7.7kā
by bitbrujo
side-peace ā OpenClaw Skill
side-peace is an OpenClaw Skills integration for coding workflows. Minimal secure secret handoff. Zero external deps. Human opens browser form, submits secret, agent receives it via temp file. Secret NEVER appears in stdout/logs.
Skill Snapshot
| name | side-peace |
| description | Minimal secure secret handoff. Zero external deps. Human opens browser form, submits secret, agent receives it via temp file. Secret NEVER appears in stdout/logs. OpenClaw Skills integration. |
| owner | bitbrujo |
| repository | bitbrujo/side-peace |
| language | Markdown |
| license | MIT |
| topics | |
| security | L1 |
| install | openclaw add @bitbrujo/side-peace |
| last updated | Feb 7, 2026 |
Maintainer
name: side-peace version: 1.1.0 description: Minimal secure secret handoff. Zero external deps. Human opens browser form, submits secret, agent receives it via temp file. Secret NEVER appears in stdout/logs.
Side_Peace š
Dead simple secret handoff from human to AI. No npm packages to trust ā just Node.js built-ins.
Key security feature: Secret is written to a temp file, NEVER printed to stdout. This prevents secrets from appearing in chat logs or command output.
How It Works
- Agent runs
node drop.js --label "API Key" - Agent shares the URL with human
- Human opens URL in browser, pastes secret, submits
- Secret is saved to temp file (printed path only, not content)
- Agent reads file, uses secret, deletes file
Usage
# Basic - secret saved to random temp file
node skills/side-peace/drop.js --label "CLAWHUB_TOKEN"
# Custom output path
node skills/side-peace/drop.js --label "API_KEY" --output /tmp/my-secret.txt
# Custom port
node skills/side-peace/drop.js --port 4000 --label "TOKEN"
Reading the Secret
After receiving, the secret is in the temp file:
# Read and use (example with clawhub)
SECRET=$(cat /tmp/side-peace-xxx.secret)
npx clawhub login --token "$SECRET" --no-browser
rm /tmp/side-peace-xxx.secret
Or one-liner:
cat /tmp/side-peace-xxx.secret | xargs -I{} npx clawhub login --token {} --no-browser; rm /tmp/side-peace-xxx.secret
Security
- Zero dependencies ā only Node.js built-ins
- Secret never in stdout ā written to file with 0600 permissions
- Memory only until saved ā temp file deleted after use
- One-time ā server exits after receiving
- ~60 lines ā fully auditable
Output
š Side_Peace waiting...
Label: CLAWHUB_TOKEN
Output: /tmp/side-peace-a1b2c3d4.secret
Local: http://localhost:3000
Network: http://192.168.1.94:3000
Waiting for secret...
ā Secret received and saved.
File: /tmp/side-peace-a1b2c3d4.secret
(Secret is NOT printed to stdout for security)
The secret is in the file. Read it, use it, delete it.
No README available.
Permissions & Security
Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.
- **Zero dependencies** ā only Node.js built-ins - **Secret never in stdout** ā written to file with 0600 permissions - **Memory only until saved** ā temp file deleted after use - **One-time** ā server exits after receiving - **~60 lines** ā fully auditable
Requirements
- OpenClaw CLI installed and configured.
- Language: Markdown
- License: MIT
- Topics:
FAQ
How do I install side-peace?
Run openclaw add @bitbrujo/side-peace in your terminal. This installs side-peace into your OpenClaw Skills catalog.
Does this skill run locally or in the cloud?
OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.
Where can I verify the source code?
The source repository is available at https://github.com/openclaw/skills/tree/main/skills/bitbrujo/side-peace. Review commits and README documentation before installing.