Cloodot
Intelligence

Skill Set Security

How secrets, credentials, and data are handled when installing third-party skill sets.

Read this before installing public or third-party skill sets, especially ones that require secrets or API keys.

How skills run

Each skill in a skill set runs custom code in an isolated sandbox with strict CPU and memory limits. When a skill executes, it receives:

  • Configuration values you entered during setup
  • Secret values (API keys, tokens) you provided
  • Conversation context such as contact name, email, and phone number

The skill code uses these values to call external APIs and return results to your AI agent.

Secrets and credentials

What happens to your secrets

When you configure a skill set with secret fields (API keys, tokens, passwords):

  1. Stored on Cloodot servers — Values are saved to your installation's configuration.
  2. Passed to skill code at runtime — Every time the skill executes, your secrets are available to the code.
  3. Accessible to the developer's code — The skill set author's code can read and use these values.

What this means for you

If you install a public skill set built by another organization and provide secret values:

  • The skill set code can read your secrets during execution
  • The code can make network requests to external servers
  • A malicious skill set could potentially send your credentials to a third party

It's similar to installing a third-party app or browser extension that requires API access.

Best practices

Before installing

  • Review the developer — Check who created the skill set and whether they're verified
  • Check the description — Understand what the skill set does and why it needs credentials
  • Use scoped credentials — Provide API keys with the minimum permissions needed
  • Prefer verified skill sets — Look for the verified badge on public skill sets

Managing credentials

  • Use dedicated API keys — Create separate keys for skill sets instead of reusing admin keys
  • Rotate regularly — Change credentials periodically, especially after uninstalling a skill set
  • Revoke on uninstall — When you remove a skill set, revoke any API keys you provided to it

Skill sets you build yourself

  • Private by default — Skill sets you create are private to your organization
  • Test before publishing — Thoroughly test before making a skill set public
  • Document requirements — Clearly explain why your skill set needs each configuration field

How required fields are enforced

When you install a skill set, Cloodot checks that every required configuration field has a value before the skill set can be used. Field types (number, select, secret, and so on) shape the inputs you see, but the skill set's own code is responsible for interpreting the values it receives.

These checks do not protect secrets from being read by skill set code — see the warnings above.

Data shared with skills

When a skill executes during a conversation, it may receive contextual information, including:

DataDescription
Configuration valuesNon-sensitive settings you entered during setup
Secret valuesAPI keys, tokens, passwords (delivered separately to the code)
Contact name, email, phoneThe customer's details, when available
Last messageThe text of the customer's most recent message
ChannelThe channel type and name (e.g. WhatsApp)
Organization name & timezoneYour organization's name and timezone
Conversation & contact IDsIdentifiers for the current conversation and contact

All of this data is accessible to the skill set code at runtime.

On this page