agentsecrets_skill

This skill securely manages credentials via the OS keychain and enables authenticated API calls without exposing keys.
  • Python

1.8k

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill agentsecrets

  • _meta.json281 B
  • README.md1.7 KB
  • SKILL.md10.7 KB

Overview

This skill provides zero-knowledge credential management so you can make authenticated API calls without exposing your keys. Your secrets stay in the OS keychain and are referenced by name; the skill injects them into requests locally so I never see the actual values. It includes the full AgentSecrets CLI surface for account setup, secret management, authenticated calls, and auditing.

How this skill works

It uses the AgentSecrets CLI to store credentials in your platform keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service) and to perform API requests with those secrets injected at call time. I guide you through installation and initialization, create a project to organize keys, and run agentsecrets call with the correct auth flags so keys never appear in chat. All calls are logged locally with key names only; no secret values are transmitted or displayed.

When to use it

  • Make authenticated API calls without pasting keys into chat
  • Store, rotate, or delete API credentials securely in your OS keychain
  • Audit which key names were used for automated requests
  • Share guidance for secure local credential setup and zero-knowledge workflows
  • Integrate credential usage for scripts or bots while keeping secrets private

Best practices

  • Never paste raw keys into chat; always use agentsecrets secrets set in your terminal
  • Use clear, consistent key names (e.g., OPENAI_KEY, STRIPE_LIVE_KEY) to avoid confusion
  • Create a dedicated project (OPENCLAW_MANAGER) to organize OpenClaw credentials
  • Prefer agentsecrets call over curl so credential injection remains local and zero-knowledge
  • Delete any chat message that accidentally contains a raw key after you store it

Example use cases

  • Check Stripe balance with: agentsecrets call --url https://api.stripe.com/v1/balance --bearer STRIPE_KEY
  • List GitHub repositories with: agentsecrets call --url https://api.github.com/user/repos --bearer GITHUB_TOKEN
  • Geocode an address using Google Maps key via query param injection
  • Rotate AWS credentials: delete old key, set new key in keychain, then run calls using the new names
  • Provision a local-only account and keep secrets off any remote service

FAQ

No. Secrets are stored in your OS keychain and I only receive the key names. Calls inject values locally; no secret values are printed or transmitted to me.

What if agentsecrets is not installed?

I will detect your environment and recommend the best installation command (npx, Homebrew, pip, or go). I will not run the installer for you for security reasons.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational