from OpenClaw Master Skills2,002
Secure key-management patterns and operational guardrails for AI agents that need to handle private keys, session keys, and secrets safely.
Provides practical patterns and tools for agents that need to access private keys or API secrets. Covers session-key architectures, 1Password integration, output sanitization, pre-commit secret checks, and incident response playbooks. Concrete code snippets and pre-commit hooks are included.
Use Bagman when an agent requires any cryptographic keys, API credentials, or wallet access at runtime — e.g., trading bots, on-chain agents, automation that signs transactions, or any skill that might store credentials. Apply it when you want to avoid key leakage, enforce rotation, or delegate limited session permissions.
Best used with agent runtimes that can call CLIs or shell commands (OpenClaw agents using 1Password CLI, Claude Code, Cursor, or local Python/Node agents).
Bagman is a security-focused skill providing key management patterns for AI agents. It promotes 1Password-based secret retrieval, session keys over raw private keys, output sanitization, and prompt injection defense. No scripts to run — purely a reference/guide skill. Well-structured with clear DO/DON'T examples and incident response procedures.
op (1Password CLI)Solid security guidance skill. The subprocess.run usage for 1Password CLI is safe. Pre-commit hook in bash is straightforward. No executable scripts bundled — this is a reference/guide skill. The referenced documents in references/ directory aren't included in the fetched data, so their quality can't be assessed.
