← Back to Skills Marketplace
deepu105

Auth0 Token Vault

by Deepu K Sasidharan · GitHub ↗ · v0.4.0 · MIT-0
darwinlinux ✓ Security Clean
160
Downloads
0
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install auth0-token-vault
Description
Access third-party services (Gmail, Slack, Google Calendar) on behalf of authenticated users via Auth0 Token Vault. Use when the user wants to search, read,...
README (SKILL.md)

Auth0 Token Vault CLI

Use the auth0-tv command-line tool to access third-party services on behalf of authenticated users via Auth0 Token Vault.

Current status

  • Auth status: !auth0-tv --json status 2>/dev/null || echo '{"error":{"code":"not_configured","message":"auth0-tv not configured or not logged in"}}'

When to use this skill

  • The user asks to read, search, send, reply, forward, archive, or delete emails
  • The user wants to manage email drafts or labels
  • The user wants to connect or disconnect a third-party service (Gmail, etc.)
  • The user asks about their authentication or connection status

Key patterns

Always use --json mode

All commands must use --json for structured output:

auth0-tv --json \x3Ccommand>

Alternatively, set AUTH0_TV_OUTPUT=json in the environment to avoid passing --json on every call.

Destructive actions require --confirm

Commands that modify data (send, delete, archive, forward, reply, draft send, draft delete) require --confirm:

auth0-tv --json --confirm gmail send --to [email protected] --subject "Subject" --body "Body"

Exit codes and recovery

Code Meaning Recovery action
0 Success Parse JSON output
1 General error Report error to user
2 Invalid input Check command syntax and required flags
3 Auth required Tell the user to run auth0-tv login
4 Connection required Tell the user to run auth0-tv connect \x3Cservice>
5 Service error Retry or report upstream API failure
6 Network error Check connectivity, retry

Important: Exit codes 3 and 4 require human intervention — login and connect open a browser for OAuth. Do not attempt to run these commands autonomously; instead, tell the user what to run.

Body input for email composition

For send, reply, and draft create, the message body can be provided via:

  • --body "inline text" — short messages
  • --body-file ./message.txt — longer messages from a file
  • stdin: echo "body" | auth0-tv --json --confirm gmail send --to ... --subject ...

Prefer --body-file or stdin for messages containing special characters.

Available commands

Authentication & setup

  • auth0-tv login — authenticate via browser (human-in-the-loop)
  • auth0-tv logout — clear stored credentials
  • auth0-tv status — show current user and connected services
  • auth0-tv connect \x3Cservice> — connect a service via browser (human-in-the-loop)
  • auth0-tv disconnect \x3Cservice> — disconnect a service
  • auth0-tv connections — list connected services

Gmail

  • auth0-tv gmail search \x3Cquery> — search messages (supports Gmail search syntax)
  • auth0-tv gmail read \x3CmessageId> — read a message
  • auth0-tv gmail send — send a new message (destructive)
  • auth0-tv gmail reply \x3CmessageId> — reply to a message (destructive)
  • auth0-tv gmail forward \x3CmessageId> — forward a message (destructive)
  • auth0-tv gmail archive \x3CmessageId> — archive a message (destructive)
  • auth0-tv gmail delete \x3CmessageId> — move to trash (destructive)
  • auth0-tv gmail labels — list labels
  • auth0-tv gmail label \x3CmessageId> — add/remove labels
  • auth0-tv gmail draft create — create a draft
  • auth0-tv gmail draft list — list drafts
  • auth0-tv gmail draft send \x3CdraftId> — send a draft (destructive)
  • auth0-tv gmail draft delete \x3CdraftId> — delete a draft (destructive)

See references/commands.md for full command reference with flags and JSON output examples.

Usage Guidance
This skill appears to do what it claims (call a local auth0-tv CLI to act on behalf of authenticated users). Before installing: 1) Verify the npm package source and publisher on the npm registry (look for homepage, repository, publisher identity, and recent versions); 2) Inspect the auth0-tv binary or its upstream repository if possible to confirm where it stores tokens and what it can do; 3) Be cautious about granting autonomous agents the ability to invoke this skill — destructive actions require --confirm but an agent could still send/read messages using stored tokens; 4) If you must install, run npm audit, review package files locally, and consider running the CLI manually first to understand its prompts and credential storage. The lack of a homepage/source and the small metadata version mismatch reduce confidence — verify provenance to raise your assurance level.
Capability Analysis
Type: OpenClaw Skill Name: auth0-token-vault Version: 0.4.0 The skill is a legitimate wrapper for the `auth0-tv` CLI tool, designed to manage third-party services like Gmail via Auth0 Token Vault. It includes safety mechanisms such as requiring human intervention for authentication (`login`/`connect`) and mandatory confirmation flags (`--confirm`) for destructive actions. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or the command references.
Capability Assessment
Purpose & Capability
The name/description (Auth0 Token Vault, Gmail/Slack/Calendar access via Auth0) matches the runtime instructions and required binary (auth0-tv). The npm install (auth0-token-vault-cli) that provides auth0-tv is coherent with the stated purpose.
Instruction Scope
SKILL.md confines agent behavior to invoking the auth0-tv CLI with --json and requires human-in-the-loop for login/connect flows. It specifies using --confirm for destructive actions and only mentions reading files explicitly for message body input. It does not instruct the agent to read unrelated files or env vars beyond an optional AUTH0_TV_OUTPUT setting.
Install Mechanism
Install is via an npm package (auth0-token-vault-cli), which is a typical distribution method for a CLI. This is moderate risk versus a vetted package manager tap or source, especially because the skill metadata has no homepage/source URL to verify the package origin. Also note the _meta.json version differs from the registry metadata (0.2.3 vs 0.4.0), a minor inconsistency worth checking.
Credentials
The skill declares no required env vars or credentials, which aligns with being a wrapper around a local CLI. However, auth0-tv will use locally stored Auth0/OAuth tokens (and may persist credentials locally), so the agent effectively gains the ability to act with those tokens. The skill does not declare where tokens are stored; this is proportionate to the purpose but important for user awareness.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. Autonomous invocation is allowed (platform default). Because the CLI can perform actions on connected accounts, autonomous invocation increases blast radius if the agent is permitted to run destructive commands with --confirm; SKILL.md advises human intervention for login/connect and requires --confirm for destructive actions, which mitigates risk but does not eliminate it.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install auth0-token-vault
  3. After installation, invoke the skill by name or use /auth0-token-vault
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.0
update to v0.4.0
v0.3.1
update to v0.3.1
v0.3.0
Full command reference: Calendar, Slack, GitHub, fetch
v0.2.3
- Added detailed usage instructions and patterns to SKILL.md, including command structure, JSON output mode, and exit code handling. - Documented all supported commands for authentication, setup, and Gmail management, with clear conditions for when to use the skill. - Provided explicit guidance on safely composing and sending emails, including body input methods. - Clarified required human actions for authentication and service connection processes. - Outlined compatibility requirements and installation steps for Node.js and auth0-tv CLI.
v0.2.2
Initial ClawHub release
v0.2.1
Initial ClawHub release
Metadata
Slug auth0-token-vault
Version 0.4.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 6
Frequently Asked Questions

What is Auth0 Token Vault?

Access third-party services (Gmail, Slack, Google Calendar) on behalf of authenticated users via Auth0 Token Vault. Use when the user wants to search, read,... It is an AI Agent Skill for Claude Code / OpenClaw, with 160 downloads so far.

How do I install Auth0 Token Vault?

Run "/install auth0-token-vault" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Auth0 Token Vault free?

Yes, Auth0 Token Vault is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Auth0 Token Vault support?

Auth0 Token Vault is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).

Who created Auth0 Token Vault?

It is built and maintained by Deepu K Sasidharan (@deepu105); the current version is v0.4.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments