首页龙虾技能列表 › Locker Vault — 技能工具

Locker Vault — 技能工具

v1.0.0

Secure credential and secrets management for OpenClaw agents using Locker Secrets Manager. Provides read-only and read-write vault access with in-memory cach...

0· 41·0 当前·0 累计
by @moskoweb (Alan Mosko)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/9
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The skill appears to implement a legitimate vault client, but the registry metadata, instructions, and install guidance are inconsistent or risky (missing declared credentials, encourages remote install via curl|bash, and includes patterns that can leak secrets), so review before installing.
评估建议
This skill implements a plausible Locker vault client, but there are several warning signs you should address before installing: (1) The registry metadata does not declare the Locker credentials (LOCKER_ACCESS_KEY_ID / LOCKER_SECRET_ACCESS_KEY) yet the skill requires them — ask the publisher to declare required env vars. (2) The docs recommend installing the Locker CLI by piping a remote install script (curl | bash). Avoid running that without auditing the script; prefer vetted packages or verif...
详细分析 ▾
用途与能力
The skill's purpose (Locker secrets management) matches the included vault-client.js and documentation, but the registry metadata declares no required environment variables or primary credential even though the SKILL.md and CLI reference clearly require LOCKER_ACCESS_KEY_ID and LOCKER_SECRET_ACCESS_KEY (or interactive login) for the Locker CLI. That mismatch is unexpected and reduces transparency about what will be needed to operate the skill.
指令范围
SKILL.md and references instruct agents to read/write config files, resolve vault:// references, and run the Locker CLI. Some documented patterns explicitly show exporting secrets into process environments or writing all secrets to a .env file (e.g., `locker secret list > .env`, `locker secret set && node app.js`, crontab examples piping secrets into curl). Those examples contradict core principles stated elsewhere (no .env, no raw secret output) and increase the risk of accidental secret exposure if followed without caution.
安装机制
The registry has no install spec, but SKILL.md and references instruct installing the Locker CLI using a remote script: `curl -fsSL https://locker.io/secrets/install.sh | bash`. Asking users/agents to run an arbitrary remote install script is higher risk and should be reviewed. The skill relies on an external binary (locker) that is not managed by the skill bundle, so the installation step is out-of-band and potentially dangerous if the URL or script is compromised.
凭证需求
The skill will require access to Locker credentials (LOCKER_ACCESS_KEY_ID and LOCKER_SECRET_ACCESS_KEY) to function, but those env vars are not declared in the skill metadata. The vault-client also executes subprocesses that inherit process.env, and the documentation includes patterns that expose secrets into spawned processes' environments. Requiring powerful credentials is proportionate to a vault client, but failing to declare them and providing patterns that export secrets increases the chance of accidental credential exposure.
持久化与权限
The skill is not marked always:true and does not request elevated platform-wide persistence. Autonomous invocation (disable-model-invocation: false) is the default and not a standalone concern here. The skill does not appear to modify other skills or system-wide agent settings.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/9

locker-vault v1.0.0 - Introduces secure credential and secrets management for OpenClaw agents via Locker Secrets Manager. - Provides both read-only and read-write vault access with fine-grained permission boundaries. - Implements in-memory caching layer with configurable TTL to reduce vault API/CLI calls and latency. - Enforces the use of vault references (`vault://SECRET_KEY_NAME`) instead of exposing raw values. - Ensures credential values are never leaked — secrets are masked in all outputs and logs. - Designed for easy setup and integration by wrapping the Locker CLI and requiring no external Node.js dependencies.

● 无害

安装命令 点击复制

官方npx clawhub@latest install locker-vault
镜像加速npx clawhub@latest install locker-vault --registry https://cn.clawhub-mirror.com

技能文档

Why This Skill Exists

Agents that handle credentials face three risks: leaking secrets in logs/files, making redundant API calls that slow down processing, and losing access when credentials rotate. This skill eliminates all three by establishing a single pattern: every credential lives in Locker's vault, is accessed through a cached client, and is referenced by ID — never by value.

The cache layer is particularly important. Without it, every time an agent needs a credential during a conversation (which can happen dozens of times in a single session), it would make a round-trip CLI call to Locker. The cache holds decrypted values in-memory for a configurable TTL, dramatically reducing latency and API load while still respecting rotation schedules.

Core Principles

These aren't arbitrary rules — they protect the business and the customer:

  • Vault is the single source of truth. Credentials are created, read, updated, and deleted exclusively through Locker. No .env files, no hardcoded values, no environment variables with raw secrets.
  • References, not values. When an agent creates a config file, cron job, script, or integration, it stores vault://SECRET_KEY_NAME (the vault reference) — never the actual token/password. At runtime, the vault-client resolves the reference.
  • Cache before call. The vault-client maintains an in-memory cache with configurable TTL. Repeated reads for the same secret within the TTL window return instantly from cache — no CLI subprocess, no network call, no latency.
  • Permission boundaries are real. A read-only agent cannot create, update, or delete secrets. Period. The agent's mode is set in its configuration, and the vault-client enforces it before any CLI call is made.
  • Secrets never appear in output. When logging, responding to users, or writing files, mask credential values. Show vault://DB_PASSWORD or **, never the actual value.

Permission Levels

Read-Only (VAULT_MODE=ro)

For agents that consume credentials but should never manage them — SDR agents, customer-facing bots, monitoring agents.

Allowed operations:

  • get(key) — Retrieve a secret value (cached)
  • list() — List available secret keys (cached)
  • exists(key) — Check if a secret exists

Blocked operations (will throw error):

  • create(), update(), delete() — All write operations

Read-Write (VAULT_MODE=rw)

For agents that manage infrastructure, rotate credentials, or onboard new integrations — DevOps agents, admin agents, integration agents.

Allowed operations:

  • Everything from read-only, plus:
  • create(key, value) — Store a new secret
  • createRandom(key) — Generate and store a random secret
  • update(key, value) — Update an existing secret
  • delete(key) — Remove a secret (use with caution)

Architecture

Agent Code
    │
    ▼
┌─────────────────────────────┐
│   vault-client.js           │
│   ┌───────────────────┐     │
│   │  In-Memory Cache  │     │  TTL-based, per-key expiry
│   │  Map         │     │  Configurable per agent
│   └───────┬───────────┘     │
│           │ cache miss      │
│           ▼                 │
│   ┌───────────────────┐     │
│   │  Permission Gate  │     │  Checks VAULT_MODE before
│   │  ro / rw          │     │  allowing write operations
│   └───────┬───────────┘     │
│           │                 │
│           ▼                 │
│   ┌───────────────────┐     │
│   │  CLI Executor     │     │  Spawns: locker secret 
│   │  (child_process)  │     │  Parses stdout, handles errors
│   └───────────────────┘     │
└─────────────────────────────┘
    │
    ▼
Locker CLI → Locker Cloud API (E2E encrypted)

Cache Behavior

The cache is designed to balance freshness with performance:

  • On get(key): Check cache first. If key exists and hasn't expired, return cached value immediately (zero latency). If expired or missing, call CLI, store result with new TTL, return value.
  • On create/update(key, value): Execute CLI write, then update cache with new value and fresh TTL. This means subsequent reads see the new value instantly.
  • On delete(key): Execute CLI delete, then evict key from cache.
  • On list(): Cached separately with its own TTL (default: 60s, shorter because the list changes more frequently).
  • Cache clear: clearCache() evicts everything — useful after bulk operations or credential rotation.
  • TTL override per-key: get(key, { ttl: 600 }) can override the default TTL for secrets that rarely change (like database hosts).

Why CLI Over SDK

The Locker Node.js SDK package isn't reliably published on npm. The CLI (locker) is stable, well-documented, works in any environment where it's installed, and OpenClaw agents have shell access. The vault-client.js wrapper provides the ergonomic API that a native SDK would, with the added benefit of the cache layer.

Setup

1. Install Locker CLI on the Agent Host

# Download and install (check locker.io/secrets/download for latest)
curl -fsSL https://locker.io/secrets/install.sh | bash
# Verify installation
locker --version

2. Authenticate the CLI

# Login with access key (non-interactive, suitable for servers)
export LOCKER_ACCESS_KEY_ID="your-access-key-id"
export LOCKER_SECRET_ACCESS_KEY="your-secret-access-key"
# Verify access
locker secret list

The access key pair is created in the Locker dashboard under your project settings. Create separate access keys for read-only and read-write agents — this provides an additional security layer beyond the vault-client's permission gate.

3. Place vault-client.js in Agent Workspace

Copy scripts/vault-client.js into the agent's workspace. The script has zero npm dependencies — it uses only Node.js built-in modules (child_process, util).

4. Configure the Agent

In the agent's configuration (OpenClaw config.json or SOUL.md environment block):

{
  "vault": {
    "mode": "ro",
    "cacheTTL": 300,
    "listCacheTTL": 60,
    "cliPath": "locker",
    "accessKeyId": "vault://LOCKER_ACCESS_KEY_ID",
    "secretAccessKey": "vault://LOCKER_SECRET_ACCESS_KEY"
  }
}

For the bootstrap case (the vault client needs credentials to access the vault), the access key pair is the ONE exception where environment variables are acceptable — set LOCKER_ACCESS_KEY_ID and LOCKER_SECRET_ACCESS_KEY as env vars on the host. Everything else goes through the vault.

Usage Patterns

Reading a Secret (Any Agent)

const vault = require('./vault-client');
// Initialize (once per session)
await vault.init({ mode: 'ro', cacheTTL: 300 });
// Get a secret — returns from cache if available
const apiKey = await vault.get('OPENAI_API_KEY');
// Check existence without retrieving value
const hasKey = await vault.exists('SLACK_WEBHOOK');
// List all available keys
const keys = await vault.list();

Creating/Updating Secrets (Read-Write Agents Only)

await vault.init({ mode: 'rw', cacheTTL: 300 });
// Store a new credential
await vault.create('NEW_API_KEY', 'sk-abc123...');
// Generate a random secret (great for tokens, passwords)
await vault.createRandom('SESSION_SECRET');
// Update existing
await vault.update('DB_PASSWORD', 'new-password-here');
// Delete (requires rw mode)
await vault.delete('OLD_TOKEN');

Vault References in Configs

When an agent creates a config file, cron job, or integration config, it must use vault references:

// CORRECT — Store vault reference, resolve at runtime
const cronConfig = {
  schedule: '0 /6   *',
  task: 'sync_crm',
  credentials: {
    crm_token: 'vault://RD_CRM_API_TOKEN',
    webhook_url: 'vault://SLACK_WEBHOOK_SALES'
  }
};
// WRONG — Never store actual values
const cronConfig = {
  credentials: {
    crm_token: 'Bearer eyJhbGci...',  // ← NEVER DO THIS
  }
};

Resolving Vault References at Runtime

const { resolveVaultRefs } = require('./vault-client');
// Takes any object and resolves all vault:// references
const config = await resolveVaultRefs({
  apiUrl: 'https://api.example.com',         // Not a ref, passed through
  token: 'vault://EXAMPLE_API_TOKEN',         // Resolved from vault
  dbPassword: 'vault://DB_PASSWORD_PROD',     // Resolved from vault
});
// config.token now contains the actual value, config.apiUrl unchanged

Cache Management

// Force refresh a specific key (bypasses cache)
const fresh = await vault.get('API_KEY', { skipCache: true });
// Clear entire cache (after bulk rotation)
vault.clearCache();
// Set per-key TTL (database host rarely changes = longer cache)
const dbHost = await vault.get('DB_HOST', { ttl: 3600 }); // 1 hour
// Get cache stats (for debugging/monitoring)
const stats = vault.cacheStats();
// { size: 12, hits: 847, misses: 23, hitRate: '97.4%' }

Integration with OpenClaw

In SOUL.md / AGENTS.md

Add to the agent's bootstrap instructions:

## Credentials Policy
All credentials are managed through Locker Vault. Follow these rules without exception:
  • Use vault-client.js for ALL secret access
    • 

  • Never write credentials to files, logs, or chat responses
    • 

  • Store vault references (vault://KEY_NAME) in configs, never raw values
    • 

  • Cache is automatic — don't worry about repeated reads being slow
    • 

  • If you need a new credential stored, and you're read-only, ask the operator
    •

In OpenClaw Agent Config

{
  agents: [{
    id: "sdr-datatem",
    workspace: "/opt/agents/sdr-datatem",
    tools: {
      allow: ["read_file", "exec"],  // exec needed for CLI calls
      deny: ["write", "edit", "browser", "gateway"]
    },
    env: {
      VAULT_MODE: "ro",
      VAULT_CACHE_TTL: "300",
      LOCKER_ACCESS_KEY_ID: "ak_xxxx",      // Bootstrap exception
      LOCKER_SECRET_ACCESS_KEY: "sk_xxxx"    // Bootstrap exception
    }
  }]
}

In Cron Jobs / Scheduled Tasks

Agents creating scheduled tasks MUST use this pattern:

// The scheduled script reads from vault at execution time
const taskScript = 
const vault = require('./vault-client');
async function run() {
  await vault.init({ mode: 'ro' });
  const token = await vault.get('CRM_API_TOKEN');
  // Use token for the actual task...
  await syncCRM(token);
}
run().catch(console.error);
;
// Save the script — note: no credentials in the file
fs.writeFileSync('/opt/tasks/sync-crm.js', taskScript);

Error Handling

The vault-client provides clear error messages:

ErrorCauseAction
VAULT_PERMISSION_DENIEDWrite operation in ro modeCheck agent's VAULT_MODE setting
VAULT_KEY_NOT_FOUNDSecret doesn't exist in vaultVerify key name, check list()
VAULT_CLI_NOT_FOUNDlocker binary not in PATHInstall Locker CLI on host
VAULT_AUTH_FAILEDInvalid or expired access keysRotate access key pair in dashboard
VAULT_TIMEOUTCLI call took > 10sCheck network, Locker API status
VAULT_PARSE_ERRORUnexpected CLI outputCheck CLI version compatibility
All errors are non-fatal by default — the vault-client returns null on failure and logs the error. For critical secrets, use strict mode:

// Throws on error instead of returning null
const dbPass = await vault.get('DB_PASSWORD', { strict: true });

Security Checklist

Before deploying an agent with vault access, verify:

  • [ ] Agent's VAULT_MODE matches its actual needs (ro for most agents)
  • [ ] Locker access key has minimum required permissions
  • [ ] vault-client.js is in the workspace but not editable by end-users
  • [ ] Agent's tool deny-list blocks write and edit (for ro agents)
  • [ ] No credentials appear in SOUL.md, AGENTS.md, or any workspace file
  • [ ] Cron jobs and tasks use vault references, not raw values
  • [ ] Logs are configured to redact secret values
  • [ ] Cache TTL is appropriate for the credential rotation schedule

Anti-Patterns

Never Store Credentials Locally

// ❌ WRONG: Writing to .env
fs.writeFileSync('.env', API_KEY=${apiKey});
// ❌ WRONG: Hardcoding in config
const config = { token: 'sk-live-abc123' };
// ❌ WRONG: Logging the value
console.log(Using API key: ${apiKey});
// ✅ CORRECT: Use vault reference
const config = { token: 'vault://API_KEY' };
// ✅ CORRECT: Log the reference
console.log('Using API key: vault://API_KEY');

Never Cache to Disk

// ❌ WRONG: Persisting cache to file
fs.writeFileSync('cache.json', JSON.stringify(cache));
// ✅ CORRECT: Cache lives only in memory, dies with process
// (vault-client.js handles this automatically)

Never Expose in Responses

// ❌ WRONG: Including in chat/API response
return Your API key is ${apiKey};
// ✅ CORRECT: Confirm without revealing
return 'API key configured successfully (vault://API_KEY)';

File Reference

FilePurposeWhen to Read
scripts/vault-client.jsNode.js wrapper with cache, permission gate, CLI executorCopy to agent workspace during setup
references/cli-reference.mdComplete Locker CLI command referenceWhen you need exact CLI syntax
references/vault-patterns.mdCommon patterns for different use casesWhen implementing a new integration

Quick Decision Tree

Need a credential?
├─ Already in vault? → vault.get('KEY_NAME')
│   ├─ In cache? → Returns instantly (0ms)
│   └─ Not in cache? → CLI call (~200ms), caches result
├─ Not in vault yet?
│   ├─ Agent is rw? → vault.create('KEY_NAME', value)
│   └─ Agent is ro? → Ask operator to add it
└─ Creating a config/cron/task?
    └─ Always store 'vault://KEY_NAME', never the value

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务