SEKSBot is a fork of OpenClaw where agents have zero access to API keys, tokens, or credentials — ever.
The core insight is borrowed from SQL prepared statements: separate the instructions from the sensitive data. Agents write requests using named secret references. A broker intercepts and injects the real credentials at execution time. The agent never sees them.
How it works:
seksh (our nushell fork) has secure built-in commands (seksh-http, seksh-git) that route through the broker. Agents can make authenticated API calls and git operations without the keys ever entering shell memory.
seks-broker stores secrets and acts as a proxy. It can inject bearer tokens, API keys, and even handle asymmetric key signing — all without exposing anything to the agent process.
Three layers of defense: (1) Agents never have secrets in env vars or memory. (2) The broker validates and scopes every request. (3) Skills use sandboxing on top of broker-mediated access.
The problem we kept seeing: every AI agent framework puts API keys in environment variables. One prompt injection, one malicious webpage, one bad skill — and your keys are exfiltrated. We decided the only real fix is making it physically impossible for the agent to access them.