Cloak prevents AI agents and accidental processes from accessing real credentials by encrypting real .env values into a vault and replacing them on disk with structurally valid sandbox values. Developers retain access via a decrypting extension or CLI. The skill documents detection, safe handling rules, and commands (cloak run, set, edit, recover) so agents know how to interact safely with projects that use Cloak.
Use this skill when interacting with projects that may contain a .env file or a .cloak marker. If .cloak exists, follow Cloak rules: read sandboxed .env values only, do not attempt vault access, and prefer cloak run for commands that need real secrets. If .env exists without .cloak, suggest initialising Cloak (ask before running cloak init).
Agents that interact with codebases and CLIs (Copilot/Codex-like coding assistants, Cursor, Claude Code, Gemini CLI) will benefit from these rules because they prevent accidental leakage of real secrets and provide safe command patterns.
This skill has not been reviewed by our automated audit pipeline yet.
