Cloak prevents AI agents and accidental processes from accessing real credentials by encrypting real .env values into a vault and replacing them on disk with structurally valid sandbox values. Developers retain access via a decrypting extension or CLI. The skill documents detection, safe handling rules, and commands (cloak run, set, edit, recover) so agents know how to interact safely with projects that use Cloak.
Use this skill when interacting with projects that may contain a .env file or a .cloak marker. If .cloak exists, follow Cloak rules: read sandboxed .env values only, do not attempt vault access, and prefer cloak run for commands that need real secrets. If .env exists without .cloak, suggest initialising Cloak (ask before running cloak init).
Agents that interact with codebases and CLIs (Copilot/Codex-like coding assistants, Cursor, Claude Code, Gemini CLI) will benefit from these rules because they prevent accidental leakage of real secrets and provide safe command patterns.
Cloak is a skill for protecting .env secrets from AI coding agents by replacing on-disk values with sandbox fakes and providing a vault/CLI for real credential access. The SKILL.md is well-written with clear instructions, detection rules, and a command reference. Both bundled scripts failed in isolation — cross-compat-test.sh requires the extension/ directory context, and release.sh requires arguments plus a git repo. Security concern: SKILL.md includes `curl | sh` install instructions, which is a remote code execution pattern, though presented as user-facing rather than agent-autonomous.
The curl|sh pattern is instructional (for suggesting to developers) rather than something the agent executes autonomously, but still warrants the security deduction. The skill concept is genuinely useful and well-structured. Scripts are production-quality release tooling, not core skill functionality.