Skill Set Security
How secrets, credentials, and data are handled when installing third-party skill sets.
Read this before installing public or third-party skill sets, especially ones that require secrets or API keys.
How skills run
Each skill in a skill set runs custom code in an isolated sandbox with strict CPU and memory limits. When a skill executes, it receives:
- Configuration values you entered during setup
- Secret values (API keys, tokens) you provided
- Conversation context such as contact name, email, and phone number
The skill code uses these values to call external APIs and return results to your AI agent.
Secrets and credentials
What happens to your secrets
When you configure a skill set with secret fields (API keys, tokens, passwords):
- Stored on Cloodot servers — Values are saved to your installation's configuration.
- Passed to skill code at runtime — Every time the skill executes, your secrets are available to the code.
- Accessible to the developer's code — The skill set author's code can read and use these values.
What this means for you
If you install a public skill set built by another organization and provide secret values:
- The skill set code can read your secrets during execution
- The code can make network requests to external servers
- A malicious skill set could potentially send your credentials to a third party
It's similar to installing a third-party app or browser extension that requires API access.
Best practices
Before installing
- Review the developer — Check who created the skill set and whether they're verified
- Check the description — Understand what the skill set does and why it needs credentials
- Use scoped credentials — Provide API keys with the minimum permissions needed
- Prefer verified skill sets — Look for the verified badge on public skill sets
Managing credentials
- Use dedicated API keys — Create separate keys for skill sets instead of reusing admin keys
- Rotate regularly — Change credentials periodically, especially after uninstalling a skill set
- Revoke on uninstall — When you remove a skill set, revoke any API keys you provided to it
Skill sets you build yourself
- Private by default — Skill sets you create are private to your organization
- Test before publishing — Thoroughly test before making a skill set public
- Document requirements — Clearly explain why your skill set needs each configuration field
How required fields are enforced
When you install a skill set, Cloodot checks that every required configuration field has a value before the skill set can be used. Field types (number, select, secret, and so on) shape the inputs you see, but the skill set's own code is responsible for interpreting the values it receives.
These checks do not protect secrets from being read by skill set code — see the warnings above.
Data shared with skills
When a skill executes during a conversation, it may receive contextual information, including:
| Data | Description |
|---|---|
| Configuration values | Non-sensitive settings you entered during setup |
| Secret values | API keys, tokens, passwords (delivered separately to the code) |
| Contact name, email, phone | The customer's details, when available |
| Last message | The text of the customer's most recent message |
| Channel | The channel type and name (e.g. WhatsApp) |
| Organization name & timezone | Your organization's name and timezone |
| Conversation & contact IDs | Identifiers for the current conversation and contact |
All of this data is accessible to the skill set code at runtime.
Related
- Skill Sets — Overview of skill sets and how to use them
- Creating Skills — Build your own secure skill sets
- Security Settings — General account security settings