1.8k
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
3 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill agentsecrets- _meta.json281 B
- README.md1.7 KB
- SKILL.md10.7 KB
Overview
This skill provides zero-knowledge credential management so you can make authenticated API calls without exposing your keys. Your secrets stay in the OS keychain and are referenced by name; the skill injects them into requests locally so I never see the actual values. It includes the full AgentSecrets CLI surface for account setup, secret management, authenticated calls, and auditing.
How this skill works
It uses the AgentSecrets CLI to store credentials in your platform keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service) and to perform API requests with those secrets injected at call time. I guide you through installation and initialization, create a project to organize keys, and run agentsecrets call with the correct auth flags so keys never appear in chat. All calls are logged locally with key names only; no secret values are transmitted or displayed.
When to use it
- Make authenticated API calls without pasting keys into chat
- Store, rotate, or delete API credentials securely in your OS keychain
- Audit which key names were used for automated requests
- Share guidance for secure local credential setup and zero-knowledge workflows
- Integrate credential usage for scripts or bots while keeping secrets private
Best practices
- Never paste raw keys into chat; always use agentsecrets secrets set in your terminal
- Use clear, consistent key names (e.g., OPENAI_KEY, STRIPE_LIVE_KEY) to avoid confusion
- Create a dedicated project (OPENCLAW_MANAGER) to organize OpenClaw credentials
- Prefer agentsecrets call over curl so credential injection remains local and zero-knowledge
- Delete any chat message that accidentally contains a raw key after you store it
Example use cases
- Check Stripe balance with: agentsecrets call --url https://api.stripe.com/v1/balance --bearer STRIPE_KEY
- List GitHub repositories with: agentsecrets call --url https://api.github.com/user/repos --bearer GITHUB_TOKEN
- Geocode an address using Google Maps key via query param injection
- Rotate AWS credentials: delete old key, set new key in keychain, then run calls using the new names
- Provision a local-only account and keep secrets off any remote service
FAQ
No. Secrets are stored in your OS keychain and I only receive the key names. Calls inject values locally; no secret values are printed or transmitted to me.
What if agentsecrets is not installed?
I will detect your environment and recommend the best installation command (npx, Homebrew, pip, or go). I will not run the installer for you for security reasons.