devtools-secrets
Knowledge and guardrails for the mise + fnox + infisical secrets toolchain. Use when the user asks to "configure secrets", "set up fnox", "infisical", "mise env", "secrets management", "environment variables for secrets", or mentions secret injection, secret providers, or env var hygiene.
Best use case
devtools-secrets is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Knowledge and guardrails for the mise + fnox + infisical secrets toolchain. Use when the user asks to "configure secrets", "set up fnox", "infisical", "mise env", "secrets management", "environment variables for secrets", or mentions secret injection, secret providers, or env var hygiene.
Teams using devtools-secrets should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/devtools-secrets/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How devtools-secrets Compares
| Feature / Agent | devtools-secrets | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Knowledge and guardrails for the mise + fnox + infisical secrets toolchain. Use when the user asks to "configure secrets", "set up fnox", "infisical", "mise env", "secrets management", "environment variables for secrets", or mentions secret injection, secret providers, or env var hygiene.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
SKILL.md Source
# DevTools Secrets Knowledge and guardrails for the **mise + fnox + infisical** secrets toolchain. ## Toolchain Validation **IMPORTANT: Check tool availability before proceeding with any guidance.** - mise: !`command -v mise >/dev/null 2>&1 && echo "INSTALLED ($(mise --version 2>/dev/null | head -1))" || echo "MISSING — install with: curl https://mise.run | sh"` - fnox: !`command -v fnox >/dev/null 2>&1 && echo "INSTALLED ($(fnox --version 2>/dev/null | head -1))" || echo "MISSING — install with: mise use -g fnox"` - infisical: !`command -v infisical >/dev/null 2>&1 && echo "INSTALLED ($(infisical --version 2>/dev/null | head -1))" || echo "MISSING — install with: mise use -g infisical"` If any tool above shows **MISSING**, stop and help the user install it before proceeding. Do not provide configuration guidance for tools that aren't installed. ## Project Config State - fnox.toml: !`test -f fnox.toml && echo "YES" || echo "NO (run: fnox init)"` - .infisical.json: !`test -f .infisical.json && cat .infisical.json || echo "NO (run: infisical init)"` - mise.toml env section: !`grep -A5 '^\[env\]' mise.toml 2>/dev/null || echo "No env section"` ## System/Global Config - mise global config: !`test -f ~/.config/mise/config.toml && head -10 ~/.config/mise/config.toml || echo "No global mise config"` - fnox global config: !`test -f ~/.config/fnox/config.toml && head -10 ~/.config/fnox/config.toml || echo "No global fnox config"` - infisical logged in: !`infisical user get 2>/dev/null | head -3 || echo "Not logged in or not installed"` ## Tool Roles | Tool | Role | |------|------| | **mise** | Task runner + env manager. Orchestrates dev tooling, runs tasks, manages env vars through plugins. | | **fnox** | Unified secret interface. Abstracts over multiple secret backends (infisical, age, env files) with a single CLI. | | **infisical** | Remote secrets backend. Stores, syncs, and injects secrets from a central server. | These tools complement each other: infisical stores secrets remotely, fnox provides a unified local interface to them, and mise orchestrates tasks that consume secrets via fnox. ## Integration Chain The typical flow: 1. **fnox.toml** defines infisical as a provider with project/environment config 2. **`fnox exec --`** resolves secrets from the provider and injects them as env vars 3. **mise tasks** can wrap `fnox exec` to run commands with secrets injected 4. Alternatively, **mise env plugins** can call fnox directly for auto-injection on `cd` ## Secrets Enforcement This project enforces secrets hygiene via **always-on hooks** in `.claude/settings.json` (not scoped to this skill): - **`block-hardcoded-secrets.py`** — Blocks Edit/Write operations containing hardcoded API keys, tokens, passwords, or known secret prefixes (sk-, ghp_, AKIA, xox[bpras]-) - **`block-bare-secret-exports.py`** — Blocks Bash commands that `export` secret-like env vars without wrapping in `fnox exec` or `infisical run` These hooks are always active regardless of whether this skill is loaded. ## Configuration Patterns Detailed configuration for each tool is in the reference files: - @references/mise-integration.md — mise env plugins, tasks, fnox integration - @references/fnox-configuration.md — fnox.toml structure, providers, profiles - @references/infisical-patterns.md — infisical CLI, scanning, CI/CD ## Gotchas - **Order matters**: fnox.toml must exist before `fnox exec` works. Run `fnox init` if missing. - **Profile mismatches**: fnox profiles (dev/staging/prod) must match infisical environment slugs. A mismatch silently returns empty secrets. - **`.infisical.json` is safe to commit** — it contains project IDs and workspace config, not secrets. - **`fnox.toml` may contain sensitive paths** — review before committing if using age-encrypted file provider. - **mise env plugins run on `cd`** — if a plugin calls fnox and fnox is misconfigured, you get errors on every directory change. - **infisical auth expires** — `infisical login` tokens have a TTL. CI/CD should use `INFISICAL_TOKEN` (service token) instead. - **Token path scope is explicit** — a service token scoped to `/` cannot access secrets in child paths like `/git_actions`. Each path requires its own token or use `--recursive` with the CLI directly.
Related Skills
secrets-scan
Detect hardcoded secrets (API keys, tokens, passwords) in text or code
Private Secrets Skill
用于安全存储和管理你的私密信息(如 API Key、密码、令牌等)。
aws-secrets-scanner
Detect hardcoded secrets, exposed API keys, and credential misconfigurations in IaC and config files
chrome-devtools-mcp-manager
Manage chrome-devtools-mcp service and OpenClaw's built-in Chrome browser for MCP-based browser automation. Use when user needs to use chrome-devtools-mcp functionality, ensure the browser is ready for MCP operations, or manage the browser/MCP lifecycle.
env-secrets-manager
Env & Secrets Manager
chrome-devtools-mcp
Chrome DevTools MCP — Google's official browser automation and testing server. Control Chrome via Puppeteer through MCP protocol: click, fill forms, navigate, screenshot, performance traces, network inspection, console debugging. Use for browser testing, web automation, performance analysis, UI testing, form filling, and visual regression.
doro-git-secrets-scanner
Git 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)
---
name: article-factory-wechat
humanizer
Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.
find-skills
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
tavily-search
Use Tavily API for real-time web search and content extraction. Use when: user needs real-time web search results, research, or current information from the web. Requires Tavily API key.
baidu-search
Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.