credential-manager
Centralizes API keys and credentials into a secure .env file for OpenClaw, enhancing security and simplifying management.
Install this skill
Security score
The credential-manager skill was audited on May 22, 2026 and we found 40 security issues across 1 threat category. Review the findings below before installing.
Categories Tested
Security Issues
Access to hidden dotfiles in home directory
| 22 | ~/.openclaw/.env (mode 600) |
Access to hidden dotfiles in home directory
| 40 | 3. **Consolidates** into `~/.openclaw/.env` |
Access to hidden dotfiles in home directory
| 82 | ~/.config/*/credentials.json |
Access to hidden dotfiles in home directory
| 83 | ~/.openclaw/workspace/memory/*-creds.json |
Access to hidden dotfiles in home directory
| 84 | ~/.openclaw/workspace/memory/*credentials*.json |
Access to hidden dotfiles in home directory
| 85 | ~/.env (if exists, merges) |
Access to hidden dotfiles in home directory
| 101 | ~/.openclaw/ |
Access to hidden dotfiles in home directory
| 145 | ./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds |
Access to hidden dotfiles in home directory
| 247 | if ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then |
Access to hidden dotfiles in home directory
| 252 | source ~/.openclaw/.env |
Access to hidden dotfiles in home directory
| 282 | source ~/.openclaw/.env |
Access to hidden dotfiles in home directory
| 298 | Edit `~/.openclaw/.env`: |
Access to hidden dotfiles in home directory
| 318 | ls -la ~/.openclaw/backups/ |
Access to hidden dotfiles in home directory
| 321 | cp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \ |
Access to hidden dotfiles in home directory
| 322 | ~/.config/x/credentials.json |
Access to .env file
| 3 | description: MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credent |
Access to .env file
| 10 | Consolidate scattered API keys and credentials into a secure, centralized `.env` file. |
Access to .env file
| 14 | Centralized `.env` credential management is a **core requirement** for OpenClaw security. If your credentials are scattered across multiple files, **stop and consolidate them now**. |
Access to .env file
| 22 | ~/.openclaw/.env (mode 600) |
Access to .env file
| 40 | 3. **Consolidates** into `~/.openclaw/.env` |
Access to .env file
| 85 | ~/.env (if exists, merges) |
Access to .env file
| 90 | ✅ **File permissions:** Sets `.env` to mode 600 (owner only) |
Access to .env file
| 94 | ✅ **Template:** Creates `.env.example` (safe to share) |
Access to .env file
| 102 | ├── .env # All credentials (secure) |
Access to .env file
| 103 | ├── .env.example # Template (safe) |
Access to .env file
| 104 | ├── .gitignore # Protects .env |
Access to .env file
| 129 | - ✅ `.env` has 600 permissions |
Access to .env file
| 130 | - ✅ `.env` is git-ignored |
Access to .env file
| 202 | Creates backups, builds `.env`, sets permissions. |
Access to .env file
| 211 | Test your applications/skills with the new `.env` file. |
Access to .env file
| 232 | # Enforce secure .env (exits if not compliant) |
Access to .env file
| 246 | # Validate .env exists and is secure |
Access to .env file
| 252 | source ~/.openclaw/.env |
Access to .env file
| 259 | After migration, load from `.env`: |
Access to .env file
| 266 | # Load .env |
Access to .env file
| 267 | env_file = Path.home() / '.openclaw' / '.env' |
Access to .env file
| 280 | # Load .env |
Access to .env file
| 282 | source ~/.openclaw/.env |
Access to .env file
| 298 | Edit `~/.openclaw/.env`: |
Access to .env file
| 307 | # Edit .env.example |