All skills

secrets

For developersCode & quality

API keys & tokens managed through 1Password — leak-safe.

Open source — soon

Uses

APIs to connect

This skill needs keys for these services. The link takes you where to get each one:

What it does

A single protocol for any credential: keys live only in a 1Password vault, are injected into the process via `op run`, and are never written to .env / configs / chat. It looks up the key, creates it with a full metadata schema, self-tests it, and handles rotation on leak.

How to use

  1. 1Any request that needs a key activates the skill automatically.
  2. 2If the key is missing — it guides creation, then stores it in 1Password.
  3. 3API calls are wrapped via op run --env-file=… — the secret stays in the child process only.
  4. 4Commands: /token-find, /token-add, /token-import.

When it triggers

“we need a key for X”“let's connect X”a key pasted into chat/token-add

Example

/token-add Stitch — creates an item in the AI-Tokens vault with metadata and self-tests the key.

Updates

  • Added the Google Stitch MCP token to the protocol.

  • Added to the RedSkills catalog.

Liked this skill? New breakdowns and updates land in the channel.