env-secrets-managerEnv & Secrets Manager
Install via ClawdBot CLI:
clawdbot install alirezarezvani/env-secrets-managerGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
${DATABASE_URLSends data to undocumented external endpoint (potential exfiltration)
Webhook → https://hooks\.slack\.com/services/[A-Z0-9]{9Calls external URL not in known-safe list
https://vault.internal.company.comAI Analysis
This skill appears to be a legitimate DevOps/security utility for managing environment variables and secrets. While it references credential access and external integrations (Vault, Slack webhooks), these are consistent with its stated purpose of secrets management and incident response workflows. No evidence of hidden malicious behavior, credential harvesting, or unauthorized data exfiltration was found in the provided definition.
Generated Mar 20, 2026
A startup is launching a web application and needs to establish secure environment variable management from day one. They use this skill to generate .env.example, set up validation scripts, and configure .gitignore patterns to prevent accidental secret commits. This ensures developers have a clear template and security is baked into the development workflow.
A fintech company discovers a leaked API key in their public Git repository. They use the secret leak detection feature to scan git history, identify all exposed credentials, and then follow the rotation workflow to scope, rotate, and redeploy new secrets. This minimizes downtime and prevents further unauthorized access.
An e-commerce platform manages separate development, staging, and production environments. They use this skill to sync .env files across environments, validate required variables before deployment, and integrate with AWS SSM to securely fetch production secrets at runtime, ensuring consistency and reducing configuration drift.
A SaaS company hires new developers who need to set up their local environments quickly. The skill's .env.example auto-generation provides a complete list of required variables without exposing sensitive data, while validation scripts fail-fast if any are missing, speeding up onboarding and reducing support tickets.
A healthcare organization must demonstrate secure handling of sensitive data for HIPAA compliance. They use this skill to enforce secret leak detection in git commits, maintain audit trails via secret manager integrations like HashiCorp Vault, and ensure all environment configurations are validated and rotated regularly.
Offer this skill as part of a DevOps platform with tiered pricing based on features like advanced leak detection or multi-secret manager support. Revenue comes from monthly subscriptions, with upsells for enterprise integrations and priority support, targeting teams needing scalable security tools.
Provide professional services to help companies integrate this skill into their existing workflows, including custom scripts for specific secret managers or compliance frameworks. Revenue is generated through project-based fees and ongoing maintenance contracts, ideal for organizations with complex infrastructure.
Release the core skill as open source to build community adoption, then monetize through premium add-ons like automated rotation playbooks, advanced analytics, or dedicated support. Revenue streams include one-time purchases for premium features and enterprise licensing for large deployments.
💬 Integration Tip
Start by integrating with one secret manager like AWS SSM for simplicity, then expand to others as needed; use the validation script in CI/CD pipelines to catch missing variables early.
Scored Apr 19, 2026
Audited Apr 16, 2026 · audit v1.0
Sync and query CalDAV calendars (iCloud, Google, Fastmail, Nextcloud, etc.) using vdirsyncer + khal. Works on Linux.
Manage tasks and projects in Todoist. Use when user asks about tasks, to-dos, reminders, or productivity.
ClickUp API integration with managed OAuth. Access tasks, lists, folders, spaces, workspaces, users, and manage webhooks. Use this skill when users want to manage work items, track projects, or integrate with ClickUp workflows. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Zoho Calendar API integration with managed OAuth. Manage calendars and events with full scheduling capabilities. Use this skill when users want to read, create, update, or delete calendar events, manage calendars, or schedule meetings. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway). Requires network access and valid Maton API key.
Create, list, and manage macOS Calendar events via AppleScript. Use when the user asks to add a reminder, schedule an event, create a calendar entry, set a d...
Todoist API integration with managed OAuth. Manage tasks, projects, sections, labels, and comments. Use this skill when users want to create, update, complet...