bagman

What This Skill Does

Bagman is an advanced security and key management framework for AI agents designed to eliminate the risks associated with handling sensitive cryptographic assets. In an environment where AI models frequently interface with blockchain networks, APIs, and proprietary systems, storing credentials as plaintext variables or environment constants is a critical failure point. Bagman abstracts this process by providing a rigorous architecture for secret retrieval, session-based authorization, and proactive defense against prompt injection and secret leakage.

By leveraging the 1Password CLI for runtime retrieval and EIP-7710/ERC-4337 for on-chain authorization, Bagman ensures that the agent never holds the 'master key' directly. Instead, it operates on a 'least-privilege' model, using short-lived session keys that are bounded by time, transaction volume, and destination smart contract addresses.

Installation

To begin, ensure you have the OpenClaw framework installed. Run the following command in your terminal:

clawhub install openclaw/skills/skills/zscole/bagman

Follow this with the required dependency installation for your OS: brew install 1password-cli

Once installed, you must initialize your agent's vault through the CLI using op signin. The Bagman library will automatically scan for the op environment and utilize it for all sensitive operations, ensuring that secrets reside only in volatile memory during active execution cycles.

Use Cases

• Autonomous Wallets: Enable agents to interact with DeFi protocols without exposing the primary private key.
• Automated API Management: Safely rotate and access third-party API keys (e.g., Stripe, AWS, OpenAI) only when the agent specifically requires them for a task.
• Risk Mitigation: Build agentic workflows that require human-in-the-loop approvals for high-value transactions or sensitive data exfiltration.
• Adversarial Defense: Use built-in sanitization modules to prevent malicious users from tricking the agent into echoing secret keys or sensitive environment variables.

Example Prompts

1. "Bagman, initiate a session key for the Uniswap router with a maximum spend limit of 0.5 ETH and a 4-hour expiration window."
2. "Sanitize the latest logs and remove any potential API tokens or private keys before sending the output to the public webhook."
3. "Verify the incoming transaction request to verify that the contract address is on the whitelist and that the function call does not violate current safety policies."

Tips & Limitations

• Runtime Persistence: Never store keys in your .env or history files. Always use op read at the moment of execution.
• Output Sanitization: The sanitization module is highly effective but should not be treated as a replacement for robust architectural separation. Always run the sanitizer as the final stage of your agent's pipeline.
• Session Scope: Always define the narrowest possible scope for session keys. If an agent only needs to read blockchain state, do not grant write permissions.
• Adversarial Testing: Frequently run the test_suite.py provided in the repository to simulate injection attacks and verify that your sanitizers are catching new patterns.