age
age file encryption reference — the modern, simple alternative to GPG. Covers key generation, X25519 encryption, SSH key support, passphrase mode, pipe patterns, SOPS integration, YubiKey plugins, and security considerations. By Filippo Valsorda.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/ckchzh/ageWhat This Skill Does
The age encryption skill provides a comprehensive interface for managing and utilizing 'age', a modern, simple, and secure file encryption tool. Acting as a robust alternative to aging GPG workflows, this skill allows users to handle X25519-based encryption, manage SSH key integration, and leverage YubiKey plugins for hardware-backed security. The skill covers the entire lifecycle of encrypted files, from key generation to decryption, providing a safe environment for handling sensitive data within the OpenClaw ecosystem.
Installation
To integrate this skill into your environment, run the following command in your terminal:
clawhub install openclaw/skills/skills/ckchzh/age
Use Cases
- Secure Cloud Backups: Encrypt sensitive configuration files or database dumps before uploading them to untrusted cloud storage.
- Team Secrets Management: Utilize age to encrypt sensitive files for team collaboration, where each member can use their public SSH key for decryption access.
- Git Configuration Protection: Integrate with tools like SOPS to encrypt sensitive values inside version-controlled configuration files.
- Hardware-Backed Encryption: Use the YubiKey plugin to ensure your private keys are protected on physical hardware, adding a layer of protection against memory-based attacks.
Example Prompts
- "Generate a new age key pair and save the private key to a secure file path for me."
- "Encrypt the file 'database_config.yaml' using the recipient's public key found in my SSH identity file."
- "Decrypt 'backup.age' using my YubiKey and store the output in 'restored_data.json'."
Tips & Limitations
- Security: age is designed to be simple, but always ensure your private keys are stored with appropriate file permissions (e.g., chmod 600).
- Pipe Patterns: The skill fully supports standard UNIX pipe patterns, allowing you to chain encryption processes with other tools efficiently.
- Error Handling: When decrypting, pay close attention to output logs if a hardware token (like a YubiKey) is disconnected or locked.
- Compatibility: Note that age is not compatible with GPG. Ensure your workflow exclusively uses age or appropriate wrappers if team members are involved. Keep your key identities organized, as lost keys result in permanent data loss since there is no recovery mechanism for standard age files.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-ckchzh-age": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: file-read, file-write
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.