Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
Passwordstore Broker
Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environm...
skill openclawclawhub Free
Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environm...
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md, scripts/vault.sh, scripts/setup_totp_enrollment.py, scripts/get_password_from_user.py, scripts/run_with_secret.sh, references/SETUP.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.1.1
Provenance
- Publisher
- BieggerM
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Passwordstore Broker Agent Protocol
Run this workflow whenever credentials are needed.
Prerequisites
Follow references/SETUP.md before first use.
Setup Preflight
Before first LAN-mode intake, verify both files exist: ~/.passwordstore-broker/totp.secret ~/.passwordstore-broker/setup_completed_at.txt If missing, run scripts/setup_totp_enrollment.py and send: QR image at qr_png_path (preferred) fallback otpauth_url Record and trust setup_completed_at as the initial enrollment timestamp. Never reveal or retransmit the totp.secret value after initial enrollment under any circumstances. Do not rotate totp.secret. User has to do it manually if compromised. Rotation is not to be done by the agent.
Phase 1: Get Secrets
Goal: ensure required secrets exist in local vault without exposing values in chat. Map auth requirements to secret-name -> ENV_VAR. Check whether each secret exists: scripts/vault.sh exists <secret-name> If missing, collect via one-time HTTPS intake: Local mode (default): scripts/get_password_from_user.py --secretname <secret-name> --port <port> LAN mode (when user asks for phone/private-network flow): scripts/get_password_from_user.py --secretname <secret-name> --port <port> --access lan Send generated intake URL to user. In LAN mode, instruct user to submit both fields in the form: secret value current authenticator code If intake fails or times out, retry with a new port. Exit criteria: Required secret paths exist in vault.
Phase 2: Use Secrets
Goal: execute authenticated commands without exposing secret values. Prefer injector wrapper: scripts/run_with_secret.sh --secret <secret-name> --env <ENV_VAR> -- <command> [args...] Fallback one-liner: <ENV_VAR>="$(scripts/vault.sh get <secret-name>)" <command> [args...] Never print env dumps (env, printenv, set) in secret-bearing runs. Exit criteria: Authenticated command succeeds without secret leakage.
Phase 3: Interact With Vault
Goal: manage lifecycle safely. Put/update: scripts/vault.sh put <secret-name> Get (only when necessary): scripts/vault.sh get <secret-name> Exists: scripts/vault.sh exists <secret-name> List: scripts/vault.sh ls Remove: scripts/vault.sh rm <secret-name> Naming policy: Use stable scoped keys like github/token, openai/prod/api_key, aws/staging/access_key_id. Rotation policy: Default to replacing value under the same key. Use versioned keys only when user explicitly asks.
Non-Negotiable Guardrails
Never ask users to paste raw secrets into chat. Never echo secret values back to user. Never store secrets in repo files, commit messages, issue comments, or transcripts. Never expose intake over public interfaces or tunnels. LAN mode must rely on runtime private-network autodetection and webform TOTP validation.
Quick Runbook
Ensure TOTP enrollment exists (via setup preflight) before first LAN use. For each missing secret, run intake in local or LAN mode based on user intent. Execute tools via run_with_secret.sh. Rotate/remove secrets via vault.sh as requested.
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
4 Scripts2 Docs
- SKILL.md
- references/SETUP.md
- scripts/get_password_from_user.py
- scripts/run_with_secret.sh
- scripts/setup_totp_enrollment.py
- scripts/vault.sh