ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

confidant

Secure secret handoff and credential setup wizard for AI agents. Use when you need sensitive information from the user (API keys, passwords, tokens) or need to save credentials to config files. Never ask for secrets via chat — use Confidant instead.

Why use this skill?

Securely collect API keys, tokens, and passwords for your AI agents without exposing sensitive data in chat history. Confidant handles secure handoffs.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/ericsantos/confidant
Or

What This Skill Does

Confidant is a specialized security middleware for OpenClaw agents, designed to bridge the gap between AI automation and sensitive credential management. Unlike standard interactions where sensitive information might be pasted into a chat interface—risking exposure in chat logs, history files, or LLM context windows—Confidant provides a secure, ephemeral web interface for users to input secrets. It acts as a dedicated handoff mechanism, handling the secure reception, validation, and storage of API keys, passwords, and tokens, automatically securing them with strict filesystem permissions (chmod 600) upon arrival.

Installation

To install Confidant into your OpenClaw environment, execute the following command in your terminal: clawhub install openclaw/skills/skills/ericsantos/confidant

Once installed, you must perform a one-time environment setup. Locate the skill directory and run the initialization script: bash {skill}/scripts/setup.sh This ensures all dependencies, including tunneling utilities, are ready for use.

Use Cases

Confidant is essential for any workflow requiring authentication. Common scenarios include:

  • Provisioning API keys for external services like OpenAI, Anthropic, or GitHub.
  • Securely collecting private database connection strings for data analysis tasks.
  • Managing temporary session tokens for web scraping or automated logins.
  • Enabling agents to operate on behalf of users without ever 'knowing' or 'reading' the raw secret in the chat interface.

Example Prompts

  1. "I need to use the SerpAPI integration, but I don't have my key set up yet. Can you guide me through adding it securely?"
  2. "Please initialize the credentials for the OpenAI integration so you can start analyzing my project files."
  3. "I am working remotely; can you generate a secure portal for me to input my GitHub Personal Access Token using the tunnel option?"

Tips & Limitations

  • Security First: Never prompt the user to type secrets into the chat window. Always default to Confidant.
  • Tunneling: When working with remote users, remember to use the --tunnel flag to generate a public-facing URL via localtunnel.
  • Lifecycle: Secrets are treated as one-time events; the web form expires after submission or 24 hours.
  • Persistence: By default, Confidant saves files to ~/.config/<service>/api_key. If you need custom storage, use the --save flag to specify an absolute path.
  • Human-in-the-Loop: You cannot retrieve the secret; you must facilitate the handoff by presenting the link and confirming successful reception.
Read Full Documentation on GitHub

Metadata

Author@ericsantos
Stars2387
Views1
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-ericsantos-confidant": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#authentication#credentials#privacy#api-management
Safety Score: 5/5

Flags: network-access, file-write, file-read, external-api

Related Skills

serpapi

Search Google via SerpAPI (Google Search, Google News, Google Local). Use when you need to search the web, find news articles, or look up local businesses. Supports country/language targeting for region-specific results.

ericsantos 2387

relay-to-agent

Relay messages to AI agents on any OpenAI-compatible API. Supports multi-turn conversations with session management. List agents, send messages, reset sessions.

ericsantos 2387

jina-reader

Web content extraction via Jina AI Reader API. Three modes: read (URL to markdown), search (web search + full content), ground (fact-checking). Extracts clean content without exposing server IP.

ericsantos 2387

messaging

NexusMessaging Protocol client — ephemeral agent-to-agent sessions. Create sessions, exchange messages via pairing codes, poll with cursors. Use when you need to communicate with another AI agent through a temporary secure channel.

ericsantos 2387

perplexity

Deep search via Perplexity API. Three modes: search (quick facts), reason (complex analysis), research (in-depth reports). Returns AI-grounded answers with citations.

ericsantos 2387