Skip to main content

openclaw-credential-encryption

Encrypts OpenClaw runtime credentials using macOS Keychain and FileVault for enhanced security and protection against plaintext storage.

Install this skill

or
0/100

Security score

The openclaw-credential-encryption skill was audited on Mar 8, 2026 and we found 63 security issues across 2 threat categories, including 6 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Access to hidden dotfiles in home directory

SourceSKILL.md
3description: Encrypt OpenClaw runtime credentials with macOS Keychain integration, FileVault enforcement, and comprehensive protection for ~/.clawdbot/ directory and OAuth materials.
low line 38

Access to hidden dotfiles in home directory

SourceSKILL.md
38echo "DISCORD_TOKEN=abc123" > ~/.env
low line 39

Access to hidden dotfiles in home directory

SourceSKILL.md
39echo "API_KEY=sk-proj-xyz" >> ~/.env
low line 47

Access to hidden dotfiles in home directory

SourceSKILL.md
47# Secure ~/.clawdbot/ directory
low line 48

Access to hidden dotfiles in home directory

SourceSKILL.md
48chmod 700 ~/.clawdbot/
low line 49

Access to hidden dotfiles in home directory

SourceSKILL.md
49chmod 600 ~/.clawdbot/credentials/*
low line 50

Access to hidden dotfiles in home directory

SourceSKILL.md
50chmod 600 ~/.clawdbot/sessions/*
low line 51

Access to hidden dotfiles in home directory

SourceSKILL.md
51chmod 600 ~/.clawdbot/oauth.json
low line 54

Access to hidden dotfiles in home directory

SourceSKILL.md
54chflags schg ~/.clawdbot/credentials/
low line 95

Access to hidden dotfiles in home directory

SourceSKILL.md
95# Scan ~/.clawdbot/ directory
low line 96

Access to hidden dotfiles in home directory

SourceSKILL.md
96if [ -d ~/.clawdbot ]; then
low line 97

Access to hidden dotfiles in home directory

SourceSKILL.md
97echo "📁 ~/.clawdbot/ directory found:"
low line 98

Access to hidden dotfiles in home directory

SourceSKILL.md
98find ~/.clawdbot/ -type f -exec ls -la {} \; 2>/dev/null
low line 102

Access to hidden dotfiles in home directory

SourceSKILL.md
102grep -r "api[_-]?key\|password\|secret\|token" ~/.clawdbot/ 2>/dev/null || echo "✅ No plaintext secrets found"
low line 104

Access to hidden dotfiles in home directory

SourceSKILL.md
104echo "✅ ~/.clawdbot/ directory not found"
low line 139

Access to hidden dotfiles in home directory

SourceSKILL.md
139if [ -d ~/.clawdbot/credentials ]; then
low line 140

Access to hidden dotfiles in home directory

SourceSKILL.md
140cp -r ~/.clawdbot/credentials ~/.clawdbot/credentials.backup.$(date +%Y%m%d)
low line 145

Access to hidden dotfiles in home directory

SourceSKILL.md
145if [ -f ~/.clawdbot/credentials/discord ]; then
low line 146

Access to hidden dotfiles in home directory

SourceSKILL.md
146DISCORD_TOKEN=$(cat ~/.clawdbot/credentials/discord)
low line 148

Access to hidden dotfiles in home directory

SourceSKILL.md
148rm ~/.clawdbot/credentials/discord
low line 153

Access to hidden dotfiles in home directory

SourceSKILL.md
153if [ -f ~/.env ]; then
low line 154

Access to hidden dotfiles in home directory

SourceSKILL.md
154grep "ANTHROPIC_API_KEY" ~/.env && {
low line 155

Access to hidden dotfiles in home directory

SourceSKILL.md
155API_KEY=$(grep "ANTHROPIC_API_KEY" ~/.env | cut -d'=' -f2)
low line 157

Access to hidden dotfiles in home directory

SourceSKILL.md
157sed -i '' '/ANTHROPIC_API_KEY/d' ~/.env
low line 260

Access to hidden dotfiles in home directory

SourceSKILL.md
260if grep -r "api[_-]?key\|password\|secret\|token" ~/.clawdbot/ 2>/dev/null; then
low line 38

Access to .env file

SourceSKILL.md
38echo "DISCORD_TOKEN=abc123" > ~/.env
low line 39

Access to .env file

SourceSKILL.md
39echo "API_KEY=sk-proj-xyz" >> ~/.env
low line 115

Access to .env file

SourceSKILL.md
115find ~ -name ".env*" -exec grep -l "claw\|openclaw" {} \; 2>/dev/null || echo "✅ No OpenClaw env files found"
low line 153

Access to .env file

SourceSKILL.md
153if [ -f ~/.env ]; then
low line 154

Access to .env file

SourceSKILL.md
154grep "ANTHROPIC_API_KEY" ~/.env && {
low line 155

Access to .env file

SourceSKILL.md
155API_KEY=$(grep "ANTHROPIC_API_KEY" ~/.env | cut -d'=' -f2)
low line 157

Access to .env file

SourceSKILL.md
157sed -i '' '/ANTHROPIC_API_KEY/d' ~/.env
low line 198

Access to .env file

SourceSKILL.md
198# .env.template for OpenClaw
low line 199

Access to .env file

SourceSKILL.md
199# Copy to .env.local and fill with Keychain references
high line 3

Access to system keychain/keyring

SourceSKILL.md
3description: Encrypt OpenClaw runtime credentials with macOS Keychain integration, FileVault enforcement, and comprehensive protection for ~/.clawdbot/ directory and OAuth materials.
high line 20

Access to system keychain/keyring

SourceSKILL.md
20### 1. macOS Keychain Integration
medium line 25

Access to system keychain/keyring

SourceSKILL.md
25# Store credentials in macOS Keychain
high line 79

Access to system keychain/keyring

SourceSKILL.md
79#### Keychain Alternative for OAuth
medium line 82

Access to system keychain/keyring

SourceSKILL.md
82# Store OAuth tokens in Keychain
high line 118

Access to system keychain/keyring

SourceSKILL.md
118### Keychain Verification
medium line 121

Access to system keychain/keyring

SourceSKILL.md
121# Verify Keychain credentials
medium line 122

Access to system keychain/keyring

SourceSKILL.md
122echo "=== Keychain Credential Verification ==="
medium line 123

Access to system keychain/keyring

SourceSKILL.md
123security find-generic-password -a "openclaw" -s "discord_token" -g 2>/dev/null && echo "✅ Discord token in Keychain" || echo "❌ Discord token not in Keychain"
medium line 124

Access to system keychain/keyring

SourceSKILL.md
124security find-generic-password -a "openclaw" -s "anthropic_api_key" -g 2>/dev/null && echo "✅ Anthropic API key in Keychain" || echo "❌ Anthropic API key not in Keychain"
medium line 125

Access to system keychain/keyring

SourceSKILL.md
125security find-generic-password -a "openclaw" -s "twilio_auth_token" -g 2>/dev/null && echo "✅ Twilio token in Keychain" || echo "❌ Twilio token not in Keychain"
high line 130

Access to system keychain/keyring

SourceSKILL.md
130### Migrate to Keychain
medium line 134

Access to system keychain/keyring

SourceSKILL.md
134# migrate-credentials-to-keychain.sh
medium line 136

Access to system keychain/keyring

SourceSKILL.md
136echo "🔐 Migrating OpenClaw credentials to macOS Keychain..."
medium line 149

Access to system keychain/keyring

SourceSKILL.md
149echo "✅ Migrated Discord token to Keychain"
medium line 158

Access to system keychain/keyring

SourceSKILL.md
158echo "✅ Migrated Anthropic API key to Keychain"
medium line 189

Access to system keychain/keyring

SourceSKILL.md
189# Configure OpenClaw to use Keychain
medium line 190

Access to system keychain/keyring

SourceSKILL.md
190openclaw config set security.credential_storage="keychain"
medium line 199

Access to system keychain/keyring

SourceSKILL.md
199# Copy to .env.local and fill with Keychain references
medium line 201

Access to system keychain/keyring

SourceSKILL.md
201# Discord (stored in Keychain)
medium line 202

Access to system keychain/keyring

SourceSKILL.md
202# DISCORD_TOKEN=keychain://openclaw/discord_token
medium line 204

Access to system keychain/keyring

SourceSKILL.md
204# Anthropic API (stored in Keychain)
medium line 205

Access to system keychain/keyring

SourceSKILL.md
205# ANTHROPIC_API_KEY=keychain://openclaw/anthropic_api_key
medium line 207

Access to system keychain/keyring

SourceSKILL.md
207# Twilio (stored in Keychain)
medium line 208

Access to system keychain/keyring

SourceSKILL.md
208# TWILIO_AUTH_TOKEN=keychain://openclaw/twilio_auth_token
medium line 209

Access to system keychain/keyring

SourceSKILL.md
209# TWILIO_ACCOUNT_SID=keychain://openclaw/twilio_account_sid
high line 216

Access to system keychain/keyring

SourceSKILL.md
216- Store credentials in macOS Keychain
medium line 240

Access to system keychain/keyring

SourceSKILL.md
240# Monitor Keychain access
medium line 241

Access to system keychain/keyring

SourceSKILL.md
241log stream --predicate 'subsystem == "com.apple.security"' | grep keychain
Scanned on Mar 8, 2026
View Security Dashboard

Install this skill with one command

/learn @hummbl-dev/openclaw-credential-encryption
GitHub Stars 2
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawdevops-sresecurity-engineerdevelopment
hummbl-dev/hummbl-agent