athal7/secrets
skills/secrets/SKILL.md
Fetch credentials and API keys. Use when a skill needs an API token, password, or other secret.
$ install --global
skillsauthnpx skillsauth add athal7/dotfiles secretsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 22, 2026, 2:06 AM107.3s1 file scanned
SKILL.md
- name:
- secrets
- description:
- Fetch credentials and API keys. Use when a skill needs an API token, password, or other secret.
- license:
- MIT
Secrets declared in local.yaml under the secrets key are exported as uppercase environment variables via ~/.envrc. Direnv caches the keychain lookups and the opencode direnv plugin injects them into every bash call automatically.
Use a secret
Read the uppercase env var directly. No setup, no fetch step.
# Examples
curl -H "Authorization: $LINEAR_API_KEY" ...
curl -H "X-Slack-Token: $SLACK_TOKEN" ...
The env var name is the secret name uppercased (e.g. linear_api_key → LINEAR_API_KEY). The full list of secret names lives in $(chezmoi source-path)/.chezmoidata/local.yaml under secrets.
Fallback — direct keychain lookup
If the env var is empty (e.g. outside direnv context, or a secret just added to Keychain but not yet reloaded):
MY_TOKEN=$(security find-generic-password -s "chezmoi" -a "<secret-name>" -w)
Adding a new secret
- Add an entry to
$(chezmoi source-path)/.chezmoidata/local.yamlundersecrets(can be empty:my_secret: {}). - Run
chezmoi apply— this regenerates~/.envrcwith the new secret. - Add the value to Keychain:
security add-generic-password -U -s "chezmoi" -a "<name>" -w "<value>" - Run
direnv reloadto pick up the new value immediately.
Troubleshooting
- Env var is empty — run
direnv reloador check that the Keychain entry exists:security find-generic-password -s "chezmoi" -a "<name>" -w The specified item could not be found in the keychain— the secret hasn't been added yet. Tell the user to runsecurity add-generic-password -U -s chezmoi -a <name> -w <value>.
Related Skills
athal7/zoom
development
VerifiedTrustedCommunity
Zoom meeting captions — file locations and format
6SKILL.mdUpdated May 24, 2026
athal7/dictation
tools
VerifiedTrustedCommunity
macOS dictation custom vocabulary — sync knowledge base names and terms to the system spelling dictionary
6SKILL.mdUpdated May 24, 2026
athal7/knowledge-base
testing
VerifiedTrustedCommunity
Look up people, projects, products, and decisions locally first: contact info (email, Slack ID, GitHub handle), titles and teams, project/product status, who works on what, and past decisions. Check before searching Slack, email, calendar, or GitHub — this is the first stop for any contact detail, project context, or decision-history question.
6SKILL.mdUpdated May 21, 2026
athal7/communication
testing
VerifiedTrustedCommunity
Communication style, audience awareness, and AI-authorship markers for human-facing prose — load when composing chat messages, review comments, merge request descriptions, emails, doc bodies, or ticket descriptions
6SKILL.mdUpdated May 21, 2026