技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.3.1
统计:⭐ 0 · 46 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:amior1024/openai-auth-switcher-public
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill is coherent with its stated purpose (managing and onboarding OpenAI OAuth state) but it operates on highly sensitive local auth files, manipulates user systemd services, and includes local analytics/rollup and an import endpoint that warrant careful code review before running on production machines.
目的
Name/description match the included scripts: the package contains installers, runtime discovery, import/backup/restore helpers, and a web preview—all expected for an OpenAI OAuth 'auth switcher' workflow. The presence of file-copy, backup and restore logic, port selection, generated admin credentials, and systemd user service management is coherent with the stated goals.
说明范围
SKILL.md explicitly instructs the operator to run install.sh and helper scripts (doctor.py, env_detect.py, inspect_runtime.py, import-auth flows). These instructions require reading and writing local OpenClaw runtime files (auth-profiles.json, service units, runtime state). The preview API includes POST /api/import-auth that accepts an absolute path and will copy/validate the supplied auth file into the runtime location—this is functionally ap…
安装机制
No external install spec or network download is present in the manifest (instruction-only in registry). The repository contains local install.sh and Python scripts that run locally; there are no obvious external fetches in the provided snippets. That lowers supply-chain risk compared to remote installers, but you must still audit included scripts because they will be executed on the host.
证书
The skill declares no required env vars, but the code and docs reference OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR and other OpenClaw path overrides and will probe/copy local auth files. The scripts perform file I/O on sensitive auth-profiles.json, create backups, and rebuild token ledgers. There is also an 'hourly_usage' rollup script (local analytics) which could transmit telemetry—its network behavior is not shown and should be audited. Access …
持久
always:false and model invocation is allowed (default) — normal for skills. The install flow creates/manages a systemd user unit under ~/.config/systemd/user (the unit path is hard-coded in install.sh). The skill writes runtime files under its own runtime area by design but also writes or copies auth files into the OpenClaw runtime location and may create backups. This is coherent with its purpose but elevates its privileges on the host; run o…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「OpenAI Auth Switcher Public」。简介:Web-first, publishable OpenClaw skill for OpenAI OAuth account switching. Use w…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/amior1024/openai-auth-switcher-public/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: openai-auth-switcher-public
description: Web-first, publishable OpenClaw skill for OpenAI OAuth account switching. Use when you need a reusable public-track workflow for first-run takeover, environment discovery, doctor checks, runtime inspection, slot management, dry-run validation, controlled switch experiments, rollback planning, and release-safe packaging without bundling live auth snapshots, logs, callbacks, or other machine-specific runtime data.
---
# OpenAI Auth Switcher Public
Use this skill as the **publishable public-track release** of the OpenAI auth switcher workflow.
It is designed for OpenClaw administrators who want a **web-first, first-run-friendly, release-safe** workflow for OpenAI OAuth account takeover, inspection, dry-run validation, controlled switching, and public distribution.
## Purpose
Keep the live/internal operator skill and the public distributable skill separated.
This public track must:
- avoid bundling live runtime state
- avoid bundling auth snapshots, callbacks, backups, or token ledgers from a real machine
- avoid machine-specific hard-coded paths where possible
- document compatibility boundaries explicitly
- provide a release-safe packaging workflow
- keep temporary runtime files inside the skill runtime area, while encouraging important persistent state to live in an external state base via `OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR`
## Core operating model
Treat OpenClaw OpenAI OAuth switching as a high-sensitivity maintenance workflow.
Always do work in this order:
1. Use `install.sh` as the default user-facing bootstrap entrypoint.
2. Run `doctor.py` when installation or environment checks fail.
3. Confirm runtime discovery with `env_detect.py`.
4. Inspect the current runtime before any switch logic.
5. Dry-run any target before proposing a write.
6. Keep rollback and backup behavior explicit.
7. Package only from this public skill directory or from a sanitized staging copy.
## Included scripts
Primary public-release scripts:
- `install.sh` — recommended user entrypoint; wraps the web bootstrap into a single shell command
- `uninstall.sh` — recommended cleanup entrypoint before `clawhub uninstall`
- `scripts/install_web_app.py` — one-shot web bootstrap for first-run access
- `scripts/pick_port.py` — port selection helper (`9527` → `12138` → fallback)
- `scripts/generate_web_credentials.py` — default admin credential generator
- `scripts/doctor.py` — compatibility and environment checks
- `scripts/env_detect.py` — OpenClaw path and runtime discovery
- `scripts/paths.py` — centralized path resolution helpers
- `scripts/inspect_runtime.py` — portable runtime inspection
- `scripts/profile_slot.py` — public-safe slot metadata and local slot files
- `scripts/rollback_experiment.py` — rollback helper using explicit backup sources
- `scripts/switch_experiment.py` — controlled switch experiment with backup and rollback
- `scripts/token_ledger.py` — local token attribution ledger rebuild
- `scripts/hourly_usage.py` — hourly/daily rollup payload for local analytics
- `scripts/package_public_skill.py` — release-safe packager wrapper
Helper modules:
- `scripts/auth_file_lib.py`
- `scripts/probe_lib.py`
- `scripts/lock_lib.py`
- `scripts/state_lib.py`
## Compatibility and safety references
Read only as needed:
- `references/compatibility.md` — Python / Node / OpenClaw / OS expectations
- `references/runtime-discovery.md` — path detection and override model
- `references/install-and-runbook.md` — operator flow and first-run checks
- `references/security-model.md` — sensitivity, boundaries, and redaction rules
- `references/packaging-policy.md` — publish checklist and forbidden contents
- `references/migration-notes.md` — relation to the internal/live skill
## Release rule
Do not publish `skills/openai-auth-switcher` directly.
Use the public skill directory for ClawHub publication and use a packaging wrapper that rejects runtime data, backups, session callbacks, and credential-bearing files.
Recommended first release positioning:
- version: `0.1.0`
- tested on OpenClaw `2026.3.11`
- tested on Python `3.11`
- tested on Node.js `22.x`
- Linux-first release