# Send Secret's Safe to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "secret-safe", "name": "Secret's Safe", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/brycexbt/secret-safe", "canonicalUrl": "https://clawhub.ai/brycexbt/secret-safe", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/secret-safe", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secret-safe", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "references/audit-checklist.md", "references/env-injection-examples.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "secret-safe", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-08T15:00:35.901Z", "expiresAt": "2026-05-15T15:00:35.901Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secret-safe", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secret-safe", "contentDisposition": "attachment; filename=\"secret-safe-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "secret-safe" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/secret-safe" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/secret-safe", "downloadUrl": "https://openagent3.xyz/downloads/secret-safe", "agentUrl": "https://openagent3.xyz/skills/secret-safe/agent", "manifestUrl": "https://openagent3.xyz/skills/secret-safe/agent.json", "briefUrl": "https://openagent3.xyz/skills/secret-safe/agent.md" } } ``` ## Documentation ### Secret-Safe: Secure Credential Handling for Agent Skills Why this skill exists: Snyk researchers found that 7.1% of all ClawHub skills instruct agents to handle API keys through the LLM context — making every secret an active exfiltration channel. This skill teaches the correct pattern. ### The Core Rule A secret must never appear in: The LLM prompt or system context Claude's response or reasoning Logs, session exports, or .jsonl history files File artifacts created by the agent Error messages echoed back to the user A secret must only flow through: process.env (injected by OpenClaw before the agent turn) The shell environment of a subprocess the agent spawns A secrets manager CLI (read at subprocess level, not piped back into context) ### Pattern 1: Environment Injection (Preferred) This is OpenClaw's native, secure path. Use it for any skill that needs an API key. ### In SKILL.md frontmatter --- name: my-service-skill description: Interact with MyService API. metadata: {"openclaw": {"requires": {"env": ["MY_SERVICE_API_KEY"]}, "primaryEnv": "MY_SERVICE_API_KEY"}} --- The requires.env gate ensures the skill will not load if the key isn't present — no silent failures, no prompting the user to paste a key mid-conversation. The primaryEnv field links to skills.entries..apiKey in openclaw.json, so the user configures it once in their config file, never in chat. ### In skill instructions ## Authentication The API key is available as \`$MY_SERVICE_API_KEY\` in the shell environment. Pass it to CLI tools or curl as an environment variable — never echo it or include it in any output returned to the user. ### Example safe curl invocation (instruct the agent to do this) # CORRECT — key stays in environment, never in command string visible to LLM MY_SERVICE_API_KEY="$MY_SERVICE_API_KEY" curl -s \\ -H "Authorization: Bearer $MY_SERVICE_API_KEY" \\ https://api.myservice.com/v1/data Never instruct the agent to do this: # WRONG — key is visible in LLM context, command history, and logs curl -H "Authorization: Bearer sk-abc123realkeyhere" https://api.myservice.com/ ### Pattern 2: Secrets Manager Integration For production setups or team environments, read secrets from a manager at subprocess level. ### Supported managers ManagerCLIEnv var patternmacOS Keychainsecurity find-generic-password -wN/A1Password CLIop read op://vault/item/fieldOP_SERVICE_ACCOUNT_TOKENDopplerdoppler run --DOPPLER_TOKENHashiCorp Vaultvault kv get -field=valueVAULT_TOKENBitwarden CLIbw get password item-nameBW_SESSION ### Safe shell wrapper pattern Create a scripts/run-with-secret.sh in your skill: #!/usr/bin/env bash # Fetches the secret at subprocess level — never echoes to stdout SECRET=$(security find-generic-password -s "my-service-api-key" -w 2>/dev/null) if [ -z "$SECRET" ]; then echo "ERROR: Secret 'my-service-api-key' not found in keychain." >&2 exit 1 fi export MY_SERVICE_API_KEY="$SECRET" exec "$@" The agent runs bash {baseDir}/scripts/run-with-secret.sh — the secret is fetched and injected entirely outside the LLM's view. ### Pattern 3: User Setup Flow (first-run) If the user hasn't configured a key yet, guide them through setup without asking for the key in chat. ### Correct setup prompt to give the user: To use this skill, add your API key to ~/.openclaw/openclaw.json: skills: entries: my-service: apiKey: "your-key-here" Or set it as an environment variable before starting OpenClaw: export MY_SERVICE_API_KEY="your-key-here" Do NOT paste your key into this chat — it will be logged. ### Incorrect (never do this): Please share your API key so I can help you set it up. ### Auditing Another Skill for Leaks When asked to review a SKILL.md for credential safety, check for these patterns: ### 🔴 Critical — Must Fix PatternWhy it's dangerousInstruction to paste key into chatKey goes into LLM context + session logsecho $API_KEY or print(api_key) in instructionsOutput captured in contextKey interpolated into a string returned to userExposed in response artifactcat ~/.env or reading raw env filesEntire env dumped into contextKey stored in a file the agent createsCreates a static credential artifactInstructions tell agent to "remember" the keyKey persists across context window ### 🟡 Warning — Should Fix PatternRiskNo requires.env gate in frontmatterSkill silently fails or user is promptedLogging command output without filteringMay capture keys in error messagesUsing set -x in shell scriptsEchoes all commands including key valuesPassing key as a positional argumentVisible in ps aux on the host ### 🟢 Safe Patterns requires.env in frontmatter Key accessed only as $ENV_VAR in shell, never echoed Subprocess scripts that fetch and inject without returning to context Error messages that say "key not found" without printing the value Output filtered through sed/grep before returning to agent ### Self-Check Before Publishing a Skill Run through this checklist before putting any skill on ClawHub: Does the skill ever ask the user to paste a secret into the conversation? Does the skill ever echo, print, log, or return a secret value? Does the skill read a .env file and dump its contents? Does the skill store a secret in a file artifact? Are all API key references gated with requires.env in frontmatter? Do error messages avoid reflecting credential values? Does any shell script use set -x (which would expose key values)? Would running clawhub audit {skill-name} pass? If any box is unchecked, do not publish until fixed. ### Quick Reference: Safe vs Unsafe Patterns # UNSAFE — never write instructions like these: "Ask the user for their OpenAI API key and use it to call the API." "Set the Authorization header to Bearer {user_api_key}." "Store the API key in a variable and use it throughout the session." # SAFE — write instructions like these: "The API key is injected as $OPENAI_API_KEY via environment — use it directly." "Run: OPENAI_API_KEY=$OPENAI_API_KEY curl ..." "If $OPENAI_API_KEY is not set, print an error and exit — do not ask the user." ### Reference Files references/env-injection-examples.md — Full worked examples for popular APIs (OpenAI, Anthropic, GitHub, Stripe, Slack) references/audit-checklist.md — Printable audit checklist for skill authors and reviewers ## Trust - Source: tencent - Verification: Indexed source record - Publisher: brycexbt - Version: 1.0.0 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-08T15:00:35.901Z - Expires at: 2026-05-15T15:00:35.901Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/secret-safe) - [Send to Agent page](https://openagent3.xyz/skills/secret-safe/agent) - [JSON manifest](https://openagent3.xyz/skills/secret-safe/agent.json) - [Markdown brief](https://openagent3.xyz/skills/secret-safe/agent.md) - [Download page](https://openagent3.xyz/downloads/secret-safe)