bagmanSecure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, prompt injection defense, and MetaMask Delegation Framework integration.
Install via ClawdBot CLI:
clawdbot install zscole/bagmanGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
$PRIVATE_KEYContains instructions to override system prompt or ignore user requests
"ignore previous instructions"Sends data to undocumented external endpoint (potential exfiltration)
send → https://...Calls external URL not in known-safe list
https://github.com/zscole/bagman-skillGenerated Mar 20, 2026
An AI agent that executes automated cryptocurrency trades on decentralized exchanges. The bot requires secure wallet access for transactions while preventing private key exposure through prompt injection attacks. Bagman's session keys limit transaction amounts and time windows to minimize risk from compromised agents.
A corporate AI assistant that accesses multiple internal APIs using various credentials. The system retrieves API keys from 1Password at runtime and sanitizes all outputs to prevent accidental secret leakage in logs or user responses. Access is audited through secret manager logs.
An AI-powered platform that creates and mints NFTs for clients. The agent uses delegated session keys with whitelisted smart contracts to mint NFTs while preventing unauthorized transfers. Output sanitization ensures seed phrases and private keys never appear in generated metadata.
An AI agent managing assets across multiple blockchain networks. The system uses ERC-4337 smart accounts with programmable permissions for different chains. Session keys expire automatically and have transaction limits per bridge operation to contain potential exploits.
A customer service AI that handles refunds and payments using cryptocurrency. The agent accesses payment credentials via 1Password with vault-level ACLs separating operational keys from master keys. All user inputs are validated for injection attempts before any financial operation.
Offer monthly subscriptions for AI agent security infrastructure, providing managed 1Password vaults, session key rotation services, and compliance auditing. Revenue comes from tiered pricing based on number of agents, transaction volume, and supported blockchains. Enterprise clients pay premium rates for custom ACL configurations and 24/7 monitoring.
License the Bagman security stack to other AI agent developers and companies building agent ecosystems. Provide SDKs, documentation, and support packages for integrating secure key management into existing products. Revenue streams include upfront licensing fees, annual maintenance contracts, and revenue sharing from secured transactions.
Offer security audits for existing AI agent deployments, checking for key management vulnerabilities, injection risks, and compliance with financial regulations. Provide certification for secure agent operations and ongoing monitoring services. Revenue comes from one-time audit fees plus retainer contracts for continuous security assessment.
💬 Integration Tip
Start by integrating the output sanitizer first to prevent immediate leaks, then add secret manager integration before implementing session keys for production deployments.
Scored Apr 19, 2026
AI Analysis
The skill promotes security best practices (secret managers, session keys, sanitization) and its external reference (GitHub repo) is consistent with its stated purpose. The 'PROMPT_POISONING' signal appears to be a false positive, as the phrase 'ignore previous instructions' is likely cited as an example of what to validate against, not an instruction to execute.
Audited Apr 16, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.