Skip to main content
ClaudeWave
Skill62 repo starsupdated 1mo ago

secrets-hygiene

Audits which skills have access to secrets, flags stale or unrotated credentials, and prompts rotation. Use weekly to keep credentials clean.

View sourceRepository: openclaw-superpowers
Install in Claude Code
Copy
git clone --depth 1 https://github.com/ArchieIndian/openclaw-superpowers /tmp/secrets-hygiene && cp -r /tmp/secrets-hygiene/skills/openclaw-native/secrets-hygiene ~/.claude/skills/secrets-hygiene
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# Secrets Hygiene

State file: `~/.openclaw/skill-state/secrets-hygiene/state.yaml`

Credentials you forgot about are credentials that will leak.

## When to Use

- On Monday 9am cron wakeup
- When adding or removing a skill that uses credentials
- After any suspected security incident

## The Audit Process

### Step 1: Inventory
List all secrets currently configured in OpenClaw (env vars, config files, keychain entries referenced by installed skills). For each, record: name, which skills access it, when it was last rotated (if known).

### Step 2: Flag Stale Secrets
A secret is stale if:
- Last rotated more than 90 days ago (or unknown rotation date)
- The skill that uses it is no longer installed
- It grants broader access than the skill needs

### Step 3: Report
Send a summary:
```
Secrets Audit — [date]
[N] secrets tracked
[N] flagged for rotation: [names]
[N] orphaned (skill removed): [names]
Action needed: [yes/no]
```

### Step 4: Update State
Write `last_audit_at`, updated `tracked_secrets` list, `flagged_count`, `orphaned_count` to state file.

## Cron Wakeup Behavior

On Monday 9am wakeup:
- Read state; if `last_audit_at` is within the last 6 days, skip
- Otherwise run the audit and update state
More from this repository
obsidian-syncSkill

Syncs agent daily memory and MEMORY.md to an Obsidian vault so notes are human-browsable. Use nightly or on demand.

brainstormingSkill

Structured ideation before any implementation. Use when starting any non-trivial task.

create-skillSkill

Scaffolds and validates new superpowers skills. Use when creating a new skill for this repository.

executing-plansSkill

Executes plans task-by-task with verification. Use when implementing a plan.

fact-check-before-trustSkill

Triggers a secondary verification pass for any agent output containing factual claims, numbers, dates, or named entities before the output is acted on

project-onboardingSkill

Crawls a new codebase to infer stack, conventions, and key invariants, then generates a PROJECT.md context file for the agent

pull-request-feedback-loopSkill

Handles PR review feedback by fetching comments, grouping issues, fixing one group at a time, and verifying before replies.

skill-conflict-detectorSkill

Detects skill name shadowing and description-overlap conflicts that cause OpenClaw to trigger the wrong skill or silently ignore one when two skills compete for the same intent.