bagman

Solid

Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, and prompt injection defense.

AI & Automation 3,964 stars 1088 forks Updated 1 months ago MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%

100

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Bagman Secure key management patterns for AI agents handling private keys and secrets. Designed to prevent: - **Key loss**: Agents forgetting keys between sessions - **Accidental exposure**: Keys leaked to GitHub, logs, or outputs - **Prompt injection**: Malicious prompts extracting secrets ## Core Principles 1. **Never store raw private keys in config, env vars, or memory files** 2. **Use session keys / delegated access instead of full control** 3. **All secret access goes through 1Password CLI (`op`)** 4. **Validate all outputs before sending to prevent key leakage** ## References - `references/secure-storage.md` - 1Password patterns for agent secrets - `references/session-keys.md` - ERC-4337 delegated access patterns - `references/leak-prevention.md` - Pre-commit hooks and output sanitization - `references/prompt-injection-defense.md` - Input validation and output filtering --- ## Quick Reference ### DO ✅ ```bash # Retrieve key at runtime via 1Password PRIVATE_KEY=$(op read "op://Agents/my-agent-wallet/private-key") # Use environment injection (key never touches disk) op run --env-file=.env.tpl -- node agent.js # Use session keys with bounded permissions # (delegate specific capabilities, not full wallet access) ``` ### DON'T ❌ ```bash # NEVER store keys in files echo "PRIVATE_KEY=0x123..." > .env # NEVER log or print keys console.log("Key:", privateKey) # NEVER store keys in memory/journal files # Even in "private" agent memory - these can be exfiltrated ...

Details

Author: openclaw
Repository: openclaw/skills
Created: 4 months ago
Last Updated: 1 months ago
Language: Python
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Listed

pitfalls-security

Security patterns for session keys, caching, logging, and environment variables. Use when implementing authentication, caching sensitive data, or setting up logging. Triggers on: session key, private key, cache, logging, secrets, environment variable.

335 Updated today

aiskillstore

AI & Automation Listed

1password

Install and use 1Password CLI (`op`) to sign in, inspect vault items, read secrets safely, and inject secrets into commands.

109 Updated today

HybridAIOne

AI & Automation Solid

llm-trading-agent-security

Security patterns for autonomous trading agents with wallet or transaction authority. Covers prompt injection, spend limits, pre-send simulation, circuit breakers, MEV protection, and key handling.

201,447 Updated yesterday

affaan-m

Data & Documents Listed

1password-developer

Work with 1Password developer features including SSH key management, the SSH agent, 1Password Environments for secrets injection, and the op CLI. Use this skill whenever the user mentions 1Password, op CLI, 1Password SSH agent, 1Password Environments, secret references, op run, op inject, or wants to manage SSH keys through 1Password, secure .env files with 1Password, or inject secrets at runtime. Also trigger when the user wants to stop storing plaintext secrets on disk or asks about securing developer credentials.

11 Updated today

danchamorro

AI & Automation Listed

security-secrets

Mandatory secret-handling policy skill. Use on every task involving credentials, API tokens, passwords, or other secrets and rely only on `request_secure_field` plus `credentials.*` tools.

3 Updated 3 days ago

afkbot-io