技能详情(站内镜像,无评论)
作者:Ada Vale @AdaInTheLab
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.1.1
统计:⭐ 0 · 210 · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :良性 · OpenClaw :良性
Package:adainthelab/auth-guard
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's files and runtime instructions are coherent with its stated purpose of standardizing startup auth checks and helper scripts; it does not request unrelated credentials or perform suspicious exfiltration.
目的
Name/description, examples, SKILL.md, and scripts all focus on performing an auth probe for protected endpoints and establishing helper scripts. The included script accepts a service name, probe URL, env-var name, and credentials file — exactly what an auth-check tool needs. No unrelated resources (cloud creds, extra binaries, or external services) are requested.
说明范围
Runtime instructions and the provided script limit actions to reading an env var or a credentials JSON (under ~/.config/*), probing an HTTPS endpoint with curl, and returning a short status string. The SKILL.md explicitly warns against logging secrets and against pointing cred-file at arbitrary workspace files. There is no instruction to collect or transmit secrets elsewhere.
安装机制
No install spec; this is instruction-only with one included helper script. Nothing is downloaded or written by an installer. Risk is limited to executing the provided script (which the user can review).
证书
The registry metadata declares no required env vars or primary credential. The script takes an env-var name as a parameter and checks a credentials file path supplied at runtime; it does not demand unrelated secrets. It also enforces that credential files must live under $HOME/.config/, reducing the chance of reading arbitrary workspace secrets.
持久
always is false and the skill is user-invocable. It does not request persistent or elevated privileges, nor does it modify other skills' configs. It asks users to place helper scripts in workspace/.pi/, which is normal for helper tooling and something the user should review before executing.
综合结论
This skill appears coherent and limited to auth-probing behavior. Before installing or running: (1) review the included scripts in skills/auth-guard/scripts/auth_check.sh and any helper templates you copy into workspace/.pi/ so you understand what will be executed; (2) only pass probe URLs you trust and that belong to the target service (the script requires https://); (3) keep credential files under ~/.config/ as advised and ensure those files…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Auth Guard」。简介:Standardize API credential handling and startup auth checks to prevent "missing…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adainthelab/auth-guard/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: auth-guard
description: Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth state, gets intermittent 401/403 errors after restarts, relies on ad-hoc curl calls, or needs a reusable auth-first pattern for HEARTBEAT.md/AGENTS.md and helper scripts.
---
# Auth Guard
Enforce a deterministic auth path: one credential source, one helper command path, one startup check, one fallback policy.
## Quick Workflow
1. Identify the target service endpoint and current failing flow.
2. Define canonical credential source (env var first, credentials file second).
3. Create/update a helper script in workspace (`.pi/`) that always injects auth.
4. Add a startup/auth-check command that verifies credentials and endpoint access.
5. Update HEARTBEAT.md or AGENTS.md to require helper usage (ban raw unauthenticated calls).
6. Add explicit fallback behavior for unauthorized states.
## Rules to Apply
- Prefer `ENV_VAR` override, then `~/.config/<service>/credentials.json`.
- Never embed secrets in logs, memory notes, or chat responses.
- Never call protected endpoints via raw curl if a helper exists.
- Keep fallback behavior explicit and low-noise.
- Store helper scripts in `workspace/.pi/` for easy reuse.
## Runtime Requirements
- `bash`
- `curl`
- `python3`
Check once before using this skill:
```bash
command -v bash curl python3 >/dev/null
```
## Safety Limits
- Pass only trusted credential paths under `~/.config/<service>/...` by default.
- Do not point `--cred-file` at arbitrary workspace files or unrelated secret stores.
- Keep probe URLs scoped to the target service auth endpoint.
## Startup Auth Check Pattern
Run at session start (or before heartbeat loops):
```bash
bash skills/auth-guard/scripts/auth_check.sh
--service moltbook
--url 'https://www.moltbook.com/api/v1/feed?sort=new&limit=1'
--env-var MOLTBOOK_API_KEY
--cred-file "$HOME/.config/moltbook/credentials.json"
```
Expected outcomes:
- `AUTH_OK` → proceed with normal authenticated helper flow.
- `AUTH_MISSING` or `AUTH_FAIL_*` → use defined fallback path and record one concise note.
## Reusable Snippets
Use drop-in policy snippets from:
- `references/snippets.md` (HEARTBEAT + AGENTS + helper policy blocks)
## References
- `references/contract.md` for the full Keychain Contract pattern
- `references/snippets.md` for ready-to-paste operational snippets
- `references/examples.md` for multi-service usage examples (Moltbook, GitHub, Slack)