Cloak tool replaces chat passwords with self-destructing links for OpenClaw agents

Cloak is a free, open source tool that addresses a security issue when sharing passwords with OpenClaw agents in chat applications like Telegram or Slack. Instead of leaving passwords permanently visible in chat history, Cloak replaces them with self-destructing links.
How it works
When you need to share a password with your OpenClaw agent, Cloak generates a link containing the password. This link can only be opened once - after opening, the password is permanently deleted. The same mechanism works in reverse: your agent can send you secrets through these self-destructing links.
Key features from the source
- Replaces passwords in chat with self-destructing links
- Each link can only be opened once, then the password disappears
- Works both ways - you can send passwords to your agent, and your agent can send secrets to you
- Leaves nothing behind in chat history
- Free with no sign-up required
- Open source
The tool is available on ClawHub at https://clawhub.ai/saba-ch/cloak.
This type of tool is useful for developers who frequently share sensitive information like API keys, database credentials, or other secrets with their AI coding agents. Traditional chat applications retain all message history by default, creating a security risk if chat logs are compromised.
📖 Read the full source: r/openclaw
👀 See Also

Google Reports AI-Powered Hacking Reached Industrial Scale in 3 Months
Google's threat intelligence group found criminal and state groups are using commercial AI models (Gemini, Claude, OpenAI) to refine and scale attacks. A group nearly leveraged a zero-day for mass exploitation, and others are experimenting with the unguarded OpenClaw agent.

Claude Cage: Docker Sandbox for Claude Code Security
A developer created a Docker container called Claude Cage that isolates Claude Code to a single workspace folder, preventing access to SSH keys, AWS credentials, and personal files. The setup includes security rules and takes about 2 minutes with Docker installed.

Agent-Drift Security Tool v0.1.2 Released: A Leap Forward in AI Security
The Agent-Drift Security Tool v0.1.2 is now available, offering enhanced safety features for AI coding agents. This update addresses key security challenges in automation.

OpenClaw's External Content Wrapper for Prompt Injection Defense
OpenClaw uses an external content wrapper that automatically tags web search results, API responses, and similar content with warnings that it's untrusted, priming the LLM to be skeptical and more likely to refuse malicious instructions.