stranger-danger

What This Skill Does

Stranger-Danger is a robust identity verification layer designed for the OpenClaw AI ecosystem. Its primary function is to introduce a human-in-the-loop security gate before the AI agent performs high-stakes operations. Rather than blindly trusting a request, the agent challenges the user to provide a pre-configured safe word or answer to a secret question. The technical implementation is highly secure; the provided answer is never stored in plaintext. Instead, the skill uses salted bcrypt hashing to process inputs, with the hash securely stored in the macOS Keychain, ensuring that even if your configuration files are accessed, your secret remains safe. The question itself is kept in a local JSON configuration for quick retrieval.

Installation

To add this layer of security to your agent, use the OpenClaw CLI package manager. Run the following command in your terminal:

clawhub install openclaw/skills/skills/jamesalmeida/stranger-danger

Once installed, you must initialize the skill to establish your challenge parameters. Execute stranger-danger setup to define your secret question and the corresponding answer. After configuration, you can verify your setup by running stranger-danger test to confirm the interactive flow is working as expected.

Use Cases

This skill is essential for users who grant their AI agents access to sensitive assets. Use it when:

• Secret Management: Protecting your agent from revealing stored API keys, environment variables, or private tokens.
• Data Integrity: Preventing accidental deletion or catastrophic file system modifications by forcing a verification step.
• Authentication Guard: Adding a second factor of authentication before the agent performs tasks on your behalf in external third-party services.
• Edge Cases: Stopping the agent when it receives an unusual, high-risk command that significantly deviates from its standard operating procedures.

Example Prompts

1. "OpenClaw, please display my OpenAI API key from the secret vault. (Note: The agent will trigger Stranger-Danger before proceeding)."
2. "I need to delete the entire 'experimental_logs' directory. Proceed with caution."
3. "Can you show me the current stored password for my administrative portal?"

Tips & Limitations

• Security First: Never use an answer that can be easily guessed or found in your public social media profiles.
• Workflow Design: Incorporate stranger-danger verify as a pre-condition in your agent's system prompt to ensure it never executes destructive actions without calling the skill first.
• Platform Constraint: This skill relies on the macOS Keychain, meaning it is currently optimized for macOS environments. Ensure your system's keychain is unlocked and accessible to the shell session.
• Data Safety: The skill does not log answers. If you forget your safe word, you must use stranger-danger reset to clear the credentials, effectively disabling the protection until you complete the setup process again.