Skip to main content

credential-manager

Centralizes API keys and credentials into a secure .env file for OpenClaw, enhancing security and simplifying management.

Install this skill

or
0/100

Security score

The credential-manager skill was audited on Feb 9, 2026 and we found 43 security issues across 1 threat category. Review the findings below before installing.

Categories Tested

Security Issues

medium line 16

Access to hidden dotfiles in home directory

SourceSKILL.md
16**THE RULE:** All credentials MUST be in `~/.openclaw/.env` ONLY. No workspace, no skills, no scripts directories.
low line 26

Access to hidden dotfiles in home directory

SourceSKILL.md
26~/.openclaw/.env (mode 600)
medium line 44

Access to hidden dotfiles in home directory

SourceSKILL.md
443. **Consolidates** into `~/.openclaw/.env`
low line 107

Access to hidden dotfiles in home directory

SourceSKILL.md
107~/.config/*/credentials.json
low line 108

Access to hidden dotfiles in home directory

SourceSKILL.md
108~/.openclaw/workspace/memory/*-creds.json
low line 109

Access to hidden dotfiles in home directory

SourceSKILL.md
109~/.openclaw/workspace/memory/*credentials*.json
low line 110

Access to hidden dotfiles in home directory

SourceSKILL.md
110~/.env (if exists, merges)
low line 126

Access to hidden dotfiles in home directory

SourceSKILL.md
126~/.openclaw/
low line 170

Access to hidden dotfiles in home directory

SourceSKILL.md
170./scripts/scan.py --paths ~/.myapp/config ~/.local/share/creds
low line 272

Access to hidden dotfiles in home directory

SourceSKILL.md
272if ! python3 ~/.openclaw/skills/credential-manager/scripts/enforce.py; then
low line 277

Access to hidden dotfiles in home directory

SourceSKILL.md
277source ~/.openclaw/.env
low line 307

Access to hidden dotfiles in home directory

SourceSKILL.md
307source ~/.openclaw/.env
medium line 323

Access to hidden dotfiles in home directory

SourceSKILL.md
323Edit `~/.openclaw/.env`:
low line 343

Access to hidden dotfiles in home directory

SourceSKILL.md
343ls -la ~/.openclaw/backups/
low line 346

Access to hidden dotfiles in home directory

SourceSKILL.md
346cp ~/.openclaw/backups/credentials-old-YYYYMMDD/x-credentials.json.bak \
low line 347

Access to hidden dotfiles in home directory

SourceSKILL.md
347~/.config/x/credentials.json
medium line 3

Access to .env file

SourceSKILL.md
3description: MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credent
medium line 10

Access to .env file

SourceSKILL.md
10Consolidate scattered API keys and credentials into a secure, centralized `.env` file.
medium line 14

Access to .env file

SourceSKILL.md
14Centralized `.env` credential management is a **core requirement** for OpenClaw security. If your credentials are scattered across multiple files, **stop and consolidate them now**.
medium line 16

Access to .env file

SourceSKILL.md
16**THE RULE:** All credentials MUST be in `~/.openclaw/.env` ONLY. No workspace, no skills, no scripts directories.
low line 26

Access to .env file

SourceSKILL.md
26~/.openclaw/.env (mode 600)
medium line 44

Access to .env file

SourceSKILL.md
443. **Consolidates** into `~/.openclaw/.env`
medium line 56

Access to .env file

SourceSKILL.md
56- `.env` files
low line 110

Access to .env file

SourceSKILL.md
110~/.env (if exists, merges)
medium line 115

Access to .env file

SourceSKILL.md
115✅ **File permissions:** Sets `.env` to mode 600 (owner only)
medium line 119

Access to .env file

SourceSKILL.md
119✅ **Template:** Creates `.env.example` (safe to share)
low line 127

Access to .env file

SourceSKILL.md
127├── .env # All credentials (secure)
low line 128

Access to .env file

SourceSKILL.md
128├── .env.example # Template (safe)
low line 129

Access to .env file

SourceSKILL.md
129├── .gitignore # Protects .env
medium line 154

Access to .env file

SourceSKILL.md
154- ✅ `.env` has 600 permissions
medium line 155

Access to .env file

SourceSKILL.md
155- ✅ `.env` is git-ignored
medium line 227

Access to .env file

SourceSKILL.md
227Creates backups, builds `.env`, sets permissions.
medium line 236

Access to .env file

SourceSKILL.md
236Test your applications/skills with the new `.env` file.
low line 257

Access to .env file

SourceSKILL.md
257# Enforce secure .env (exits if not compliant)
low line 271

Access to .env file

SourceSKILL.md
271# Validate .env exists and is secure
low line 277

Access to .env file

SourceSKILL.md
277source ~/.openclaw/.env
medium line 284

Access to .env file

SourceSKILL.md
284After migration, load from `.env`:
low line 291

Access to .env file

SourceSKILL.md
291# Load .env
low line 292

Access to .env file

SourceSKILL.md
292env_file = Path.home() / '.openclaw' / '.env'
low line 305

Access to .env file

SourceSKILL.md
305# Load .env
low line 307

Access to .env file

SourceSKILL.md
307source ~/.openclaw/.env
medium line 323

Access to .env file

SourceSKILL.md
323Edit `~/.openclaw/.env`:
low line 332

Access to .env file

SourceSKILL.md
332# Edit .env.example
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categorydevelopment
UpdatedApril 4, 2026
openclawdevopsdevops-sresecurity-engineerbackend-developerdevelopment
openclaw/skills