nav/PaddedCell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e38cb8fe20f20fb3e1975ae3d7b730382f9ad29
PaddedCell/skills/pass-mgr/SKILL.md
nav 2e38cb8fe2 tighten secret handling guidance
2026-03-08 21:50:44 +00:00

60 lines
2.0 KiB
Markdown
Raw Blame History

---
name: pass-mgr
description: Manage OpenClaw agent credentials (usernames/secrets). Use when storing, retrieving, listing, generating, or removing credentials for an agent. Trigger on requests about saving or fetching usernames, passwords, tokens, API keys, or other secrets. MUST call pass_mgr via the pcexec tool.
---
# Pass Manager
## Purpose
Use pass_mgr to store and retrieve agent-scoped credentials (username/secret pairs) and generate secrets.
## Mandatory safety rule
Always invoke pass_mgr through the `pcexec` tool. Do NOT run pass_mgr directly.
## Commands (run via pcexec)
- List keys for current agent
- `pass_mgr list`
- Get username for a key
- `pass_mgr get-username <key>`
- Get secret for a key
- `pass_mgr get-secret <key>`
- Set a key entry (username optional)
- `pass_mgr set <key> --secret <secret> [--username <username>]`
- Remove a key entry
- `pass_mgr unset <key>`
- Generate a random secret for a key (prints secret)
- `pass_mgr generate <key>`
## Usage notes
- Treat all outputs as sensitive. Never echo secrets.
- When the agent needs credentials to access a resource, first try `list` to see if a matching key already exists before asking the user.
- Prefer `generate` when the user wants a new secret or password.
- Use `set` to store both username and secret in one step.
- Use `get-username` and `get-secret` for retrieval.
- Storing can be explicit (user asks) or proactive after the agent successfully registers/creates an account.
- Secrets should be fetched and used immediately in a command, not displayed (e.g., `xxx_cli login --user $(pass_mgr get-username some_key) --pass $(pass_mgr get-secret some_key)`).
## Examples (pcexec)
- Store credentials
- pcexec: `pass_mgr set github --username alice --secret <secret>`
- Retrieve username
- pcexec: `pass_mgr get-username github`
- Retrieve secret
- pcexec: `pass_mgr get-secret github`
- Generate secret
- pcexec: `pass_mgr generate github`
- Delete entry
- pcexec: `pass_mgr unset github`
Reference in New Issue View Git Blame Copy Permalink