior).*instructions',\n r'reveal.*(key|secret|password|credential)',\n r'output.*(key|secret|private)',\n r'print.*(key|secret|wallet)',\n r'show.*(key|secret|password)',\n r'what.*(key|secret|password)',\n r'tell.*me.*(key|secret)',\n r'disregard.*rules',\n r'system.*prompt',\n r'jailbreak',\n r'dan.*mode',\n]\n\ndef validate_input(text: str) -> bool:\n \"\"\"Check for prompt injection attempts.\"\"\"\n text_lower = text.lower()\n for pattern in DANGEROUS_PATTERNS:\n if re.search(pattern, text_lower):\n return False\n return True\n\ndef process_wallet_request(user_input: str):\n if not validate_input(user_input):\n return \"I can't help with that request.\"\n # ... proceed with wallet operation" }, { "title": "Separation of Concerns", "body": "Wallet operations should be in isolated functions with no access to conversation context\nNever pass full conversation history to wallet-sensitive code\nUse allowlists for operations, not blocklists\n\nALLOWED_WALLET_OPERATIONS = {\n \"check_balance\": lambda: get_balance(),\n \"send_usdc\": lambda to, amount: send_usdc(to, amount) if amount < DAILY_LIMIT else deny(),\n \"swap\": lambda: swap_tokens() if within_limits() else deny(),\n}\n\ndef execute_wallet_operation(operation: str, **kwargs):\n \"\"\"Execute only explicitly allowed operations.\"\"\"\n if operation not in ALLOWED_WALLET_OPERATIONS:\n raise ValueError(f\"Operation '{operation}' not allowed\")\n return ALLOWED_WALLET_OPERATIONS[operation](**kwargs)" }, { "title": "Session Key Implementation (ERC-4337)", "body": "For agents needing on-chain access, use session keys instead of raw private keys.\n\nSee references/session-keys.md for full implementation details including:\n\nZeroDev/Biconomy SDK examples\nPermission patterns for trading/DeFi/payment agents\nSession key lifecycle management\nRevocation procedures" }, { "title": "If a Key is Leaked", "body": "Immediate: Revoke the session key / rotate credentials\nAssess: Check transaction history for unauthorized activity\nNotify: Alert operator via secure channel\nRotate: Issue new session key with tighter permissions\nAudit: Review how leak occurred, update defenses\n\n# Emergency: Revoke 1Password item\nop item delete \"compromised-session-key\" --vault \"Agent-Wallets\"\n\n# Rotate to new session key\nop item create --vault \"Agent-Wallets\" --category \"API Credential\" \\\n --title \"trading-bot-session-v2\" ..." }, { "title": "Checklist: Agent Wallet Setup", "body": "Create dedicated 1Password vault for agent credentials\n Store session keys (NOT master keys) in vault\n Set appropriate expiry and spending limits\n Install pre-commit hook for secret detection\n Add output sanitization to all agent responses\n Implement input validation for prompt injection\n Configure monitoring and alerts\n Document incident response procedure\n Test key rotation procedure" }, { "title": "1. Keys in Memory Files", "body": "Problem: Agents store keys in memory/*.md for \"persistence\"\n\n# memory/2026-02-07.md\n## Test Wallet\n- Private key: 0x9f01dad551039daad3a8c4e43a32035bdd4da54e7b4292268be16e913b0b3e56\n\nFix: Store reference only: Private key: [1Password: test-wallet-session]" }, { "title": "2. Keys in Environment Templates", "body": "Problem: .env.example contains real keys\n\n# .env.example\nPRIVATE_KEY=sk-ant-api03-real-key-here... # \"for testing\"\n\nFix: Use obviously fake placeholders: PRIVATE_KEY=your-key-here" }, { "title": "3. Keys in Error Messages", "body": "Problem: Error handling exposes keys\n\ntry:\n sign_transaction(private_key, tx)\nexcept Exception as e:\n logger.error(f\"Failed with key {private_key}: {e}\") # ❌\n\nFix: Never include credentials in error context" }, { "title": "4. Test Keys in Production Code", "body": "Problem: Hardcoded test keys make it to main branch\n\nFix: Use separate test vault, CI checks for key patterns" }, { "title": "Integration with OpenClaw", "body": "When running as an OpenClaw agent:\n\nUse 1Password skill for all secret retrieval\nNever write keys to workspace files - they persist across sessions\nSanitize outputs before sending to any channel (Telegram, Discord, etc.)\nSession key approach for wallet operations - request bounded access from operator\nDocument key references in TOOLS.md, not the actual keys\n\nExample TOOLS.md entry:\n\n### Agent Wallet\n- Address: 0xABC123...\n- Session key: [1Password: my-agent-session]\n- Permissions: USDC transfers < 100, approved DEX only\n- Expires: 2026-02-15\n- To rotate: Ask operator via Telegram" } ], "body": "Bagman\n\nSecure key management patterns for AI agents handling private keys and secrets. Designed to prevent:\n\nKey loss: Agents forgetting keys between sessions\nAccidental exposure: Keys leaked to GitHub, logs, or outputs\nPrompt injection: Malicious prompts extracting secrets\nCore Principles\nNever store raw private keys in config, env vars, or memory files\nUse session keys / delegated access instead of full control\nAll secret access goes through 1Password CLI (op)\nValidate all outputs before sending to prevent key leakage\nReferences\nreferences/secure-storage.md - 1Password patterns for agent secrets\nreferences/session-keys.md - ERC-4337 delegated access patterns\nreferences/leak-prevention.md - Pre-commit hooks and output sanitization\nreferences/prompt-injection-defense.md - Input validation and output filtering\nQuick Reference\nDO ✅\n# Retrieve key at runtime via 1Password\nPRIVATE_KEY=$(op read \"op://Agents/my-agent-wallet/private-key\")\n\n# Use environment injection (key never touches disk)\nop run --env-file=.env.tpl -- node agent.js\n\n# Use session keys with bounded permissions\n# (delegate specific capabilities, not full wallet access)\n\nDON'T ❌\n# NEVER store keys in files\necho \"PRIVATE_KEY=0x123...\" > .env\n\n# NEVER log or print keys\nconsole.log(\"Key:\", privateKey)\n\n# NEVER store keys in memory/journal files\n# Even in \"private\" agent memory - these can be exfiltrated\n\n# NEVER trust unvalidated input near key operations\n\nArchitecture: Agent Wallet Stack\n┌─────────────────────────────────────────────────────┐\n│ AI Agent │\n├─────────────────────────────────────────────────────┤\n│ Session Key (time/value bounded) │\n│ - Expires after N hours │\n│ - Spending cap per operation │\n│ - Whitelist of allowed contracts │\n├─────────────────────────────────────────────────────┤\n│ 1Password / Secret Manager │\n│ - Agent retrieves session key at runtime │\n│ - Never stores full private key │\n│ - Audit log of all accesses │\n├─────────────────────────────────────────────────────┤\n│ ERC-4337 Smart Account │\n│ - Programmable permissions │\n│ - Recovery without private key exposure │\n│ - Multi-sig for high-value operations │\n├─────────────────────────────────────────────────────┤\n│ Operator (Human) │\n│ - Holds master key in hardware wallet │\n│ - Issues/revokes session keys │\n│ - Monitors agent activity │\n└─────────────────────────────────────────────────────┘\n\nWorkflow: Setting Up Agent Wallet Access\n1. Create 1Password Vault for Agent Secrets\n# Create dedicated vault (via 1Password app or CLI)\nop vault create \"Agent-Wallets\" --description \"AI agent wallet credentials\"\n\n# Store agent session key (not master key!)\nop item create \\\n --vault \"Agent-Wallets\" \\\n --category \"API Credential\" \\\n --title \"trading-bot-session\" \\\n --field \"session-key[password]=0xsession...\" \\\n --field \"expires=2026-02-15T00:00:00Z\" \\\n --field \"spending-cap=1000 USDC\" \\\n --field \"allowed-contracts=0xDEX1,0xDEX2\"\n\n2. Agent Retrieves Credentials at Runtime\nimport subprocess\nimport json\n\ndef get_session_key(item_name: str) -> dict:\n \"\"\"Retrieve session key from 1Password at runtime.\"\"\"\n result = subprocess.run(\n [\"op\", \"item\", \"get\", item_name, \"--vault\", \"Agent-Wallets\", \"--format\", \"json\"],\n capture_output=True, text=True, check=True\n )\n item = json.loads(result.stdout)\n \n # Extract fields\n fields = {f[\"label\"]: f.get(\"value\") for f in item.get(\"fields\", [])}\n \n # Validate session hasn't expired\n from datetime import datetime\n expires = datetime.fromisoformat(fields.get(\"expires\", \"2000-01-01\"))\n if datetime.now() > expires:\n raise ValueError(\"Session key expired - request new key from operator\")\n \n return {\n \"session_key\": fields.get(\"session-key\"),\n \"expires\": fields.get(\"expires\"),\n \"spending_cap\": fields.get(\"spending-cap\"),\n \"allowed_contracts\": fields.get(\"allowed-contracts\", \"\").split(\",\")\n }\n\n3. Never Log or Store the Key\n# ❌ BAD - Key in logs\nlogger.info(f\"Using key: {session_key}\")\n\n# ✅ GOOD - Redacted identifier\nlogger.info(f\"Using session key: {session_key[:8]}...{session_key[-4:]}\")\n\n# ❌ BAD - Key in memory file\nwith open(\"memory/today.md\", \"a\") as f:\n f.write(f\"Session key: {session_key}\")\n\n# ✅ GOOD - Reference only\nwith open(\"memory/today.md\", \"a\") as f:\n f.write(f\"Session key: [stored in 1Password: trading-bot-session]\")\n\nLeak Prevention\nOutput Sanitization\n\nBefore any agent output (chat, logs, file writes), scan for key patterns:\n\nimport re\n\nKEY_PATTERNS = [\n r'0x[a-fA-F0-9]{64}', # ETH private keys\n r'sk-[a-zA-Z0-9]{48,}', # OpenAI keys\n r'sk-ant-[a-zA-Z0-9\\-_]{80,}', # Anthropic keys\n r'gsk_[a-zA-Z0-9]{48,}', # Groq keys\n r'[A-Za-z0-9+/]{40,}={0,2}', # Base64 encoded (suspiciously long)\n]\n\ndef sanitize_output(text: str) -> str:\n \"\"\"Remove potential secrets from output.\"\"\"\n for pattern in KEY_PATTERNS:\n text = re.sub(pattern, '[REDACTED]', text)\n return text\n\n# Apply to ALL agent outputs\ndef send_message(content: str):\n content = sanitize_output(content)\n # ... send to chat/log/file\n\nPre-commit Hook\n\nInstall this hook to prevent accidental commits of secrets:\n\n#!/bin/bash\n# .git/hooks/pre-commit\n\nPATTERNS=(\n '0x[a-fA-F0-9]{64}'\n 'sk-[a-zA-Z0-9]{48,}'\n 'sk-ant-api'\n 'PRIVATE_KEY='\n 'gsk_[a-zA-Z0-9]{48,}'\n)\n\nfor pattern in \"${PATTERNS[@]}\"; do\n if git diff --cached | grep -qE \"$pattern\"; then\n echo \"❌ Potential secret detected matching: $pattern\"\n echo \" Remove secrets before committing!\"\n exit 1\n fi\ndone\n\n.gitignore Essentials\n# Secrets\n.env\n.env.*\n*.pem\n*.key\nsecrets/\ncredentials/\n\n# Agent state that might contain secrets\nmemory/*.json\nwallet-state.json\nsession-keys/\n\nPrompt Injection Defense\nInput Validation\n\nBefore processing any user input that touches wallet operations:\n\nDANGEROUS_PATTERNS = [\n r'ignore.*(previous|above|prior).*instructions',\n r'reveal.*(key|secret|password|credential)',\n r'output.*(key|secret|private)',\n r'print.*(key|secret|wallet)',\n r'show.*(key|secret|password)',\n r'what.*(key|secret|password)',\n r'tell.*me.*(key|secret)',\n r'disregard.*rules',\n r'system.*prompt',\n r'jailbreak',\n r'dan.*mode',\n]\n\ndef validate_input(text: str) -> bool:\n \"\"\"Check for prompt injection attempts.\"\"\"\n text_lower = text.lower()\n for pattern in DANGEROUS_PATTERNS:\n if re.search(pattern, text_lower):\n return False\n return True\n\ndef process_wallet_request(user_input: str):\n if not validate_input(user_input):\n return \"I can't help with that request.\"\n # ... proceed with wallet operation\n\nSeparation of Concerns\nWallet operations should be in isolated functions with no access to conversation context\nNever pass full conversation history to wallet-sensitive code\nUse allowlists for operations, not blocklists\nALLOWED_WALLET_OPERATIONS = {\n \"check_balance\": lambda: get_balance(),\n \"send_usdc\": lambda to, amount: send_usdc(to, amount) if amount < DAILY_LIMIT else deny(),\n \"swap\": lambda: swap_tokens() if within_limits() else deny(),\n}\n\ndef execute_wallet_operation(operation: str, **kwargs):\n \"\"\"Execute only explicitly allowed operations.\"\"\"\n if operation not in ALLOWED_WALLET_OPERATIONS:\n raise ValueError(f\"Operation '{operation}' not allowed\")\n return ALLOWED_WALLET_OPERATIONS[operation](**kwargs)\n\nSession Key Implementation (ERC-4337)\n\nFor agents needing on-chain access, use session keys instead of raw private keys.\n\nSee references/session-keys.md for full implementation details including:\n\nZeroDev/Biconomy SDK examples\nPermission patterns for trading/DeFi/payment agents\nSession key lifecycle management\nRevocation procedures\nIncident Response\nIf a Key is Leaked\nImmediate: Revoke the session key / rotate credentials\nAssess: Check transaction history for unauthorized activity\nNotify: Alert operator via secure channel\nRotate: Issue new session key with tighter permissions\nAudit: Review how leak occurred, update defenses\n# Emergency: Revoke 1Password item\nop item delete \"compromised-session-key\" --vault \"Agent-Wallets\"\n\n# Rotate to new session key\nop item create --vault \"Agent-Wallets\" --category \"API Credential\" \\\n --title \"trading-bot-session-v2\" ...\n\nChecklist: Agent Wallet Setup\n Create dedicated 1Password vault for agent credentials\n Store session keys (NOT master keys) in vault\n Set appropriate expiry and spending limits\n Install pre-commit hook for secret detection\n Add output sanitization to all agent responses\n Implement input validation for prompt injection\n Configure monitoring and alerts\n Document incident response procedure\n Test key rotation procedure\nCommon Mistakes Found in Production\n1. Keys in Memory Files\n\nProblem: Agents store keys in memory/*.md for \"persistence\"\n\n# memory/2026-02-07.md\n## Test Wallet\n- Private key: 0x9f01dad551039daad3a8c4e43a32035bdd4da54e7b4292268be16e913b0b3e56\n\n\nFix: Store reference only: Private key: [1Password: test-wallet-session]\n\n2. Keys in Environment Templates\n\nProblem: .env.example contains real keys\n\n# .env.example\nPRIVATE_KEY=sk-ant-api03-real-key-here... # \"for testing\"\n\n\nFix: Use obviously fake placeholders: PRIVATE_KEY=your-key-here\n\n3. Keys in Error Messages\n\nProblem: Error handling exposes keys\n\ntry:\n sign_transaction(private_key, tx)\nexcept Exception as e:\n logger.error(f\"Failed with key {private_key}: {e}\") # ❌\n\n\nFix: Never include credentials in error context\n\n4. Test Keys in Production Code\n\nProblem: Hardcoded test keys make it to main branch\n\nFix: Use separate test vault, CI checks for key patterns\n\nIntegration with OpenClaw\n\nWhen running as an OpenClaw agent:\n\nUse 1Password skill for all secret retrieval\nNever write keys to workspace files - they persist across sessions\nSanitize outputs before sending to any channel (Telegram, Discord, etc.)\nSession key approach for wallet operations - request bounded access from operator\nDocument key references in TOOLS.md, not the actual keys\n\nExample TOOLS.md entry:\n\n### Agent Wallet\n- Address: 0xABC123...\n- Session key: [1Password: my-agent-session]\n- Permissions: USDC transfers < 100, approved DEX only\n- Expires: 2026-02-15\n- To rotate: Ask operator via Telegram" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/zscole/openclaw", "publisherUrl": "https://clawhub.ai/zscole/openclaw", "owner": "zscole", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw", "downloadUrl": "https://openagent3.xyz/downloads/openclaw", "agentUrl": "https://openagent3.xyz/skills/openclaw/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw/agent.md" } }