bagman
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, and prompt injection defense.
Why use this skill?
Master secure secret management for AI agents with Bagman. Prevent key leaks, automate session key rotation, and defend against prompt injection.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/zscole/openclawWhat This Skill Does
Bagman is the mission-critical security layer for OpenClaw agents managing sensitive assets. It enforces a zero-trust architecture by ensuring that raw private keys never touch persistent storage, configuration files, or plain-text memory. By integrating directly with the 1Password CLI, Bagman acts as a secure intermediary for secret retrieval, enforces the use of bounded session keys, and mitigates risks associated with prompt injection and accidental credential leakage.
Installation
To integrate Bagman into your agent environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/zscole/openclaw
Ensure you have the 1Password CLI (op) installed and authenticated on the host machine. Configure your vault access permissions to restrict the agent's scope to specific keys only.
Use Cases
- Autonomous Trading: Managing agent-controlled wallets with strictly bounded spending caps and time-limited session keys.
- API Authentication: Securely injecting third-party service tokens (e.g., Alchemy, Infura, or OpenAI) at runtime without exposing them in environment files.
- Secure Data Signing: Performing cryptographic operations on behalf of users while ensuring the master key remains in hardware storage, separated from the agent's logic execution layer.
- Multi-Agent Orchestration: Coordinating secret access across multiple agents while maintaining a transparent audit log of who accessed which credentials and when.
Example Prompts
- "Bagman, retrieve the temporary session key for the wallet deployment and authorize a gas-capped transaction for the target smart contract."
- "I need to sign this message digest. Use the Bagman workflow to fetch the active session credential, perform the signing, and immediately clear the buffer."
- "Rotate the API secret for the analytics endpoint and ensure the new token is injected only into the current runtime memory session."
Tips & Limitations
- Limit Scope: Always use ERC-4337 delegated access patterns. Never grant an agent the master private key if a session key is sufficient.
- Validation: Enable the Bagman output filter to automatically sanitize logs and console outputs to prevent leakage.
- Limitations: This skill assumes the underlying machine has a protected 1Password environment. It cannot protect against compromised host-level kernel access. Always run agents in isolated, minimal-privilege containers for maximum defense-in-depth.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-zscole-openclaw": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: external-api
Related Skills
bagman
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, prompt injection defense, and MetaMask Delegation Framework integration.
agentic-money
Discover, hire, and get paid by AI agents using the Agentic Money protocol on Ethereum.
Rtfm Testing
Skill by zscole