Skip to main content

vault0

Provides a secure vault for API keys and real-time monitoring for OpenClaw agents, ensuring data protection and policy enforcement.

Install this skill

or
0/100

Security score

The vault0 skill was audited on Feb 16, 2026 and we found 17 security issues across 5 threat categories, including 4 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 55

Template literal with variable interpolation in command context

SourceSKILL.md
55```bash
medium line 56

Curl to non-GitHub URL

SourceSKILL.md
56VERSION=$(curl -s https://api.github.com/repos/0-Vault/Vault-0/releases/latest | grep '"tag_name"' | cut -d'"' -f4) && ARCH=$(uname -m) && if [ "$ARCH" = "arm64" ]; then SUFFIX="aarch64"; else SUFFIX=
medium line 3

Access to hidden dotfiles in home directory

SourceSKILL.md
3description: Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EI
medium line 6

Access to hidden dotfiles in home directory

SourceSKILL.md
6metadata: {"emoji":"🔐","category":"security","os":"macos","minOS":"12","dependencies":["openclaw"],"configPaths":["~/.openclaw/.env","~/.openclaw/openclaw.json"],"networkAccess":"localhost-only-after
low line 103

Access to hidden dotfiles in home directory

SourceSKILL.md
103head -1 ~/.openclaw/.env
low line 132

Access to hidden dotfiles in home directory

SourceSKILL.md
132rm -rf ~/.config/vault0
medium line 3

Access to .env file

SourceSKILL.md
3description: Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EI
medium line 6

Access to .env file

SourceSKILL.md
6metadata: {"emoji":"🔐","category":"security","os":"macos","minOS":"12","dependencies":["openclaw"],"configPaths":["~/.openclaw/.env","~/.openclaw/openclaw.json"],"networkAccess":"localhost-only-after
medium line 17

Access to .env file

SourceSKILL.md
171. API keys stored in plaintext, .env files, or config YAML
medium line 100

Access to .env file

SourceSKILL.md
100After the human confirms hardening is complete, verify the .env no longer contains plaintext keys:
low line 103

Access to .env file

SourceSKILL.md
103head -1 ~/.openclaw/.env
high line 30

Access to system keychain/keyring

SourceSKILL.md
306. Optional EVM wallet stored exclusively in macOS Keychain (private key never leaves Keychain, never exposed to the agent or webview layer)
high line 37

Access to system keychain/keyring

SourceSKILL.md
374. The optional EVM wallet generates a BIP-39 mnemonic stored in macOS Keychain via the keyring crate. The private key is never written to disk or transmitted.
high line 121

Access to system keychain/keyring

SourceSKILL.md
1214. **Wallet**: Optional EVM wallet for x402 micropayments (keys in macOS Keychain only)
high line 135

Access to system keychain/keyring

SourceSKILL.md
135This removes the app, encrypted vault, and policy files. Wallet keys in macOS Keychain must be removed separately via Keychain Access (service: vault0-wallet).
low line 56

External URL reference

SourceSKILL.md
56VERSION=$(curl -s https://api.github.com/repos/0-Vault/Vault-0/releases/latest | grep '"tag_name"' | cut -d'"' -f4) && ARCH=$(uname -m) && if [ "$ARCH" = "arm64" ]; then SUFFIX="aarch64"; else SUFFIX=
low line 145

External URL reference

SourceSKILL.md
1452. Demo video: https://youtu.be/FGGWJdeyY9g
Scanned on Feb 16, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categorydevelopment
UpdatedApril 10, 2026
openclawsecurity-engineerdevops-sregithubdevelopment
openclaw/skills