OpenSkillIndex← back to search
claude-code

Skills secretclaw

Securely input API keys and sensitive values into OpenClaw without typing them in chat. Uses a local HTTP server + Cloudflare Tunnel to serve an HTTPS form. Use when registering API keys, tokens, passwords, or any sensitive config values.

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/apsntian/secretclaw" ~/.claude/skills/clawdbot-skills-secretclaw && rm -rf "$T"
manifest: skills/apsntian/secretclaw/SKILL.md
source content

SecretClaw

A skill for securely inputting secret keys and sensitive values without passing them through Discord or any chat channel.

Uses a local HTTP server + Cloudflare Tunnel to serve an HTTPS form page, then saves the submitted value via 

openclaw config set
.

When to Use

  • When registering API keys, tokens, passwords, or other sensitive values
  • To avoid typing secrets directly in chat
  • Examples: FAL_KEY, Notion API key, OpenAI key, etc.

Active Tunnels

→ See 

workspace/TUNNELS.md
(managed automatically by the agent)

Usage

python3 <skill_dir>/scripts/secret_server.py \
  --config-key "env.FAL_KEY" \
  --label "FAL_KEY"

Parameters

  • --config-key
    : openclaw config path (dot notation)
    • e.g.: 
      env.FAL_KEY
      , 
      env.OPENAI_KEY
      , 
      channels.discord.token
  • --label
    : Human-readable name displayed on the form
  • --service
    : Service name recorded in TUNNELS.md (default: 
    secret-input
    )

Agent Execution Steps

  1. Run the command below as a background exec
  2. Extract the 
    SECRET_URL:
    line from stdout → send the URL to the user
  3. When 
    SECRET_SAVED:
    appears, the value has been saved
  4. Check if a gateway restart is needed (some keys require restart)
# Example background exec
python3 /opt/homebrew/lib/node_modules/openclaw/skills/secret-input/scripts/secret_server.py \
  --config-key "env.FAL_KEY" \
  --label "FAL_KEY"

TUNNELS.md Structure

Active tunnel info is recorded in 

workspace/TUNNELS.md
. The agent reads this file to check currently open tunnel URLs. Entries are automatically removed when the server shuts down.

Security

  • No secret values are ever stored in chat history
  • HTTPS via Cloudflare TLS (Quick Tunnel)
  • One-time token embedded in URL (cryptographically random)
  • Server self-destructs immediately after submission
  • Uses Cloudflare Quick Tunnel (no account required; URL changes on every run)

Notes

  • If the machine reboots, the server shuts down and the Cloudflare URL becomes invalid
  • To re-enter a value, simply run the skill again to generate a new URL
  • TUNNELS.md only tracks currently active tunnels (not historical URLs)