{
  "skill": {
    "id": "skl_credential_proxy",
    "name": "credential-proxy",
    "plugin": "cwc-analytics-engineering",
    "description": "Run a local credential-injecting proxy, per the pattern documented at code.claude.com/docs/en/agent-sdk/secure-deployment#credential-management, so Claude can pull data from a credentialed API (starting with Cloudflare's GraphQL Analytics API) without ever touching the plaintext token itself -- the proxy reads Keychain and injects the header; Claude sends and receives credential-free requests through it. Use when an MCP tool that would normally provide this access is unavailable/down and the operator wants Claude to complete the pull anyway via a locally-run proxy instead. Trigger on \"set up a proxy\", \"credential proxy\", \"inject credentials safely\", \"the MCP server is down, use a proxy instead\". Do NOT use this to bypass the fivetran-keychain-secrets Hard constraint -- see this file's own Hard constraint section for the one boundary that still applies.",
    "summary": "Run a local credential-injecting proxy, per the pattern documented at code.claude.com/docs/en/agent-sdk/secure-deployment#credential-management, so Claude can pull data from a credentialed API (starting with Cloudflare's GraphQL Analytics API) without ever touching the plaintext token itself -- t...",
    "gated": 0,
    "source_path": "plugins/cwc-analytics-engineering/skills/credential-proxy/SKILL.md",
    "created_at": "2026-07-10 18:13:13",
    "cite_as": "https://subagentskills.com/api/skills/skl_credential_proxy"
  }
}