secure-api-callsCall any API without leaking credentials. Keychains proxies requests and injects real tokens server-side — your agent never sees them.
Install via ClawdBot CLI:
clawdbot install smarcombes/secure-api-callsGrade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Contains telemetry, tracking, or analytics calls not mentioned in documentation
PIXEL (Potentially destructive shell commands in tool definitions
eval (Calls external URL not in known-safe list
https://keychains.devUses known external API (expected, informational)
api.github.comGenerated Mar 14, 2026
DevOps teams can automate repository management and CI/CD workflows using GitHub API calls without exposing OAuth tokens. Keychains proxies requests to list repos, create webhooks, or trigger actions, ensuring credentials remain isolated from automation scripts. This supports zero-trust security models in enterprise environments.
Customer support teams deploy AI-powered Slack bots to send notifications or manage channels securely. Keychains handles OAuth tokens for Slack API calls, allowing bots to post messages or fetch data without storing credentials locally. This reduces risk in shared or cloud-hosted environments.
E-commerce platforms integrate Stripe for payment processing without embedding secret keys in code. Keychains proxies API requests to list customers, process refunds, or generate invoices, keeping financial credentials secure server-side. This complies with PCI DSS requirements and minimizes data breach risks.
Sales teams automate email campaigns or lead tracking using Gmail API without exposing OAuth tokens. Keychains proxies requests to read messages or send emails, ensuring credentials are never visible to AI agents. This enables scalable outreach while maintaining user privacy and security.
AI developers integrate OpenAI APIs for language models without hardcoding API keys. Keychains proxies requests for completions or embeddings, injecting credentials server-side to prevent leaks in code repositories. This supports secure development in collaborative or public projects.
Keychains offers tiered subscription plans based on usage volume, such as requests per month or number of connected providers. Revenue comes from monthly or annual fees, with enterprise tiers including advanced audit logs and longer retention periods. This model targets businesses needing scalable, secure API integrations.
A free tier provides basic proxying for individual developers or small projects, while premium features like extended audit retention, priority support, and custom integrations drive upgrades. Revenue is generated from upsells to paid plans, encouraging adoption and monetizing advanced security needs.
Keychains sells enterprise licenses with custom SLAs, on-premise deployment options, and dedicated infrastructure. Revenue comes from one-time setup fees and annual licensing, targeting large organizations with strict compliance requirements. This model includes white-glove support and integration assistance.
💬 Integration Tip
Start by installing the Keychains CLI globally with npm, then use keychains curl with placeholder variables for credentials; always handle approval links by polling with keychains wait to ensure seamless user authentication.
Scored Apr 19, 2026
AI Analysis
The skill's stated purpose is credential security via a proxy service (keychains.dev), which is consistent with its external API usage. While it introduces a new third-party dependency for handling all API credentials, the design appears to prevent credential exposure to the AI agent itself. No hidden instructions, credential harvesting patterns, or obfuscation were found in the provided definition.
Audited Apr 16, 2026 · audit v1.0
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.
Efficient, secure agent-to-agent communication protocol. 40-60% token reduction, built-in privacy, Ed25519 signatures.
Scan websites and content to identify SEO gaps, analyze meta tags, technical factors, keyword use, and provide competitor comparison insights.
Provides a comprehensive testing methodology for AI software, covering strategy design, unit, integration, and end-to-end tests with coverage and reporting g...