ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

secure-autofill

1Password-backed credential filling via vault_suggest/vault_fill (plugin tools).

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/moodykong/secure-autofill
Or

secure-autofill 🔐

This skill documents how to use the secure-autofill plugin tools:

  • vault_suggest — find likely 1Password items
  • vault_fill — fill browser DOM fields with secrets (agent never sees credentials)

Architecture

Agent orchestrates; plugin handles secrets. The agent provides element refs from browser.snapshot; the plugin types secrets into the page.

Prerequisites

  • Tools available (if tool allowlists are in use): vault_suggest, vault_fill
  • A working non-headless Chrome on WSL (many sites block headless)
  • Gateway environment has required env vars

Concrete checks:

command -v google-chrome || command -v google-chrome-stable

Configuration (portable)

Machine-specific environment should NOT be hardcoded in this document.

  • Example (do not edit): ~/.openclaw/skills/secure-autofill/config.env.example
  • Real (machine-specific): ~/.openclaw/skills/secure-autofill/config.env
  • Gateway env file (recommended destination): ~/.config/openclaw/env

Typical keys:

  • DISPLAY
  • WAYLAND_DISPLAY
  • OP_SERVICE_ACCOUNT_TOKEN (do not commit; do not paste into chat)

Initialization / installation / onboarding (WSL)

Preferred (chat-first)

Because the primary interface is chat (Telegram), the preferred onboarding flow is:

  1. Ask Boss which values to set (DISPLAY, WAYLAND_DISPLAY, whether to set OP_SERVICE_ACCOUNT_TOKEN).
  2. Write/update the real skill-local env file: config.env.
  3. Optionally update the gateway env file (~/.config/openclaw/env) with per-key confirmation.
  4. If applicable, detect whether openclaw-gateway is managed by systemctl --user and offer to restart.

Optional (terminal)

If you are running in a real terminal, you can use the interactive onboarding script:

~/.openclaw/skills/secure-autofill/scripts/onboard.sh

1) Install Google Chrome (.deb)

Ubuntu 22.04 moved Chromium to snap which doesn't work well in WSL. Install Chrome directly:

# Add Google apt source
wget -qO- https://dl.google.com/linux/linux_signing_key.pub \
  | sudo gpg --dearmor -o /usr/share/keyrings/google-linux-signing-keyring.gpg

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main" \
  | sudo tee /etc/apt/sources.list.d/google-chrome.list

# Install
sudo apt update && sudo apt install -y google-chrome-stable

2) Configure gateway environment (non-headless + 1Password token)

  1. Create/update ~/.config/openclaw/env.
  2. Run onboarding to generate the real env file (skill-local):
~/.openclaw/skills/secure-autofill/scripts/onboard.sh
  1. Copy the needed variables from the skill-local config.env into the gateway env file (~/.config/openclaw/env).
  2. Ensure the gateway service loads the env file:
Read Full Documentation on GitHub

Metadata

Author@moodykong
Stars1401
Views1
Updated2026-02-24
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-moodykong-secure-autofill": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

skill-father

Authoritative skill-creation standards (Boss). Use when creating or updating OpenClaw skills so they are portable, reproducible, include prerequisites checks, and have a guided installation/onboarding flow that persists machine-specific config in skill-local config files.

moodykong 1401

ssh-op

Use the ssh-op helper script to load an SSH private key from 1Password (op) into an in-memory ssh-agent and then run ssh. Use when connecting to hosts that require the 1Password-managed key, troubleshooting ssh-op, or onboarding a new machine by configuring the 1Password vault/item and adding SSH host aliases to ~/.ssh/config.

moodykong 1401

secure-shopper

Asynchronous shopping research + checkout using secure-autofill (1Password-backed browser filling) with results recorded to workspace artifacts.

moodykong 1401

queue-task

Durable queue-task helper for resumable, idempotent batch jobs in task-father task folders.

moodykong 1401

onedrive-integration

Copy large/long files to OneDrive for sharing when the user is on Telegram or WhatsApp and wants to view a full document or long file. Use to place files into OneDrive under an OpenClaw folder and provide the new filename/location.

moodykong 1401