ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

bagman

Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, and prompt injection defense.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/allprogramming9999/master-skills
Or

What This Skill Does

The Bagman skill is a security-first toolkit designed to handle sensitive credentials within an AI agent ecosystem. It enforces a strict separation between the agent's logic and the actual private keys or secrets required to perform operations. By integrating with 1Password CLI and utilizing ERC-4337 delegated access patterns, Bagman prevents common vulnerabilities such as memory leaks, accidental hardcoding of secrets, and prompt injection attacks that could lead to secret exfiltration.

Installation

To integrate Bagman into your workflow, ensure the 1Password CLI (op) is installed and authenticated on your host machine. Install the skill via the command line: clawhub install openclaw/skills/skills/allprogramming9999/master-skills. Once installed, ensure your agent environment is configured to read secrets dynamically at runtime rather than storing them in plain text configuration files or environment variable dumps.

Use Cases

  • Autonomous Wallet Management: Facilitating agent-controlled funds where the agent only holds time-bounded, amount-capped session keys instead of master private keys.
  • API Secret Rotation: Managing and injecting API credentials for third-party services, ensuring that even if an agent prompt is compromised, the primary secrets remain encrypted in your vault.
  • Secure CI/CD Workflows: Using ephemeral secrets to sign transactions or authenticate requests during deployment pipelines without hardcoding long-lived credentials.
  • Compliance and Audit Trails: Providing a clear audit path by routing all secret access requests through the 1Password infrastructure.

Example Prompts

  1. "Bagman, generate a new session key for my smart account with a spending cap of 0.05 ETH and a 4-hour expiration window."
  2. "Bagman, securely retrieve the API key for my current data analysis project from the agent vault and initialize the connection."
  3. "Bagman, perform a safety audit on my current environment variables and ensure no sensitive private keys are stored in the active memory or logs."

Tips & Limitations

  • Tip: Always implement a 'human-in-the-loop' for any operation exceeding your defined risk thresholds.
  • Tip: Treat all agent-generated logs as public; never output raw secret values to standard out, even during debugging.
  • Limitation: This skill relies on the availability and correct configuration of external secret managers like 1Password; it is not a standalone vault but a secure bridge.
  • Limitation: Proper implementation requires architectural discipline; simply installing the skill does not guarantee security if the user still manually injects keys into the environment.
Read Full Documentation on GitHub

Metadata

Author@allprogramming9999
Stars4473
Views0
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-allprogramming9999-master-skills": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#blockchain#cryptography#devops#secrets
Safety Score: 5/5

Flags: external-api, code-execution