Official Verified developer tools Safety 4/5

magic-wormhole

Secure secret sharing for OpenClaw using magic-wormhole protocol

Why use this skill?

Transfer sensitive API tokens, SSH keys, and passwords securely with your OpenClaw agent using the encrypted magic-wormhole protocol.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/cthulhutoo/magic-wormhole

Download Source Code (.zip)

What This Skill Does

The magic-wormhole skill provides OpenClaw agents with a secure, encrypted mechanism for transferring sensitive data such as API tokens, SSH keys, and configuration files directly to a human user. By leveraging the PAKE (Password-Authenticated Key Exchange) protocol, the skill allows the agent to generate a short, human-readable code (e.g., '5-purple-elephant'). The human can then input this code into their own local terminal to receive the secret data without the information ever touching the agent's chat history, system logs, or cloud storage. This peer-to-peer approach ensures that secrets remain private and are only accessible by the intended recipient.

Installation

To integrate this capability into your OpenClaw agent, ensure the wormhole CLI is available in your agent's environment. You can install it via your package manager or pip. Once the environment is prepared, use the OpenClaw skill manager to register the tool:

Install the CLI tool: pip install magic-wormhole
Add the skill to your agent: clawhub install openclaw/skills/skills/cthulhutoo/magic-wormhole
Verify the installation by running wormhole --version through the agent's shell execution tool.

Use Cases

This skill is indispensable for security-conscious workflows where sensitive information must be handled by an AI agent. Common use cases include generating and delivering SSH keys for new infrastructure deployments, transferring API tokens for external services, sharing passwords during credential rotation, or providing certificates to authorized personnel. It is particularly valuable in air-gapped environments or scenarios requiring strict adherence to audit trails, as it minimizes the risk of secret leakage while maintaining high velocity in operations.

Example Prompts

"I've generated a new SSH key pair for the production server. Use magic-wormhole to send the private key to me."
"The API token for the data scraping service needs to be updated. Please share it with me using a wormhole transfer."
"Rotate the database admin password and provide the new credentials to my terminal via magic-wormhole."

Tips & Limitations

While magic-wormhole is powerful, it is designed for short-lived secret transfers. Codes generated are one-time use; if the connection is interrupted, a new code must be generated. Do not use this skill for files larger than 100MB, as it is optimized for text-based credentials and small configuration files. Ensure that your agent has sufficient network access to reach the magic-wormhole rendezvous servers. For high-security internal environments, consider self-hosting a wormhole-transit server to eliminate reliance on public infrastructure.

Read Full Documentation on GitHub

Metadata

Author@cthulhutoo

Stars2032

Updated2026-03-05

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-cthulhutoo-magic-wormhole": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Related Skills

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 4473