← Back to Skills Marketplace
1051
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install twenty-oauth-mastery
Description
Provides expert OAuth 2.0 implementation, troubleshooting, and token management for Twenty CRM with Google/Microsoft OAuth and email/calendar sync integration.
Usage Guidance
This skill contains detailed, actionable steps for debugging and fixing OAuth issues in Twenty CRM — including commands that inspect containers and environment variables and recommendations to change cookie security settings. Before using it: 1) Only run the suggested docker/env commands in a trusted development or staging environment (not production). 2) Do not expose or copy AUTH_GOOGLE_* secrets; if you must inspect them, do so via secure, audited means. 3) Be cautious about suggestions that reduce cookie security (httpOnly: false) — avoid applying such changes in production. 4) If you plan to let an autonomous agent run these instructions, restrict its access to containers and secrets and review outputs before any code changes. If you need stronger assurance, ask the skill author to explicitly document required environment access and to provide a safe checklist for production vs. dev usage.
Capability Analysis
Type: OpenClaw Skill
Name: twenty-oauth-mastery
Version: 1.0.0
The skill bundle is classified as suspicious due to the recommendation to set `httpOnly: false` for authentication cookies in `auth.service.ts` (SKILL.md), which is a significant security risk allowing client-side scripts to access and potentially steal tokens. Additionally, the skill frequently instructs the use of `docker exec` commands for diagnostics and configuration within containers (SKILL.md), granting powerful shell access. While these actions are presented as necessary for debugging and fixing the stated application's OAuth issues, they represent high-risk capabilities without clear malicious intent, fitting the 'suspicious' threshold.
Capability Assessment
Purpose & Capability
The name and SKILL.md focus on Twenty CRM OAuth troubleshooting and implementation. The files referenced, commands suggested (build, restart, docker, curl) and code snippets are consistent with debugging an OAuth server and enabling token preservation for sync services.
Instruction Scope
Although reasonable for a debugging guide, the SKILL.md explicitly instructs the agent/operator to run commands that inspect container filesystem and environment (e.g., docker exec ... cat /app/dist/..., docker exec fratres-twenty env | grep AUTH_GOOGLE) and to change server/cookie settings (e.g., set httpOnly: false). Those instructions let an agent read environment variables, compiled code, and potentially modify security-relevant code — actions that go beyond passive guidance and can expose credentials or weaken runtime security.
Install Mechanism
Instruction-only skill with no install spec or external downloads. No code is written or fetched by an installer, which keeps install risk low.
Credentials
The skill declares no required env vars but repeatedly references AUTH_GOOGLE_CLIENT_ID, AUTH_GOOGLE_CLIENT_SECRET, AUTH_GOOGLE_CALLBACK_URL and suggests grepping env output. Requiring unrestricted access to container env and config is disproportionate to a read-only guidance document and increases risk of credential exposure if the agent follows instructions autonomously or without environment safeguards.
Persistence & Privilege
The skill is not always-enabled, does not install or request persistent presence, and is user-invocable. It does not request elevated platform privileges itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install twenty-oauth-mastery - After installation, invoke the skill by name or use
/twenty-oauth-mastery - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Expert-level OAuth authentication knowledge for Twenty CRM including 5+ common issues with detailed fixes, critical code patterns, OAuth sync integration, testing strategies, deployment checklist, and 6-step troubleshooting workflow. Based on 8 sessions and 6 plans of real-world debugging.
Metadata
Frequently Asked Questions
What is Twenty CRM OAuth Mastery?
Provides expert OAuth 2.0 implementation, troubleshooting, and token management for Twenty CRM with Google/Microsoft OAuth and email/calendar sync integration. It is an AI Agent Skill for Claude Code / OpenClaw, with 1051 downloads so far.
How do I install Twenty CRM OAuth Mastery?
Run "/install twenty-oauth-mastery" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Twenty CRM OAuth Mastery free?
Yes, Twenty CRM OAuth Mastery is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Twenty CRM OAuth Mastery support?
Twenty CRM OAuth Mastery is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Twenty CRM OAuth Mastery?
It is built and maintained by avirweb (@avirweb); the current version is v1.0.0.
More Skills