The call flow is: agent -> select skill (ex: reddit) -> execute action in skill -> script or code associated with skill -> get api key -> call reddit -> reddit posts -> agent.
The agent sees the output of the service, it does not directly see the keys. In OpenClaw, it’s possible to create the skill in a way that the agent does not directly know about or use vault_get command.
It would seem in this design that all the tools should be called through a wrapper that understands the vault and provides the credentials to the tool in the right way. How otherwise can curl use the credentials? Curl has no idea that there's a vault somewhere