SS
autoworks-ai / secret-safe-setup
Hosted SKILL.mdFirst-party secret-safe example
public/skills/secret-safe-setup/SKILL.md
Guide a user through secret-safe setup where credentials stay in host secret stores, not in SKILL.md.
InstallCLI + MCP
$autovault add autoworks-ai/autovault-website@457f238d0fd49425ac01ad7dad58c726624f1eaa:public/skills/secret-safe-setup/SKILL.md --sync-profiles
>add_skill({ source: "github", identifier: "autoworks-ai/autovault-website@457f238d0fd49425ac01ad7dad58c726624f1eaa:public/skills/secret-safe-setup/SKILL.md" })
Choose CLI for a shell install or MCP for an agent tool call.
Example type
skill
hosted SKILL.md
Declared agents
2
from frontmatter
Gate stages
5
covered by tests
Permission rows
3
declared metadata
Source
autoworks-ai
First-party secret-safe example
---
name: secret-safe-setup
version: 0.1.0
description: Guide a user through secret-safe setup where credentials stay in host secret stores, not in SKILL.md.
requires-secrets: PROVIDER_PROFILE
bin: setup, verify
capabilities.filesystem: readonly
---
secret-safe-setup
Documents how skills should refer to credentials by name without storing secret values.
Demonstrates signed user-run setup and verify actions for out-of-band configuration.
When to use this skill
- A workflow needs a provider token, SSH key, or CLI profile.
- The user wants setup guidance without exposing credentials to the agent transcript.
- A reviewer wants to see `requires-secrets` and `bin` metadata in context.
Install
CLI: autovault add autoworks-ai/autovault-website@457f238d0fd49425ac01ad7dad58c726624f1eaa:public/skills/secret-safe-setup/SKILL.md --sync-profiles
MCP: add_skill({ source: "github", identifier: "autoworks-ai/autovault-website@457f238d0fd49425ac01ad7dad58c726624f1eaa:public/skills/secret-safe-setup/SKILL.md" })
Provenance
Shows `requires-secrets` and signed setup actions while keeping secret values outside the skill and vault.