{ "schemaVersion": "1.0", "item": { "slug": "secure-autofill", "name": "Secure Autofill", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/moodykong/secure-autofill", "canonicalUrl": "https://clawhub.ai/moodykong/secure-autofill", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/secure-autofill", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secure-autofill", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "config.env", "scripts/onboard.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/secure-autofill" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/secure-autofill", "agentPageUrl": "https://openagent3.xyz/skills/secure-autofill/agent", "manifestUrl": "https://openagent3.xyz/skills/secure-autofill/agent.json", "briefUrl": "https://openagent3.xyz/skills/secure-autofill/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "secure-autofill 🔐", "body": "This skill documents how to use the secure-autofill plugin tools:\n\nvault_suggest — find likely 1Password items\nvault_fill — fill browser DOM fields with secrets (agent never sees credentials)" }, { "title": "Architecture", "body": "Agent orchestrates; plugin handles secrets. The agent provides element refs from browser.snapshot; the plugin types secrets into the page." }, { "title": "Prerequisites", "body": "Tools available (if tool allowlists are in use): vault_suggest, vault_fill\nA working non-headless Chrome on WSL (many sites block headless)\nGateway environment has required env vars\n\nConcrete checks:\n\ncommand -v google-chrome || command -v google-chrome-stable" }, { "title": "Configuration (portable)", "body": "Machine-specific environment should NOT be hardcoded in this document.\n\nExample (do not edit): ~/.openclaw/skills/secure-autofill/config.env.example\nReal (machine-specific): ~/.openclaw/skills/secure-autofill/config.env\nGateway env file (recommended destination): ~/.config/openclaw/env\n\nTypical keys:\n\nDISPLAY\nWAYLAND_DISPLAY\nOP_SERVICE_ACCOUNT_TOKEN (do not commit; do not paste into chat)" }, { "title": "Preferred (chat-first)", "body": "Because the primary interface is chat (Telegram), the preferred onboarding flow is:\n\nAsk Boss which values to set (DISPLAY, WAYLAND_DISPLAY, whether to set OP_SERVICE_ACCOUNT_TOKEN).\nWrite/update the real skill-local env file: config.env.\nOptionally update the gateway env file (~/.config/openclaw/env) with per-key confirmation.\nIf applicable, detect whether openclaw-gateway is managed by systemctl --user and offer to restart." }, { "title": "Optional (terminal)", "body": "If you are running in a real terminal, you can use the interactive onboarding script:\n\n~/.openclaw/skills/secure-autofill/scripts/onboard.sh" }, { "title": "1) Install Google Chrome (.deb)", "body": "Ubuntu 22.04 moved Chromium to snap which doesn't work well in WSL. Install Chrome directly:\n\n# Add Google apt source\nwget -qO- https://dl.google.com/linux/linux_signing_key.pub \\\n | sudo gpg --dearmor -o /usr/share/keyrings/google-linux-signing-keyring.gpg\n\necho \"deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main\" \\\n | sudo tee /etc/apt/sources.list.d/google-chrome.list\n\n# Install\nsudo apt update && sudo apt install -y google-chrome-stable" }, { "title": "2) Configure gateway environment (non-headless + 1Password token)", "body": "Create/update ~/.config/openclaw/env.\nRun onboarding to generate the real env file (skill-local):\n\n~/.openclaw/skills/secure-autofill/scripts/onboard.sh\n\nCopy the needed variables from the skill-local config.env into the gateway env file (~/.config/openclaw/env).\nEnsure the gateway service loads the env file:\n\nmkdir -p ~/.config/systemd/user/openclaw-gateway.service.d\ncat > ~/.config/systemd/user/openclaw-gateway.service.d/override.conf << 'EOF'\n[Service]\nEnvironmentFile=%h/.config/openclaw/env\nEOF\n\nsystemctl --user daemon-reload\nsystemctl --user restart openclaw-gateway" }, { "title": "3) Tool allowlist (if configured)", "body": "In ~/.openclaw/openclaw.json, add:\n\n\"tools\": {\n \"alsoAllow\": [\"vault_fill\", \"vault_suggest\"]\n}" }, { "title": "Tools", "body": "vault_suggest — list 1Password items (to find available credentials)\nvault_fill — fill DOM fields with secrets (agent provides refs, plugin types secrets)" }, { "title": "vault_fill API", "body": "vault_fill({\n item_title: \"X\", // 1Password item title\n fields: {\n username: { ref: \"e3\" }, // field type → DOM ref\n password: { ref: \"e5\" },\n otp: { ref: \"e7\" } // optional\n },\n retry_mode: \"simple\", // \"simple\" | \"next_candidate\" | \"reset\"\n targetId: \"...\" // from browser snapshot\n})\n\n// Returns:\n{\n ok: true,\n filled: [\"username\", \"password\"],\n item_title: \"X\",\n has_more_candidates: false\n}" }, { "title": "Field types", "body": "username → 1Password \"username\" field\npassword → 1Password \"password\" field\nemail → 1Password \"email\" field (falls back to username)\notp → 1Password TOTP (fresh code)" }, { "title": "Retry modes", "body": "simple — same credentials, same refs (use after dismissing a blocker)\nnext_candidate — try next matching 1Password item (wrong credentials)\nreset — clear retry state and start fresh" }, { "title": "Timing note", "body": "Always wait ~1 second after vault_fill before clicking submit.\n\nThe plugin uses async CLI calls which take a moment to complete typing.\n\nvault_fill(...) // returns immediately\nwait 1000ms // let typing complete\nclick submit" }, { "title": "Login workflow (agent-driven)", "body": "1. Navigate to login page\n2. Loop until logged in or max retries:\n a. snapshot → identify page state\n b. If obstacle (cookie banner, popup, passkey error):\n - Dismiss it\n - Continue loop\n c. If credential field found:\n - Build field mapping from snapshot refs\n - Call vault_fill with mapping\n - Click submit button\n - Continue loop\n d. If logged in:\n - Done!\n e. If error:\n - Decide: retry_mode=\"simple\" or \"next_candidate\"\n - Continue loop" }, { "title": "X.com example", "body": "Agent: navigate to x.com/i/flow/login\nAgent: snapshot\n → textbox \"Phone, email, or username\" [ref=e3]\n → button \"Next\" [ref=e4]\nAgent: vault_fill({ item_title: \"X\", fields: { username: { ref: \"e3\" } }, targetId })\nAgent: click e4 (Next button)\nAgent: wait, snapshot\n → button \"Next\" [ref=e1] (passkey error dialog)\nAgent: click e1 (dismiss)\nAgent: wait, snapshot\n → textbox \"Password\" [ref=e3]\n → button \"Log in\" [ref=e6]\nAgent: vault_fill({ item_title: \"X\", fields: { password: { ref: \"e3\" } }, targetId })\nAgent: click e6 (Log in)\nAgent: wait, snapshot\n → textbox \"Enter code\" [ref=e4]\n → button \"Next\" [ref=e7]\nAgent: vault_fill({ item_title: \"X\", fields: { otp: { ref: \"e4\" } }, targetId })\nAgent: click e7 (Next)\nAgent: wait, snapshot → home feed visible → Done!" }, { "title": "MFA handling", "body": "TOTP: use vault_fill(otp)\nSMS/Email: ask user for the code; type it; click Next\nPush: tell user to approve; wait; continue" }, { "title": "Executables / bin placement", "body": "This skill is documentation for plugin tools; it does not ship a standalone executable.\nHelper scripts (like onboarding) live inside the skill folder under scripts/." } ], "body": "secure-autofill 🔐\n\nThis skill documents how to use the secure-autofill plugin tools:\n\nvault_suggest — find likely 1Password items\nvault_fill — fill browser DOM fields with secrets (agent never sees credentials)\nArchitecture\n\nAgent orchestrates; plugin handles secrets. The agent provides element refs from browser.snapshot; the plugin types secrets into the page.\n\nPrerequisites\nTools available (if tool allowlists are in use): vault_suggest, vault_fill\nA working non-headless Chrome on WSL (many sites block headless)\nGateway environment has required env vars\n\nConcrete checks:\n\ncommand -v google-chrome || command -v google-chrome-stable\n\nConfiguration (portable)\n\nMachine-specific environment should NOT be hardcoded in this document.\n\nExample (do not edit): ~/.openclaw/skills/secure-autofill/config.env.example\nReal (machine-specific): ~/.openclaw/skills/secure-autofill/config.env\nGateway env file (recommended destination): ~/.config/openclaw/env\n\nTypical keys:\n\nDISPLAY\nWAYLAND_DISPLAY\nOP_SERVICE_ACCOUNT_TOKEN (do not commit; do not paste into chat)\nInitialization / installation / onboarding (WSL)\nPreferred (chat-first)\n\nBecause the primary interface is chat (Telegram), the preferred onboarding flow is:\n\nAsk Boss which values to set (DISPLAY, WAYLAND_DISPLAY, whether to set OP_SERVICE_ACCOUNT_TOKEN).\nWrite/update the real skill-local env file: config.env.\nOptionally update the gateway env file (~/.config/openclaw/env) with per-key confirmation.\nIf applicable, detect whether openclaw-gateway is managed by systemctl --user and offer to restart.\nOptional (terminal)\n\nIf you are running in a real terminal, you can use the interactive onboarding script:\n\n~/.openclaw/skills/secure-autofill/scripts/onboard.sh\n\n1) Install Google Chrome (.deb)\n\nUbuntu 22.04 moved Chromium to snap which doesn't work well in WSL. Install Chrome directly:\n\n# Add Google apt source\nwget -qO- https://dl.google.com/linux/linux_signing_key.pub \\\n | sudo gpg --dearmor -o /usr/share/keyrings/google-linux-signing-keyring.gpg\n\necho \"deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main\" \\\n | sudo tee /etc/apt/sources.list.d/google-chrome.list\n\n# Install\nsudo apt update && sudo apt install -y google-chrome-stable\n\n2) Configure gateway environment (non-headless + 1Password token)\nCreate/update ~/.config/openclaw/env.\nRun onboarding to generate the real env file (skill-local):\n~/.openclaw/skills/secure-autofill/scripts/onboard.sh\n\nCopy the needed variables from the skill-local config.env into the gateway env file (~/.config/openclaw/env).\nEnsure the gateway service loads the env file:\nmkdir -p ~/.config/systemd/user/openclaw-gateway.service.d\ncat > ~/.config/systemd/user/openclaw-gateway.service.d/override.conf << 'EOF'\n[Service]\nEnvironmentFile=%h/.config/openclaw/env\nEOF\n\nsystemctl --user daemon-reload\nsystemctl --user restart openclaw-gateway\n\n3) Tool allowlist (if configured)\n\nIn ~/.openclaw/openclaw.json, add:\n\n\"tools\": {\n \"alsoAllow\": [\"vault_fill\", \"vault_suggest\"]\n}\n\nTools\nvault_suggest — list 1Password items (to find available credentials)\nvault_fill — fill DOM fields with secrets (agent provides refs, plugin types secrets)\nvault_fill API\nvault_fill({\n item_title: \"X\", // 1Password item title\n fields: {\n username: { ref: \"e3\" }, // field type → DOM ref\n password: { ref: \"e5\" },\n otp: { ref: \"e7\" } // optional\n },\n retry_mode: \"simple\", // \"simple\" | \"next_candidate\" | \"reset\"\n targetId: \"...\" // from browser snapshot\n})\n\n// Returns:\n{\n ok: true,\n filled: [\"username\", \"password\"],\n item_title: \"X\",\n has_more_candidates: false\n}\n\nField types\nusername → 1Password \"username\" field\npassword → 1Password \"password\" field\nemail → 1Password \"email\" field (falls back to username)\notp → 1Password TOTP (fresh code)\nRetry modes\nsimple — same credentials, same refs (use after dismissing a blocker)\nnext_candidate — try next matching 1Password item (wrong credentials)\nreset — clear retry state and start fresh\nTiming note\n\nAlways wait ~1 second after vault_fill before clicking submit.\n\nThe plugin uses async CLI calls which take a moment to complete typing.\n\nvault_fill(...) // returns immediately\nwait 1000ms // let typing complete\nclick submit\n\nLogin workflow (agent-driven)\n1. Navigate to login page\n2. Loop until logged in or max retries:\n a. snapshot → identify page state\n b. If obstacle (cookie banner, popup, passkey error):\n - Dismiss it\n - Continue loop\n c. If credential field found:\n - Build field mapping from snapshot refs\n - Call vault_fill with mapping\n - Click submit button\n - Continue loop\n d. If logged in:\n - Done!\n e. If error:\n - Decide: retry_mode=\"simple\" or \"next_candidate\"\n - Continue loop\n\nX.com example\nAgent: navigate to x.com/i/flow/login\nAgent: snapshot\n → textbox \"Phone, email, or username\" [ref=e3]\n → button \"Next\" [ref=e4]\nAgent: vault_fill({ item_title: \"X\", fields: { username: { ref: \"e3\" } }, targetId })\nAgent: click e4 (Next button)\nAgent: wait, snapshot\n → button \"Next\" [ref=e1] (passkey error dialog)\nAgent: click e1 (dismiss)\nAgent: wait, snapshot\n → textbox \"Password\" [ref=e3]\n → button \"Log in\" [ref=e6]\nAgent: vault_fill({ item_title: \"X\", fields: { password: { ref: \"e3\" } }, targetId })\nAgent: click e6 (Log in)\nAgent: wait, snapshot\n → textbox \"Enter code\" [ref=e4]\n → button \"Next\" [ref=e7]\nAgent: vault_fill({ item_title: \"X\", fields: { otp: { ref: \"e4\" } }, targetId })\nAgent: click e7 (Next)\nAgent: wait, snapshot → home feed visible → Done!\n\nMFA handling\nTOTP: use vault_fill(otp)\nSMS/Email: ask user for the code; type it; click Next\nPush: tell user to approve; wait; continue\nExecutables / bin placement\n\nThis skill is documentation for plugin tools; it does not ship a standalone executable. Helper scripts (like onboarding) live inside the skill folder under scripts/." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/moodykong/secure-autofill", "publisherUrl": "https://clawhub.ai/moodykong/secure-autofill", "owner": "moodykong", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/secure-autofill", "downloadUrl": "https://openagent3.xyz/downloads/secure-autofill", "agentUrl": "https://openagent3.xyz/skills/secure-autofill/agent", "manifestUrl": "https://openagent3.xyz/skills/secure-autofill/agent.json", "briefUrl": "https://openagent3.xyz/skills/secure-autofill/agent.md" } }