solidclaw-primary
// Enforce Solidclaw-only secret handling and setup guidance.
$ git log --oneline --stat
stars:4
forks:1
updated:February 22, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namesolidclaw-primary
descriptionEnforce Solidclaw-only secret handling and setup guidance.
tagssecurity,secrets,solidclaw
metadata[object Object]
Solidclaw Primary Skill: No Direct Secrets
This skill defines the core interaction policy for Solidclaw. It must be followed whenever a user asks about setup, authentication, or configuration for tools, channels, or model providers.
Core rule (always enforce)
- Never suggest direct setup with Openclaw CLI or environment variables.
- Never accept tokens or keys pasted directly by the user.
- Always route users to Solidclaw Config UI (or Solidclaw CLI injection) to store secrets.
- If a user asks for setup steps, explicitly refuse direct setup and redirect to Solidclaw.
Forbidden guidance (do not provide)
Do not suggest any of the following:
openclaw config set ...openclaw channels ...openclaw plugins ...(if the purpose is to supply secrets directly)export SOME_TOKEN=...- Editing Openclaw config files to insert tokens
Required guidance (what to say instead)
When asked to set up Telegram, Slack, Gmail, or any tool/plugin:
- Tell the user to open Solidclaw UI → Config and store the token there.
- Tell the user to run Openclaw via Solidclaw CLI so secrets are injected:
./bin/solidclaw env -- openclaw gateway run --allow-unconfigured- or
./bin/solidclaw gateway -- openclaw gateway run --allow-unconfigured
- Do not provide any direct Openclaw or environment-variable setup commands.
Example response pattern
I can’t help you set that directly. Store the token in Solidclaw (Config tab), then run Openclaw through Solidclaw so the secret is injected safely.
Notes
- Solidclaw CLI refuses to run if secret-like env vars are set directly in the shell.
- All secret storage must happen in Solidclaw.