SecretClaw
A skill for securely inputting secret keys and sensitive values without passing them through Discord or any chat channel.
Uses a local HTTP server + Cloudflare Tunnel to serve an HTTPS form page,
then saves the submitted value via openclaw config set.
When to Use
- - When registering API keys, tokens, passwords, or other sensitive values
- To avoid typing secrets directly in chat
- Examples: FAL_KEY, Notion API key, OpenAI key, etc.
Active Tunnels
→ See workspace/TUNNELS.md (managed automatically by the agent)
Usage
CODEBLOCK0
Parameters
- -
--config-key: openclaw config path (dot notation)
- e.g.:
env.FAL_KEY,
env.OPENAI_KEY,
channels.discord.token
- -
--label: Human-readable name displayed on the form - INLINECODE7�: Service name recorded in TUNNELS.md (default:
secret-input)
Agent Execution Steps
- 1. Run the command below as a background exec
- Extract the
SECRET_URL: line from stdout → send the URL to the user - When
SECRET_SAVED: appears, the value has been saved - Check if a gateway restart is needed (some keys require restart)
CODEBLOCK1
TUNNELS.md Structure
Active tunnel info is recorded in workspace/TUNNELS.md.
The agent reads this file to check currently open tunnel URLs.
Entries are automatically removed when the server shuts down.
Security
- - No secret values are ever stored in chat history
- HTTPS via Cloudflare TLS (Quick Tunnel)
- One-time token embedded in URL (cryptographically random)
- Server self-destructs immediately after submission
- Uses Cloudflare Quick Tunnel (no account required; URL changes on every run)
Notes
- - If the machine reboots, the server shuts down and the Cloudflare URL becomes invalid
- To re-enter a value, simply run the skill again to generate a new URL
- TUNNELS.md only tracks currently active tunnels (not historical URLs)
SecretClaw
一种用于安全输入密钥和敏感值的技能,无需通过Discord或任何聊天频道传递。
使用本地HTTP服务器 + Cloudflare隧道提供HTTPS表单页面,
然后通过openclaw config set保存提交的值。
使用场景
- - 注册API密钥、令牌、密码或其他敏感值时
- 避免直接在聊天中输入机密信息
- 示例:FAL_KEY、Notion API密钥、OpenAI密钥等
活跃隧道
→ 参见 workspace/TUNNELS.md(由代理自动管理)
使用方法
bash
python3 dir>/scripts/secretserver.py \
--config-key env.FAL_KEY \
--label FAL_KEY
参数
- - --config-key:openclaw配置路径(点号表示法)
- 例如:env.FAL
KEY、env.OPENAIKEY、channels.discord.token
- - --label:表单上显示的人类可读名称
- --service:记录在TUNNELS.md中的服务名称(默认值:secret-input)
代理执行步骤
- 1. 在后台执行以下命令
- 从标准输出中提取SECRETURL:行 → 将URL发送给用户
- 当出现SECRETSAVED:时,表示值已保存
- 检查是否需要重启网关(某些密钥需要重启)
python
后台执行示例
python3 /opt/homebrew/lib/node
modules/openclaw/skills/secret-input/scripts/secretserver.py \
--config-key env.FAL_KEY \
--label FAL_KEY
TUNNELS.md结构
活跃隧道信息记录在workspace/TUNNELS.md中。
代理读取此文件以检查当前开放的隧道URL。
当服务器关闭时,条目会自动移除。
安全性
- - 机密值永远不会存储在聊天记录中
- 通过Cloudflare TLS(快速隧道)实现HTTPS
- URL中嵌入一次性令牌(加密随机生成)
- 提交后服务器立即自毁
- 使用Cloudflare快速隧道(无需账户;每次运行时URL都会变化)
注意事项
- - 如果机器重启,服务器将关闭,Cloudflare URL将失效
- 如需重新输入值,只需再次运行该技能即可生成新URL
- TUNNELS.md仅跟踪当前活跃的隧道(不包含历史URL)
