Call any API without leaking credentials. Keychains proxies requests and injects real tokens server-side — your agent never sees them.
Security Analysis
medium confidenceThe skill's declared purpose (proxying credentials through Keychains) matches the install and runtime instructions, but it requires trusting an external service and an npm package you should verify before use.
Name/description, required binary ('keychains'), and the npm install step all align: the skill is a wrapper around the Keychains CLI/SDK to proxy credentials server-side. There are no unrelated binaries or environment variables requested.
SKILL.md confines actions to installing/using the keychains CLI/SDK and instructs the agent to send requests through keychains.dev (using placeholders like {{OAUTH2_ACCESS_TOKEN}}). This is consistent with the stated purpose. It does, however, direct the tool to create local machine keys (~/.keychains/) and route full request metadata (URL, headers, body) via keychains.dev — meaning request payloads are sent to a third-party proxy. This is expected for the service but worth explicit user trust consideration.
Install uses npm ([email protected]) to create a 'keychains' binary. npm is an expected distribution mechanism for a CLI/SDK; no arbitrary download URLs or extract steps are used. Installing globally requires write permissions and will add a binary to the system PATH.
The skill declares no required environment variables or external credentials, which is coherent because Keychains uses placeholders and a remote vault. The skill will generate local keys (~/.keychains) for machine auth; that is proportionate to the stated SSH challenge-response authentication mechanism.
The skill does not request always:true and does not ask for extra system privileges, but it will create persistent local state (~/.keychains/) and communicates with an external proxy service. Autonomous model invocation remains enabled (default), so an agent could call this skill to proxy requests; consider the privacy/trust implications of allowing autonomous calls that send request bodies to keychains.dev.
Guidance
This skill appears internally consistent: it installs the Keychains CLI via npm and instructs the agent to route API calls through keychains.dev using placeholder tokens. Before installing, verify you trust the Keychains service and the npm package maintainer (review the package source, maintainers, and recent versions). Understand that the CLI will create a local keypair (~/.keychains/) and that full request metadata (URL, headers, body) will be proxied to keychains.dev — only placeholders are meant to contain secrets, but accidental inclusion of real secrets in other parts of a request would expose them to the proxy. If you require higher assurance, review the keychains npm package code, audit network traffic during a test run, pin the package version, and confirm the Keychains privacy/security documentation and ownership. Also note user-invocable:false and that autonomous model invocation is allowed by default — if you do not want an agent to call this skill without explicit user action, disable model invocation or avoid installing the skill.
Latest Release
v1.0.3
- SKILL.md significantly updated for clarity, conciseness, and easier onboarding. - Audience refocus: emphasizes agent and end-user security, user control, and setup simplicity. - Adds quick start, usage, troubleshooting, and explicit security sections. - Highlights install command, service requirements, and provider compatibility. - Updates metadata for improved integration and discoverability. - Removes older SKILL.md sections now superseded by new structured documentation.
Popular Skills
Published by @smarcombes on ClawHub
