Skill Set Security
Understand how secrets, credentials, and data are handled when installing third-party skill sets.
Skill Set Security covers what you need to know before installing public or third-party skill sets, especially when they require secrets or API keys.
How Skill Sets Execute Code
Each skill within a skill set runs custom code in an isolated sandbox with strict CPU and memory limits. When a skill executes, it receives:
- Configuration values you entered during setup
- Secret values (API keys, tokens) you provided
- Conversation context such as contact name, email, and phone number
The skill code can use these values to call external APIs and return results to your AI agent.
Secrets and Credentials
What Happens to Your Secrets
When you configure a skill set with secret fields (API keys, tokens, passwords):
- Stored on Cloodot servers — values are saved to your installation's configuration
- Passed to skill code at runtime — every time the skill executes, your secrets are available to the code
- Accessible to the developer's code — the skill set author's code can read and use these values
What This Means
If you install a public skill set created by another organization and provide secret values:
- The skill set code can read your secrets during execution
- The code can make network requests to external servers
- A malicious skill set could potentially send your credentials to a third party
This is similar to installing a third-party app or browser extension that requires API access.
Best Practices
Before Installing
- Review the developer — check who created the skill set and whether they are verified
- Check the description — understand what the skill set does and why it needs credentials
- Use scoped credentials — provide API keys with the minimum permissions needed
- Prefer verified skill sets — look for the verified badge on public skill sets
Managing Credentials
- Use dedicated API keys — create separate keys for skill sets rather than reusing admin keys
- Rotate regularly — change credentials periodically, especially if you uninstall a skill set
- Revoke on uninstall — when you remove a skill set, revoke any API keys you provided to it
Your Own Skill Sets
- Private by default — skill sets you create are private to your organization
- Test before publishing — thoroughly test before making a skill set public
- Document requirements — clearly explain why your skill set needs each configuration field
Configuration Validation
Cloodot validates configuration values against their defined types:
- NUMBER fields must contain valid numbers
- BOOLEAN fields must be true or false
- SELECT fields must match one of the allowed options
- MULTI_SELECT fields must only contain allowed options
- Pattern validation is enforced when a regex pattern is defined
This prevents accidental misconfiguration but does not protect secrets from being read by skill set code.
Data Shared with Skills
When a skill executes during a conversation, it may receive contextual information including:
| Data | Description |
|---|---|
| Configuration values | Settings you entered during setup |
| Secret values | API keys, tokens, passwords |
| Contact name | Name of the customer in the conversation |
| Contact email | Email address of the customer |
| Contact phone | Phone number of the customer |
| Organization name | Your organization's name |
| Conversation ID | Identifier for the current conversation |
Be aware that all of this data is accessible to the skill set code at runtime.
Related Topics
- Skill Sets — Overview of skill sets and how to use them
- Creating Skills — Build your own secure skill sets
- Security Settings — General account security settings