bagman
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, prompt injection defense, and MetaMask Delegation Framework integration.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/zscole/bagmanBagman
Secure key management patterns for AI agents handling wallets, private keys, and secrets.
When to Use This Skill
- Agent needs wallet/blockchain access
- Handling API keys, credentials, or secrets
- Building systems where AI controls funds
- Preventing secret leakage via prompts or outputs
Quick Start
# Install 1Password CLI
brew install 1password-cli
# Authenticate
eval $(op signin)
# Create vault for agent credentials
op vault create "Agent-Credentials"
# Run examples
cd examples && python test_suite.py
Core Rules
| Rule | Why |
|---|---|
| Never store raw private keys | Config, env, memory, or conversation = leaked |
| Use delegated access | Session keys with time/value/scope limits |
| Secrets via secret manager | 1Password, Vault, AWS Secrets Manager |
| Sanitize all outputs | Scan for key patterns before any response |
| Validate all inputs | Check for injection attempts before wallet ops |
Architecture
┌─────────────────────────────────────────────────────┐
│ AI Agent │
├─────────────────────────────────────────────────────┤
│ Session Key (bounded) │
│ ├─ Expires after N hours │
│ ├─ Max spend per tx/day │
│ └─ Whitelist of allowed contracts/methods │
├─────────────────────────────────────────────────────┤
│ Secret Manager (1Password/Vault) │
│ ├─ Retrieve at runtime only │
│ ├─ Never persist to disk │
│ └─ Audit trail of accesses │
├─────────────────────────────────────────────────────┤
│ Smart Account (ERC-4337) │
│ ├─ Programmable permissions │
│ └─ Recovery without key exposure │
└─────────────────────────────────────────────────────┘
Implementation Files
| File | Purpose |
|---|---|
examples/secret_manager.py | 1Password integration for runtime secret retrieval |
examples/sanitizer.py | Output sanitization (keys, seeds, tokens) |
examples/validator.py | Input validation (prompt injection defense) |
examples/session_keys.py | ERC-4337 session key configuration |
examples/delegation_integration.ts | MetaMask Delegation Framework (EIP-7710) |
examples/pre-commit | Git hook to block secret commits |
examples/test_suite.py | Adversarial test suite |
docs/prompt-injection.md | Deep dive on injection defense |
docs/secure-storage.md | Secret storage patterns |
docs/session-keys.md | Session key architecture |
docs/leak-prevention.md | Output sanitization patterns |
docs/delegation-framework.md | On-chain permission enforcement (EIP-7710) |
1. Secret Retrieval
1Password CLI Pattern
# Retrieve at runtime (never store result)
SESSION_KEY=$(op read "op://Agents/my-agent/session-key")
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-zscole-bagman": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
agentic-money
Discover, hire, and get paid by AI agents using the Agentic Money protocol on Ethereum.
Rtfm Testing
Skill by zscole
bagman
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, and prompt injection defense.