hammer/clawd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e32c82c13c693fe86d13ebf09e80828093b0cab
clawd/TOOLS.md

2.4 KiB
Raw Blame History

TOOLS.md - Local Notes

Skills define how tools work. This file is for your specifics — the stuff that's unique to your setup.

Rules

🔒 Never Use HTTP for External Communication

  • All external communication MUST use HTTPS — no exceptions
  • Never expose services over plain HTTP on public IPs
  • If a service only supports HTTP internally, put it behind a TLS-terminating reverse proxy
  • This applies to webhooks, APIs, and any cross-server communication

🔐 Never Ask for Secrets in Chat

  • Don't ask Donovan to paste API keys, passwords, or credentials in messages
  • Instead: walk him through adding them to Bitwarden or ~/.clawdbot/.env himself
  • This applies even in private channels — bad habits are bad habits

🔐 Never Share Secrets in Chat

  • Never echo, print, or display contents of ~/.clawdbot/.env
  • Never show session tokens, API keys, passwords — not even partial
  • If debugging auth, just say "got session" or "auth failed" — no values

What Goes Here

Things like:

  • Camera names and locations
  • SSH hosts and aliases
  • Preferred voices for TTS
  • Speaker/room names
  • Device nicknames
  • Anything environment-specific

Environment

Secrets Storage

  • Bitwarden CLI installed at /home/clawdbot/.npm-global/bin/bw
  • API credentials go in ~/.clawdbot/.env (BW_CLIENTID, BW_CLIENTSECRET, BW_PASSWORD)
  • Bitwarden data: ~/.config/Bitwarden CLI/
  • Always store credentials in the shared org vault:
    • Organization: 4e3ffbdb-0f8b-4f7a-a276-b0a30160e33f (Hammer's Credentials)
    • Collection: 320f9e42-607e-4180-8533-b0a30160e342 (Default collection)
    • Set organizationId and collectionIds when creating items — never leave them in personal vault

Infrastructure

  • Host: Hostinger VPS, Ubuntu
  • VPS IP: 72.60.68.214
  • Domain: hammer.donovankelly.xyz (points to this VPS)
  • Dokploy server: 191.101.0.153 (separate VPS, hosts queue app etc.)
  • User: clawdbot (sudo, needs password)

Email

  • Gmail: hammer7839283@gmail.com
  • Access: Gmail API (OAuth2)
  • Helper script: ~/.local/bin/gmail
  • Commands: gmail list, gmail read <id>, gmail send <to> <subj> <body>, gmail unread

Why Separate?

Skills are shared. Your setup is yours. Keeping them apart means you can update skills without losing your notes, and share skills without leaking your infrastructure.

Add whatever helps you do your job. This is your cheat sheet.