ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

1claw

HSM-backed secret management for AI agents — store, retrieve, rotate, and share secrets via the 1Claw vault without exposing them in context.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/kmjones1979/1claw
Or

1Claw — HSM-Backed Secret Management for AI Agents

1Claw is a cloud HSM-backed secrets manager. Agents access API keys, passwords, and credentials at runtime without them ever entering the conversation context. Secrets are encrypted with keys that never leave the HSM.

API base URL: https://api.1claw.xyz MCP endpoint: https://mcp.1claw.xyz/mcp Dashboard: https://1claw.xyz Docs: https://docs.1claw.xyz

When to use this skill

  • You need an API key, password, or credential to complete a task
  • You want to store a newly generated credential securely
  • You need to share a secret with a user or another agent
  • You need to rotate a credential after regenerating it
  • You want to check what secrets are available before using one
  • You need to sign or simulate an EVM transaction without exposing private keys

Setup

Option 1: MCP server (recommended for AI agents)

Add to your MCP client configuration. The server auto-refreshes JWT tokens.

{
    "mcpServers": {
        "1claw": {
            "command": "npx",
            "args": ["-y", "@1claw/mcp"],
            "env": {
                "ONECLAW_AGENT_ID": "<agent-uuid>",
                "ONECLAW_AGENT_API_KEY": "<agent-api-key>",
                "ONECLAW_VAULT_ID": "<vault-uuid>"
            }
        }
    }
}

Hosted HTTP streaming mode:

URL: https://mcp.1claw.xyz/mcp
Headers:
  Authorization: Bearer <agent-jwt>
  X-Vault-ID: <vault-uuid>

Option 2: TypeScript SDK

npm install @1claw/sdk

import { createClient } from "@1claw/sdk";

const client = createClient({
    baseUrl: "https://api.1claw.xyz",
    agentId: process.env.ONECLAW_AGENT_ID,
    apiKey: process.env.ONECLAW_AGENT_API_KEY,
});

Option 3: Direct REST API

Authenticate, then pass the Bearer token on every request.

# Exchange agent credentials for a JWT
TOKEN=$(curl -s -X POST https://api.1claw.xyz/v1/auth/agent-token \
  -H "Content-Type: application/json" \
  -d '{"agent_id":"<uuid>","api_key":"<key>"}' | jq -r .access_token)

# Use the JWT
curl -H "Authorization: Bearer $TOKEN" https://api.1claw.xyz/v1/vaults

Alternative: 1ck_ API keys (personal or agent) can be used directly as Bearer tokens — no JWT exchange needed.

Authentication

Agent auth flow

Read Full Documentation on GitHub

Metadata

Author@kmjones1979
Stars1776
Views1
Updated2026-03-02
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-kmjones1979-1claw": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.