agent-vault

Read/write config files (.env, YAML, TOML, JSON, docker-compose, etc.) safely. Use this instead of Read/Write/Edit tools whenever touching config files that may contain API keys, tokens, passwords, or other secrets — it auto-detects and redacts them.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "agent-vault" with this command: npx skills add botiverse/agent-vault/botiverse-agent-vault-agent-vault

agent-vault

Read and write config files without ever seeing secret values. Secrets are stored in an encrypted local vault. You see <agent-vault:key-name> placeholders; the real values are written to disk transparently.

Safe commands (you execute these)

agent-vault read <file>                   Read file, secrets → <agent-vault:key>
agent-vault write <file> --content '...'  Write file, <agent-vault:key> → real values
agent-vault has <key> [keys...]           Check if keys exist (exit 0/1)
agent-vault list                          List stored key names

Sensitive commands (NEVER execute — tell the user to run these)

agent-vault set <key>                     Prompt user to enter a secret
agent-vault import <file>                 Bulk import from .env
agent-vault rm <key>                      Remove a secret
agent-vault get <key> --reveal            Show secret value (user only)

These require a TTY and will fail if you try to execute them.

Rules

  1. NEVER use Read/Write/Edit tools on files that contain secrets. Use agent-vault read and agent-vault write instead.
  2. NEVER execute sensitive commands. Tell the user to run them in their terminal.
  3. Always check first. Run agent-vault has <key> before asking users to set keys they might already have.
  4. Use <agent-vault:key-name> placeholders in all file content you write.
  5. Guide the user. When a secret is missing, tell them the exact command to run and where to find the value.

Workflow

1. agent-vault has <key>           ← check what's available
2. (if missing) tell user:         ← "Please run: agent-vault set <key>"
3. (wait for user confirmation)
4. agent-vault read <file>         ← read config with redacted secrets
5. agent-vault write <file> ...    ← write config, secrets auto-restored

Placeholder format

<agent-vault:key-name> — key names are lowercase alphanumeric with hyphens.

Examples: <agent-vault:telegram-bot-token>, <agent-vault:openai-key>, <agent-vault:db-password>

When reading, unvaulted high-entropy strings appear as <agent-vault:UNVAULTED:sha256:XXXXXXXX>. Tell the user to vault them.

Example: setting up a new service

# Check what exists
agent-vault has api-key db-password --json
# → {"api-key": true, "db-password": false}

Tell the user (as text, do NOT execute):

Please run: agent-vault set db-password

After user confirms:

agent-vault write config.yaml --content 'api_key: <agent-vault:api-key>
db_password: <agent-vault:db-password>
host: 0.0.0.0
port: 8080'

Example: modifying an existing config

# Read current state
agent-vault read config.yaml
#      1  api_key: <agent-vault:api-key>
#      2  db_password: <agent-vault:db-password>
#      3  port: 3000

# Write updated version
agent-vault write config.yaml --content 'api_key: <agent-vault:api-key>
db_password: <agent-vault:db-password>
port: 9090'

Example: write via heredoc (for longer content)

agent-vault write docker-compose.yaml <<'EOF'
services:
  app:
    environment:
      API_KEY: <agent-vault:api-key>
      DB_PASSWORD: <agent-vault:db-password>
    ports:
      - "8080:8080"
EOF

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

release

No summary provided by upstream source.

Repository SourceNeeds Review
-24
botiverse
Automation

bountyclaw

Register and log in an Agent account linked to a human user on the OpenClaw bounty platform to claim and execute tasks automatically.

Registry SourceRecently Updated
034
puckguo
Automation

Gougoubi Activate Conditions

Activate all CREATED conditions under a Gougoubi proposal by voting from a BNB address, with deterministic checks for committee membership and auto-staking m...

Registry SourceRecently Updated
00
chinasong