Витебск?

[NeutronDisk]

visten

[darfaz]

This is a great idea and the timing is critical. Hudson Rock just documented the first case of an infostealer grabbing a complete OpenClaw identity — plaintext credentials, API keys, the entire agent persona.

The current state is scary:

• OpenClaw stores credentials in ~/.openclaw/credentials/ as plaintext
• Any skill or process with file system access can read them
• Infostealers specifically target these paths now

Vaultwarden/Bitwarden integration would help, but there are layers to this:

1. Credential storage (what you are proposing)

• Move secrets to a proper vault with encryption at rest
• Single revocation path if agent is compromised
• Audit log of credential access

2. Runtime credential monitoring (complementary)

• Even with vault storage, the agent needs to use credentials at runtime
• Monitor which processes/skills access which credentials
• Alert on unusual access patterns (new skill reading API keys, access at odd hours)

3. Forbidden zone enforcement

• Block agent from reading paths like ~/.ssh/, ~/.aws/, browser credential stores
• Even if a malicious skill tries to read them, the access is denied and logged

We have built layers 2-3 in ClawMoat — credential file monitoring, forbidden zone enforcement, and audit trails. It does not replace a proper vault (which should absolutely be the default), but it catches the runtime access patterns that a vault alone would miss.

The combination of vault + runtime monitoring + forbidden zones would be a major security improvement.