credential-proxy
description (verbatim frontmatter)
Run a local credential-injecting proxy, per the pattern documented at code.claude.com/docs/en/agent-sdk/secure-deployment#credential-management, so Claude can pull data from a credentialed API (starting with Cloudflare's GraphQL Analytics API) without ever touching the plaintext token itself -- the proxy reads Keychain and injects the header; Claude sends and receives credential-free requests through it. Use when an MCP tool that would normally provide this access is unavailable/down and the operator wants Claude to complete the pull anyway via a locally-run proxy instead. Trigger on "set up a proxy", "credential proxy", "inject credentials safely", "the MCP server is down, use a proxy instead". Do NOT use this to bypass the fivetran-keychain-secrets Hard constraint -- see this file's own Hard constraint section for the one boundary that still applies.
summary
Run a local credential-injecting proxy, per the pattern documented at code.claude.com/docs/en/agent-sdk/secure-deployment#credential-management, so Claude can pull data from a credentialed API (starting with Cloudflare's GraphQL Analytics API) without ever touching the plaintext token itself -- t...
source
plugins/cwc-analytics-engineering/skills/credential-proxy/SKILL.md
provenance
created 2026-07-10 18:13:13 · JSON