← Back to Skills Marketplace
eric8810

Authy

by eric8810 · GitHub ↗ · v0.3.0
cross-platform ⚠ suspicious
772
Downloads
2
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install authy
Description
Inject secrets into subprocesses via environment variables. You never see secret values — authy run injects them directly. Use for any command that needs API...
README (SKILL.md)

Authy — Secure Secret Injection

Inject secrets into subprocesses as environment variables. You never see, handle, or log secret values.

How It Works

Your token is run-only. You can discover secret names with authy list and inject them into subprocesses with authy run. You never see secret values directly.

Inject Secrets into a Command

authy run --scope \x3Cpolicy> --uppercase --replace-dash '_' -- \x3Ccommand> [args...]

The --uppercase --replace-dash '_' flags turn secret names like db-host into env vars like DB_HOST.

Examples:

authy run --scope deploy --uppercase --replace-dash '_' -- ./deploy.sh
authy run --scope backend --uppercase --replace-dash '_' -- node server.js
authy run --scope testing --uppercase --replace-dash '_' -- pytest

Discover Secret Names

authy list --scope \x3Cpolicy> --json

Output: {"secrets":[{"name":"db-host","version":1,...}]}

Write Scripts That Use Secrets

Write code that reads environment variables, then run it with authy run:

cat > task.sh \x3C\x3C 'EOF'
#!/bin/bash
curl -H "Authorization: Bearer $API_KEY" https://api.example.com/data
EOF
chmod +x task.sh
authy run --scope my-scope --uppercase --replace-dash '_' -- ./task.sh

Error Codes

Code Meaning
0 Success
2 Auth failed — check AUTHY_TOKEN / AUTHY_KEYFILE
3 Secret or policy not found
4 Access denied or run-only restriction
6 Token invalid, expired, or revoked

Rules

  1. Only use authy run and authy list — these are the only commands available to you
  2. Never hardcode credentials — reference env vars, run via authy run
  3. Never echo, print, or log env vars in subprocess scripts — secrets exist in memory only
  4. Never redirect env vars to files — do not write $SECRET to disk
  5. Use --scope to limit access to needed secrets only
Usage Guidance
This skill appears to do what it says — it wraps an on-PATH authy CLI to inject secrets as environment variables for subprocesses. Before installing, verify: (1) the `authy` binary's origin and integrity (the SKILL.md references a GitHub repo but registry shows no homepage), (2) whether you are comfortable giving the agent access to AUTHY_TOKEN and AUTHY_KEYFILE (these allow retrieval/injection of secrets), and (3) that tokens granted are least-privilege and run-only. Note the metadata mismatches (registry vs SKILL.md) and ask the publisher to clarify required files and which env var is the primary credential. Finally, avoid enabling autonomous agent invocations with broad permissions — any command run via `authy run` can access injected secrets and could exfiltrate them if misused.
Capability Analysis
Type: OpenClaw Skill Name: authy Version: 0.3.0 This skill is suspicious due to its inherent design enabling arbitrary command execution and file manipulation, which creates a significant prompt injection vulnerability for the AI agent. The `SKILL.md` and `references/commands.md` explicitly demonstrate how to create and execute shell scripts (`cat > task.sh ... chmod +x task.sh ... ./task.sh`) that can perform network operations (e.g., `curl`, `psql`). While the skill's stated purpose is legitimate (secret injection), these capabilities, combined with the agent's ability to interpret instructions, provide a direct vector for a malicious prompt to instruct the agent to exfiltrate data or execute arbitrary code, despite the 'Rules' attempting to guide secure usage.
Capability Assessment
Purpose & Capability
The skill name/description (secret injection) matches the required binary (authy) and required env vars (AUTHY_TOKEN, AUTHY_KEYFILE). However, registry metadata lists no required config file or primary credential while the SKILL.md metadata explicitly requires $AUTHY_KEYFILE and AUTHY_TOKEN — a mismatch in declared requirements between registry and SKILL.md.
Instruction Scope
SKILL.md limits agent actions to `authy list` and `authy run`, and describes how to run arbitrary subprocesses with secrets injected. That is consistent with the stated purpose, but by design it gives an invoked command full access to secret values in its environment. The instructions also rely on the agent/script writer to never echo/log secrets (a behavioral constraint that is unenforceable), which increases the risk of accidental or malicious exfiltration.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. It does require a preinstalled `authy` binary on PATH, which is reasonable for a CLI wrapper.
Credentials
Requiring AUTHY_TOKEN and AUTHY_KEYFILE is proportionate for a secret-injection CLI. But SKILL.md metadata claims the KEYFILE path (files: ["$AUTHY_KEYFILE"]) while registry metadata lists no config paths; primary credential is unspecified in registry though SKILL.md calls out AUTHY_TOKEN as the run credential. This inconsistency should be clarified.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request modifying other skills or global config. Autonomous invocation is allowed by platform default, which increases blast radius but is not a standalone reason to reject.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install authy
  3. After installation, invoke the skill by name or use /authy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
Project config (.authy.toml), shell hook, alias generator, tightened agent skill scope
v0.2.2
Tighten instruction scope: remove operator commands from agent-facing docs, strengthen credential language, declare file path dependency
v0.2.1
Add structured metadata for ClawHub trust review
v0.2.0
v0.2.0: Run-only enforcement, JSON output, env/import/export commands
Metadata
Slug authy
Version 0.3.0
License
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Authy?

Inject secrets into subprocesses via environment variables. You never see secret values — authy run injects them directly. Use for any command that needs API... It is an AI Agent Skill for Claude Code / OpenClaw, with 772 downloads so far.

How do I install Authy?

Run "/install authy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Authy free?

Yes, Authy is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Authy support?

Authy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Authy?

It is built and maintained by eric8810 (@eric8810); the current version is v0.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments