技能详情(站内镜像,无评论)
作者:Daniel Tamas @danieltamas
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 40 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:danieltamas/cloak-env-protection
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's instructions are coherent with its stated purpose (protecting on-disk .env values with a vault) but it recommends running a remote installer URL (curl|sh / irm | iex) that should be reviewed before use.
目的
The name/description (protect .env secrets by showing sandbox values on disk and keeping real values in a vault) matches the runtime instructions: check for .cloak, treat .env as sandbox values, use 'cloak run' to inject real env values, and use 'cloak set/edit' to manage secrets. The skill does not request unrelated credentials or binaries.
说明范围
SKILL.md gives narrow, specific rules: check .cloak presence, read .env (sandbox) only, never read vault or config directories, use cloak commands for runtime injection and edits, and always ask before running init. There is no broad 'collect context' instruction or any direction to access unrelated system files.
安装机制
The skill is instruction-only (no install spec), which is low risk. However the document explicitly recommends installing via piping a remote script (curl -fsSL https://getcloak.dev/install.sh | sh and irm https://getcloak.dev/install.ps1 | iex). getcloak.dev is not a recognized central release host in this review, and piping remote scripts to sh/iex is a high-risk installer pattern — the command should be replaced with a link to a verified re…
证书
The skill requests no environment variables, no credentials, and no config paths. The rules explicitly forbid reading vault/config paths (~/.../.config/cloak etc.), which is appropriate and proportionate to the stated purpose.
持久
No install, no always:true, and user-invocable only; the skill does not request persistent system privileges or attempt to modify other skills' configuration. Autonomous invocation is allowed by default but not combined with other red flags here.
综合结论
This skill is internally consistent with its goal of showing safe sandbox values on disk and using a local vault for real secrets. Before adopting: 1) Do not blindly run the suggested install commands that pipe remote scripts to a shell — inspect the installer at https://getcloak.dev/install.sh (and the PowerShell script) or prefer an official package/distribution channel. 2) Verify the Cloak project's identity (homepage, GitHub repository, re…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Cloak — Protect .env Secrets from AI Agents」。简介:Protect .env secrets from AI agents. Real credentials encrypted in a vault — ag…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/danieltamas/cloak-env-protection/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: cloak-env-protection
description: Protect .env secrets from AI agents. Real credentials encrypted in a vault — agents see structurally valid sandbox values on disk.
version: 0.1.0
---
# Cloak — Agent Security Skill
> This file instructs AI coding agents to protect .env secrets using Cloak.
> Add it to your project root or append its contents to your CLAUDE.md / .cursorrules / .windsurfrules.
## What is Cloak
Cloak encrypts real .env values into a vault and replaces them on disk with structurally valid sandbox values. The developer sees real values in their editor (the extension decrypts them). You (the agent) see sandbox values — that is by design.
## Detection
On first interaction with a project, check for a `.cloak` file in the project root.
- **`.cloak` exists** → Cloak is active. Follow the rules below.
- **`.cloak` does NOT exist but `.env` exists** → suggest `cloak init` (always ask first, never run without consent).
- **Neither exists** → no action needed.
## Rules
### Reading .env files
You CAN read `.env` files. The values on disk are sandbox values (fakes) — they are safe to read, display, and use in code examples. They are structurally valid (e.g. `sk_test_cloak_sandbox_000` for Stripe, `postgres://dev:dev@localhost:5432/devdb` for databases).
Do NOT attempt to access real secret values. Do NOT read vault files, recovery files, or any file under the cloak config directory (`~/.config/cloak/`, `~/Library/Application Support/cloak/`, or `%APPDATA%cloak`).
### Running commands that need real env vars
Use `cloak run` to inject real environment variables into any process:
```bash
cloak run npm start
cloak run python app.py
cloak run go run main.go
cloak run docker compose up
```
Do NOT try to read secrets from the vault and inject them manually. `cloak run` handles authentication (Touch ID on macOS, password on other platforms) — the developer will be prompted, and that is expected.
### Adding or updating secrets
Use `cloak set` with the key and value as separate arguments:
```bash
cloak set STRIPE_KEY sk_test_EXAMPLE000000000000000000
cloak set DATABASE_URL "postgres://admin:s3cret@db.example.com:5432/myapp"
```
Do NOT write secrets directly to `.env` files. The `.env` file on disk is managed by Cloak — direct edits will be overwritten.
### Modifying .env structure
To add/remove keys, change comments, or restructure the file, use:
```bash
cloak edit # opens real values in $EDITOR, re-encrypts on save
cloak set KEY VALUE # add or update a single key
```
Do NOT directly edit `.env` when `.cloak` is present.
### Checking status
```bash
cloak status # shows protection state — no auth required
```
### Error recovery
If you see a keychain or decryption error, suggest:
```bash
cloak recover
# The developer will need the recovery key shown during `cloak init`
```
### If Cloak is not installed
If the developer wants to use Cloak but it's not installed:
```bash
# macOS / Linux
curl -fsSL https://getcloak.dev/install.sh | sh
# Windows (PowerShell)
irm https://getcloak.dev/install.ps1 | iex
```
The VS Code / Cursor extension is available as "Cloak" in the marketplace.
## Command Reference
| Task | Command | Auth required |
|------|---------|---------------|
| Protect a project | `cloak init` | No |
| Run with real env vars | `cloak run <command>` | Yes |
| Add/update a secret | `cloak set KEY VALUE` | Yes |
| Edit secrets in $EDITOR | `cloak edit` | Yes |
| View sandbox vs real diff | `cloak peek` | Yes |
| Temporarily reveal a key | `cloak reveal KEY --duration 30` | Yes |
| Check protection status | `cloak status` | No |
| Restore lost keychain | `cloak recover` | No |
| Remove protection | `cloak unprotect` | Yes |
"Auth required" means the developer will be prompted for Touch ID (macOS) or their CLI password. This is expected — it prevents agents from accessing secrets programmatically.
## For CLAUDE.md
```markdown
## Secrets
This project uses Cloak to protect .env secrets.
- The .env file on disk contains sandbox values (safe to read).
- Use `cloak run <command>` to run processes that need real env vars.
- Use `cloak set KEY VALUE` to add or update secrets.
- Do not write to .env directly — use `cloak set` or `cloak edit`.
- If .cloak marker is missing and .env exists, ask before running `cloak init`.
```
## For .cursorrules / .windsurfrules
```
This project uses Cloak for .env secret protection. The .env on disk has sandbox values (safe to read).
Use `cloak run <command>` for real env vars. Use `cloak set KEY VALUE` to add secrets.
Do not modify .env directly. If .cloak is missing and .env exists, suggest `cloak init` (ask first).
```