← Back to Skills Marketplace
madan-wego

Approve Pairing

by madan-wego · GitHub ↗ · v2.0.0
cross-platform ⚠ suspicious
1032
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install approve-pairing
Description
Approve a pending DM pairing request without the openclaw CLI, by directly editing credential files. Use when `openclaw pairing approve` is unavailable (CLI...
README (SKILL.md)

approve-pairing

Approve pending DM pairing requests by writing directly to OpenClaw credential files — no CLI required.

How It Works

Pairing state lives in two files under ~/.openclaw/credentials/:

  • \x3Cchannel>-pairing.json — pending requests (sender ID, code, accountId)
  • \x3Cchannel>-\x3CaccountId>-allowFrom.json — approved senders allowlist

Approving = add sender ID to allowFrom file + remove code from pairing file.

Quick Approval (script)

python3 skills/approve-pairing/scripts/approve_pairing.py \x3Cchannel> \x3Ccode>

Example:

python3 skills/approve-pairing/scripts/approve_pairing.py telegram PWVW264M

The script:

  1. Reads ~/.openclaw/credentials/\x3Cchannel>-pairing.json
  2. Finds the request matching the code
  3. Appends the sender ID to the allowFrom file
  4. Removes the code from pending requests

Manual Steps (if script unavailable)

  1. Read ~/.openclaw/credentials/\x3Cchannel>-pairing.json to get id and meta.accountId
  2. Write/update ~/.openclaw/credentials/\x3Cchannel>-\x3CaccountId>-allowFrom.json: 
    { "version": 1, "allowFrom": ["\x3Csender_id>"] }
  3. Clear the pending request from \x3Cchannel>-pairing.json

Notes

  • Codes expire after 1 hour — check createdAt if approval fails
  • A gateway restart may be needed: openclaw gateway restart
  • If accountId is "default" or empty, the file is \x3Cchannel>-default-allowFrom.json
  • Pending requests capped at 3 per channel; old ones must expire before new ones are created
Usage Guidance
This skill directly edits your OpenClaw credential files to approve a sender. That is the intended behavior, but it's powerful: only run the script locally on a machine you trust and after verifying the pairing code and sender ID. Before running, (1) inspect the script (it's included) to confirm it will target the correct credentials directory; (2) back up ~/.openclaw/credentials; (3) be aware of the documentation mismatch — the script uses '<channel>-allowFrom.json' for empty accountId whereas the SKILL.md mentions '<channel>-default-allowFrom.json'; and (4) note the script respects OPENCLAW_CREDENTIALS_DIR if set (SKILL.md doesn't mention this). Prefer the official 'openclaw pairing approve' CLI when available; use this only when you understand and accept the filesystem changes.
Capability Analysis
Type: OpenClaw Skill Name: approve-pairing Version: 2.0.0 The `scripts/approve_pairing.py` script is vulnerable to path traversal. The `channel` argument, taken directly from command-line input, is used to construct file paths (e.g., `f"{channel}-pairing.json"`) without proper sanitization or validation against a whitelist. This allows an attacker to use `../` sequences to read and write arbitrary files outside the intended `~/.openclaw/credentials/` directory, leading to a critical arbitrary file read/write vulnerability. While the script's stated purpose is to manage OpenClaw credential files, this flaw extends its capabilities beyond the intended scope, making it suspicious.
Capability Assessment
Purpose & Capability
The Python script reads and writes the same ~/.openclaw/credentials files the SKILL.md describes and implements the described approve-by-editing workflow. No unrelated binaries, services, or credentials are requested.
Instruction Scope
Instructions are narrowly scoped to reading and updating pairing/allowlist JSON files. Minor inconsistencies between SKILL.md and the script: SKILL.md says a missing/empty accountId should map to '<channel>-default-allowFrom.json', while the script uses '<channel>-allowFrom.json' for an absent accountId. SKILL.md also does not document the optional OPENCLAW_CREDENTIALS_DIR environment variable the script supports.
Install Mechanism
No install spec is present (instruction-only skill with one included script). Nothing is downloaded or installed; the risk surface is limited to running the provided local script.
Credentials
The skill requests no credentials and does not call external endpoints. It does read an optional OPENCLAW_CREDENTIALS_DIR env var (not declared in the SKILL.md). This is reasonable but should be noted because it can change which files are modified.
Persistence & Privilege
The skill is not always-on, does not request elevated platform privileges, and does not modify other skills or global agent configuration. Its effect is limited to filesystem edits in the credentials directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install approve-pairing
  3. After installation, invoke the skill by name or use /approve-pairing
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Approve DM pairing requests without the openclaw CLI
v1.0.0
Approve DM pairing requests without the openclaw CLI
Metadata
Slug approve-pairing
Version 2.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Approve Pairing?

Approve a pending DM pairing request without the openclaw CLI, by directly editing credential files. Use when `openclaw pairing approve` is unavailable (CLI... It is an AI Agent Skill for Claude Code / OpenClaw, with 1032 downloads so far.

How do I install Approve Pairing?

Run "/install approve-pairing" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Approve Pairing free?

Yes, Approve Pairing is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Approve Pairing support?

Approve Pairing is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Approve Pairing?

It is built and maintained by madan-wego (@madan-wego); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments