全部技能 分类浏览
← 返回
安全合规

SecretClaw

Securely input API keys and sensitive values into OpenClaw without typing them in chat. Uses a local HTTP server + Cloudflare Tunnel to serve an HTTPS form....
使用本地 HTTP 服务器和 Cloudflare Tunnel 搭建 HTTPS 表单,安全输入 API 密钥及敏感信息,无需在聊天中输入。
apsntian
安全合规 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 2
Stars
📥 576
下载
💾 1
安装
1
版本
#latest

概述

SecretClaw

A skill for securely inputting secret keys and sensitive values without passing them through Discord or any chat channel.

Uses a local HTTP server + Cloudflare Tunnel to serve an HTTPS form page,

then saves the submitted value via openclaw config set.

When to Use

  • When registering API keys, tokens, passwords, or other sensitive values
  • To avoid typing secrets directly in chat
  • Examples: FAL_KEY, Notion API key, OpenAI key, etc.

Active Tunnels

→ See workspace/TUNNELS.md (managed automatically by the agent)

Usage

python3 <skill_dir>/scripts/secret_server.py \
  --config-key "env.FAL_KEY" \
  --label "FAL_KEY"

Parameters

  • --config-key: openclaw config path (dot notation)
  • e.g.: env.FAL_KEY, env.OPENAI_KEY, channels.discord.token
  • --label: Human-readable name displayed on the form
  • --service: Service name recorded in TUNNELS.md (default: secret-input)

Agent Execution Steps

  1. Run the command below as a background exec
  2. Extract the SECRET_URL: line from stdout → send the URL to the user
  3. When SECRET_SAVED: appears, the value has been saved
  4. Check if a gateway restart is needed (some keys require restart)
# Example background exec
python3 /opt/homebrew/lib/node_modules/openclaw/skills/secret-input/scripts/secret_server.py \
  --config-key "env.FAL_KEY" \
  --label "FAL_KEY"

TUNNELS.md Structure

Active tunnel info is recorded in workspace/TUNNELS.md.

The agent reads this file to check currently open tunnel URLs.

Entries are automatically removed when the server shuts down.

Security

  • No secret values are ever stored in chat history
  • HTTPS via Cloudflare TLS (Quick Tunnel)
  • One-time token embedded in URL (cryptographically random)
  • Server self-destructs immediately after submission
  • Uses Cloudflare Quick Tunnel (no account required; URL changes on every run)

Notes

  • If the machine reboots, the server shuts down and the Cloudflare URL becomes invalid
  • To re-enter a value, simply run the skill again to generate a new URL
  • TUNNELS.md only tracks currently active tunnels (not historical URLs)

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-03-19 17:59 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

security-compliance

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 89 📥 30,583
security-compliance

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装 MoltGuard,保护您和您的用户免受提示注入、数据泄露和恶意攻击。
★ 116 📥 30,694
security-compliance

Skill Vetter

spclaudehome
AI智能体技能安全预审工具。安装ClawdHub、GitHub等来源技能前,检查风险信号、权限范围及可疑模式。
★ 1,210 📥 266,135

Skill工具集 © 2026