Agent Vault vs Skrun

Agent Vault is an open-source credential broker from Infisical that solves one of the nastiest unsolved problems in AI agent security: AI agents are non-deterministic and vulnerable to prompt injection attacks that could trick them into leaking secrets. The solution is elegant — Agent Vault never gives credentials to the agent at all. Instead, it acts as an HTTPS proxy, intercepting the agent's outbound API calls and injecting credentials at the network layer. The flow is simple: give the agent a scoped session token and set HTTPS_PROXY to Agent Vault's local server. The agent calls APIs normally; Agent Vault transparently swaps in the real credentials before the request leaves the machine. The agent literally cannot leak what it never had. AES-256-GCM encryption with optional Argon2id password wrapping protects the vault, and all proxied requests are logged (method, host, latency) without recording sensitive bodies. Works out of the box with Claude Code, Cursor, Codex, custom Python/TypeScript agents, and any HTTP-speaking process. Infisical is a credible backer — they already run one of the most popular open-source secrets managers. This is MIT-licensed with enterprise features planned. For teams deploying agents in sandboxed environments, this is the missing security primitive.

Skrun is an open-source tool that wraps agentic skills — the discrete, reusable capabilities you build for AI agents (web search, data extraction, file transformation, API calls) — into deployable REST APIs with a single command. The idea is that skills you build for one agent context shouldn't be locked to that agent's runtime. With Skrun, you define a skill once with a standard function signature, and get a hosted endpoint with automatic request validation, retry logic, rate limiting, and an OpenAPI spec generated automatically. The project addresses a real architectural tension in the current AI tools ecosystem: agent skills are written in a dozen different formats (LangChain tools, MCP tools, function call JSON, OpenAI tool specs) and are essentially stranded assets — they only work within their specific orchestration framework. Skrun normalizes this by wrapping any skill definition format and exposing it as a framework-agnostic HTTP endpoint that any agent or pipeline can call. This appeared on Hacker News with a small but thoughtful discussion focused on the "skills as microservices" architectural pattern. Critics noted that adding HTTP round-trips to every tool call introduces latency; proponents argued that the composability and reusability benefits outweigh the cost. The early version focuses on stateless skills; stateful/conversational skill deployment is on the roadmap.