← Back to Skills Marketplace
229
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install oauth-disguise
Description
Configure Anthropic OAuth tokens (sk-ant-oat01-*) to work as API keys in OpenClaw via environment variable injection, enabling Claude Pro/Team API access.
Usage Guidance
This skill is coherent with its stated purpose but treats a sensitive OAuth token as an API key by storing it in OpenClaw config. Before using it: (1) confirm the source/trustworthiness of this guidance (origin unknown), (2) prefer per-agent configuration instead of a global defaults patch to limit exposure, (3) never commit openclaw.json or config files containing tokens to version control, (4) rotate tokens after testing and use least-privilege or short-lived tokens if available, and (5) verify with Anthropic/OpenClaw documentation that using sk-ant-oat01-* tokens this way is supported and does not violate terms. If you need higher assurance, ask the publisher for provenance or test in an isolated non-production environment first.
Capability Assessment
Purpose & Capability
The skill's name/description and SKILL.md are consistent: the goal is to make Anthropic OAuth tokens work as API keys by injecting them into OpenClaw env.vars. However the package metadata declares no required env vars or credentials while the instructions explicitly require placing a sensitive token into the OpenClaw config—an inconsistency in declared requirements vs. runtime needs.
Instruction Scope
The runtime instructions tell the agent to patch global OpenClaw config (env.vars and model providers) and restart the gateway. That can affect all agents if applied globally and results in sensitive tokens being stored in OpenClaw configuration. The doc does advise per-agent config as an alternative, but the examples include a global defaults patch which increases blast radius.
Install Mechanism
Instruction-only skill with no install, no binaries, and no code files—there is nothing being downloaded or executed beyond calls to the user's OpenClaw CLI, which is low install risk.
Credentials
The skill requires the user to supply a sensitive Anthropic OAuth token (sk-ant-oat01-*) and to put it into OpenClaw's env.vars, but the metadata lists no required credentials and no primary credential. Storing tokens in config (even if redacted in output) is sensitive and not further constrained by the skill; this is disproportionate unless the user understands and accepts the exposure and scope.
Persistence & Privilege
The skill does not request always:true and does not install persistent code, but its recommended global config patch will persist the token in OpenClaw configuration until removed. That persistence is normal for config changes but raises long-term exposure risk if applied globally rather than per-agent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install oauth-disguise - After installation, invoke the skill by name or use
/oauth-disguise - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
- Updated documentation to clarify usage for Anthropic OAuth tokens (`sk-ant-oat01-*`) with OpenClaw as API keys via environment variable injection.
- Added step-by-step instructions for both global and per-agent token configuration.
- Expanded troubleshooting section with common issues, causes, and solutions.
- Documented dual-provider (proxy + official API fallback) setup examples.
- Enhanced security guidance for token handling and environment variable best practices.
v1.1.0
- Added support for configuring Anthropic OAuth tokens (sk-ant-oat01-*) as API keys via OpenClaw environment variable injection.
- Clarified intended use cases: switching from proxy to Anthropic API, using Claude Pro/Team subscription tokens, and addressing authentication errors with OAuth tokens.
- Provided detailed setup instructions for both global and per-agent configurations.
- Included troubleshooting guidance and verification steps for successful setup.
- Documented security practices around token redaction and environment variable usage.
- Expanded documentation with a dual provider example to allow seamless fallback to proxy.
v1.0.0
Initial release of oauth-disguise skill.
- Allows OAuth tokens (sk-ant-oat01-*) to be used as API keys with OpenClaw via environment variable injection.
- Enables switching from proxy or legacy configurations to the official Anthropic API when OAuth tokens fail direct API calls.
- Provides detailed setup, troubleshooting steps, and migration guidelines.
- Designed specifically for scenarios where direct OAuth or API key auth does not work, but OpenClaw's processing allows token usage.
- Includes security notes on token handling and verification tips for successful configuration.
Metadata
Frequently Asked Questions
What is Oauth Disguise?
Configure Anthropic OAuth tokens (sk-ant-oat01-*) to work as API keys in OpenClaw via environment variable injection, enabling Claude Pro/Team API access. It is an AI Agent Skill for Claude Code / OpenClaw, with 229 downloads so far.
How do I install Oauth Disguise?
Run "/install oauth-disguise" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Oauth Disguise free?
Yes, Oauth Disguise is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Oauth Disguise support?
Oauth Disguise is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Oauth Disguise?
It is built and maintained by jiafar (@jiafar); the current version is v1.1.1.
More Skills