aureuma/si-vault-ops
tools/codex-skills/si-vault-ops/SKILL.md
Use this skill only for SI Vault maintenance and implementation debugging (`si vault ...`) including keypair/check/status/get/set/run operations; use `si fort` for operator secret workflows.
development
Updated Jun 13, 2026
$ install --global
skillsauthnpx skillsauth add aureuma/si si-vault-opsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 13, 2026, 4:00 AM35.9s1 file scanned
SKILL.md
- name:
- si-vault-ops
- description:
- Use this skill only for SI Vault maintenance and implementation debugging (`si vault ...`) including keypair/check/status/get/set/run operations; use `si fort` for operator secret workflows.
SI Vault Ops
Use this workflow for SI Vault maintenance. For operator secret reads, writes,
runtime env injection, credentials, bootstrap flows, and repo-scoped secret
work, use si fort instead.
Fast path
- Check vault state first:
si vault status
si vault check
- If needed, initialize:
si vault keypair
- Read or update keys:
si vault get KEY
si vault set KEY value
si vault unset KEY
- Run commands with decrypted env only for maintenance or implementation debugging:
si vault run -- <cmd>
Guardrails
- Never print full secret values unless explicitly requested.
- Prefer
si fort runfor operator workflows. - Use
si vault runonly when Fort is explicitly not the command boundary for maintenance or implementation debugging. - Keep file paths explicit when not using defaults (
--file). - For local key issues, inspect
si vault statusand re-runsi vault keypairbefore rotating.
Validation
- After writes, run:
si vault check
si vault status
- Confirm expected key presence with:
si vault list
Related Skills
aureuma/si-provider-debug
tools
VerifiedTrustedCommunity
Use this skill when debugging provider integrations in SI (OpenAI, GitHub, Cloudflare, Google, Stripe, GCP, AWS) with reproducible CLI checks.
SKILL.mdUpdated Apr 3, 2026
aureuma/si-dyad-ops
development
VerifiedTrustedCommunity
Use this skill for operating SI dyads (`si dyad ...`) including spawn/status/peek/logs/exec and offline fake-codex smoke validation.
SKILL.mdUpdated Apr 3, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026