ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

vault0

Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EIP-3009 signing. Secure API keys, watch agent behavior, and handle machine-to-machine micropayments. macOS desktop app (Rust + Tauri). Reads ~/.openclaw/.env during hardening. Installation downloads a DMG from GitHub releases. After install, the app makes no external network calls and only listens on localhost.

Why use this skill?

Secure your OpenClaw agent with Vault-0: AES-256-GCM encrypted secret storage, real-time activity monitoring, and native EVM wallet support on macOS.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/dlhugly/vault0
Or

What This Skill Does

Vault-0 is a professional-grade security suite designed specifically for OpenClaw agents operating on macOS. It acts as a comprehensive security layer, providing encrypted secret management, real-time activity monitoring, and policy enforcement. At its core, the tool utilizes AES-256-GCM encryption with Argon2id key derivation to ensure that your API keys and sensitive credentials remain secure even if your local environment is compromised. It replaces insecure .env or plaintext config files by injecting secrets ephemerally at runtime and purging them immediately after use.

Beyond storage, Vault-0 serves as a powerful observability platform. Through its gateway WebSocket, you can monitor agent messages, tool calls, and thinking states in real time. It includes an optional policy proxy that listens on 127.0.0.1:3840, allowing for granular control over agent behavior, such as domain allowlisting, output redaction, and spending limits. For users involved in machine-to-machine transactions, the native EVM wallet integrates directly with the macOS Keychain, ensuring that your private keys are never exposed to disk or the browser.

Installation

Vault-0 is built with Rust and Tauri, focusing on local-first privacy. To install, verify your system is running macOS 12 or later by running sw_vers -productVersion. You can then trigger the installation via the OpenClaw hub with clawhub install openclaw/skills/skills/dlhugly/vault0. For users preferring manual control, the latest DMG can be downloaded from the GitHub releases page, or you can build directly from the source repository at https://github.com/0-Vault/Vault-0. Note that since the app is not currently Apple notarized, you may need to use right-click > Open to bypass Gatekeeper on the first launch.

Use Cases

  • Credential Hardening: Moving away from insecure plaintext environment files to an encrypted vault.
  • Agent Governance: Implementing strict output redaction and domain blocking to prevent unauthorized API calls or data exfiltration.
  • Micropayment Security: Handling automated EVM transactions with EIP-3009 signing for agents that need to pay for external resources.
  • Security Auditing: Maintaining a SHA-256 chained evidence ledger to track every decision and tool call made by your agent.

Example Prompts

  1. "Vault-0, scan my local environment for exposed API keys and migrate them to the encrypted storage."
  2. "Activate the policy proxy and block my agent from accessing any domains outside of the official OpenAI and Anthropic APIs."
  3. "Show me the recent activity log for my agent, including the specific tool calls made in the last hour."

Tips & Limitations

Vault-0 operates as a local-only security tool. It performs zero telemetry and does not communicate with external servers after installation. Because it leverages the macOS Keychain, ensure your user account is properly secured with biometric or password protection. If you require absolute assurance regarding the codebase, we strongly recommend cloning the repository and performing a local build via npm run tauri build. The security proxy is optional—if your use case does not require output filtering or domain blocking, you can run the vault without it to reduce local overhead.

Read Full Documentation on GitHub

Metadata

Author@dlhugly
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-dlhugly-vault0": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#encryption#wallet#privacy#macos
Safety Score: 5/5

Flags: file-read, file-write