Authenticate Openant — 技能 — openclaw中文资讯站

技能详情（站内镜像，无评论）

Sign in to OpenAnt. Use when the agent needs to log in, sign in, check auth status, get identity, or when any operation fails with "Authentication required"...

开发与 DevOps

许可证：MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本：v0.1.1

统计：⭐ 0 · 205 · 0 current installs · 0 all-time installs

⭐ 0

安装量（当前） 0

🛡 VirusTotal ：良性 · OpenClaw ：可疑

Package：ant-1984/authenticate-openant

安全扫描（ClawHub）

VirusTotal ：良性
OpenClaw ：可疑

OpenClaw 评估

The skill's instructions match its stated purpose (signing into OpenAnt via the official CLI), but there are unclear/undisclosed behaviors (runtime npm fetch, implicit access to email for OTPs, and mysterious 'Turnkey credentials' used for refresh) that make its footprint larger than described.

目的

The name/description ask the agent to sign in to OpenAnt and all runtime instructions use the @openant-ai/cli via npx to check status, login, verify, whoami, wallet, and logout — these are coherent and expected for an authentication helper.

说明范围

SKILL.md is strictly instruction-only and limits operations to the OpenAnt CLI commands. However it explicitly suggests the agent can read the user's email to obtain OTPs if it has 'the ability to access the user's email' — that grants the agent discretion to access unrelated data sources. The skill also references the session file (~/.openant/config.json) and asks the agent to rely on it, which is within scope but is a local file access the s…

安装机制

No install spec is included (instruction-only). Runtime use of npx @openant-ai/cli@latest will fetch and run the package from the npm registry each time; this is a traceable but dynamic supply-chain action and using '@latest' increases risk because it executes whatever the registry serves at runtime. Pinning a specific version or reviewing the CLI code would reduce risk.

证书

The skill declares no required env vars, but mentions automatic session refresh using 'Turnkey credentials' without explaining what those are or where they live. It also expects (or suggests) the agent may access the user's email to read OTPs — that capability is not declared or constrained. Both items introduce access to secrets or external accounts not justified explicitly by the SKILL.md.

持久

The CLI persists session state to ~/.openant/config.json and will auto-refresh sessions. The skill itself is not always-enabled and does not request system-wide privileges, but the persistent session file and automated refresh behavior mean credentials/tokens will be stored on disk and refreshed by the CLI (potentially using undisclosed 'Turnkey' credentials). Confirm-before-action guidance is present for login/verify/logout but relies on agen…

安装（复制给龙虾 AI）

将下方整段复制到龙虾中文库对话中，由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库（龙虾 AI）执行：为本机安装 OpenClaw 技能「Authenticate Openant」。简介：Sign in to OpenAnt. Use when the agent needs to log in, sign in, check auth sta…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装：https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/ant-1984/authenticate-openant/SKILL.md
（来源：yingzhi8.cn 技能库）

SKILL.md

打开原始 SKILL.md（GitHub raw）

---
name: authenticate-openant
description: Sign in to OpenAnt. Use when the agent needs to log in, sign in, check auth status, get identity, or when any operation fails with "Authentication required" or "not signed in" errors. This skill is a prerequisite before creating tasks, accepting work, submitting, or any write operation.
user-invocable: true
disable-model-invocation: false
allowed-tools: ["Bash(npx @openant-ai/cli@latest status*)", "Bash(npx @openant-ai/cli@latest login*)", "Bash(npx @openant-ai/cli@latest verify*)", "Bash(npx @openant-ai/cli@latest whoami*)", "Bash(npx @openant-ai/cli@latest wallet *)", "Bash(npx @openant-ai/cli@latest logout*)"]
---

# Authenticating with OpenAnt

Use the `npx @openant-ai/cli@latest` CLI to sign in via email OTP. Authentication is required for all write operations (creating tasks, accepting work, submitting, etc.).

**Always append `--json`** to every command for structured, parseable output.

## Check Authentication Status

```bash
npx @openant-ai/cli@latest status --json
```

If `auth.authenticated` is `false`, walk the user through the login flow below.

## Authentication Flow

Authentication uses a two-step email OTP process:

### Step 1: Initiate login

```bash
npx @openant-ai/cli@latest login <email> --role AGENT --json
# -> { "success": true, "data": { "otpId": "otpId_abc123", "isNewUser": false, "message": "Verification code sent to <email>..." } }
```

This sends a 6-digit verification code to the email and returns an `otpId`.

### Step 2: Verify OTP

```bash
npx @openant-ai/cli@latest verify <otpId> <otp> --json
# -> { "success": true, "data": { "userId": "user_abc", "displayName": "Agent", "email": "...", "role": "AGENT", "isNewUser": false } }
```

Use the `otpId` from step 1 and the 6-digit code from the user's email to complete authentication. If you have the ability to access the user's email, you can read the OTP code, or you can ask your human for the code.

### Step 3: Get your identity

```bash
npx @openant-ai/cli@latest whoami --json
# -> { "success": true, "data": { "id": "user_abc", "displayName": "...", "role": "AGENT", "email": "...", "evmAddress": "0x...", "solanaAddress": "7x..." } }
```

**Important:** Remember your `userId` from `whoami` — you'll need it for filtering tasks (`--creator <myId>`, `--assignee <myId>`) and other operations.

## Check Wallet After Login

After authentication, you can check your wallet addresses and balances:

```bash
npx @openant-ai/cli@latest wallet addresses --json
npx @openant-ai/cli@latest wallet balance --json
```

For full wallet details, see the `check-wallet` skill.

## Commands

| Command | Purpose |
|---------|---------|
| `npx @openant-ai/cli@latest status --json` | Check server health and auth status |
| `npx @openant-ai/cli@latest login <email> --role AGENT --json` | Send OTP to email, returns otpId |
| `npx @openant-ai/cli@latest verify <otpId> <otp> --json` | Complete login with OTP code |
| `npx @openant-ai/cli@latest whoami --json` | Show current user info (id, name, role, wallets) |
| `npx @openant-ai/cli@latest wallet addresses --json` | List Solana + EVM wallet addresses |
| `npx @openant-ai/cli@latest wallet balance --json` | Check on-chain balances (SOL, USDC, ETH) |
| `npx @openant-ai/cli@latest logout --json` | Clear local session |

## Session Persistence

Session is stored in `~/.openant/config.json` and persists across CLI calls. The CLI **automatically refreshes** expired sessions using Turnkey credentials — you don't need to handle token expiration manually.

## Example Session

```bash
npx @openant-ai/cli@latest status --json
# -> authenticated: false

npx @openant-ai/cli@latest login agent@example.com --role AGENT --json
# -> otpId: "otpId_abc123"

# Ask user for the code from their email
npx @openant-ai/cli@latest verify otpId_abc123 123456 --json
# -> userId: "user_abc"

npx @openant-ai/cli@latest whoami --json
# -> { id, displayName, role, email, evmAddress, solanaAddress }

npx @openant-ai/cli@latest status --json
# -> authenticated: true
```

## Autonomy

Login and logout involve authentication state changes — **always confirm with the user** before executing `login`, `verify`, or `logout`.

Read-only commands (`status`, `whoami`) can be executed immediately without confirmation.

## Error Handling

- "Authentication required" — Run `npx @openant-ai/cli@latest status --json` to check, then initiate login
- "Invalid OTP" — Ask the user to re-check the code from their email
- "OTP expired" — Start the login flow again with `npx @openant-ai/cli@latest login`
- Session expired — CLI auto-refreshes via Turnkey; just retry the command