← Back to Skills Marketplace
447
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gateway-token-doctor
Description
Diagnose and fix gateway token mismatches causing 401 errors. Align tokens across config, service, and CLI surfaces.
README (SKILL.md)
Gateway Token Doctor
Diagnose and fix 401 errors from token mismatches.
Problem
Gateway token inconsistencies cause:
- 401 Unauthorized errors
- CLI/UI authentication failures
- Service startup failures
- Silent auth degradation
Workflow
1. Token Audit
# Check all token surfaces
$cfg = Get-Content "$HOME/.openclaw/openclaw.json" -Raw | ConvertFrom-Json
$auth = $cfg.gateway.auth.token
$remote = $cfg.gateway.remote.token
$service = $env:OPENCLAW_GATEWAY_TOKEN
"auth.token = $auth"
"remote.token = $remote"
"service.token = $service"
if ($auth -and $remote -and $auth -ne $remote) {
Write-Warning "Token mismatch: auth != remote"
}
2. Alignment Fix
# Generate or use existing token
$token = $auth
# Update config
$cfg.gateway.auth.token = $token
$cfg.gateway.remote.token = $token
$cfg | ConvertTo-Json -Depth 10 | Out-File "$HOME/.openclaw/openclaw.json" -Encoding UTF8
# Update service startup script
$servicePath = "$HOME/.openclaw/gateway.cmd"
$content = Get-Content $servicePath -Raw
$content = $content -replace 'OPENCLAW_GATEWAY_TOKEN=.*', "OPENCLAW_GATEWAY_TOKEN=$token"
$content | Out-File $servicePath -Encoding UTF8
# Restart
openclaw gateway restart
3. Verification
# Test gateway access
openclaw gateway status
# Test CLI auth
openclaw whoami
Executable Completion Criteria
| Criteria | Verification |
|---|---|
| All tokens aligned | auth == remote == service |
| Gateway responds | openclaw gateway status succeeds |
| CLI auth works | openclaw whoami returns user |
| No 401 in logs | Select-String "401" logs returns nothing |
Privacy/Safety
- Never log actual token values
- Redact tokens in output (show first 4 chars only)
- Store tokens only in config files
Self-Use Trigger
Use when:
- 401 errors appear
- Gateway restart after config change
- CLI shows auth mismatch
- Service fails to start
Align tokens. Restore access.
Usage Guidance
This skill will read and overwrite your OpenClaw config (~/.openclaw/openclaw.json) and edit the gateway startup script (~/.openclaw/gateway.cmd), then restart the gateway. Before using it: 1) Back up the files mentioned (copy openclaw.json and gateway.cmd). 2) Inspect openclaw.json to confirm where tokens are stored and that the auth token is valid (the script uses auth => remote => service). 3) Run the steps manually first (don't run them as a blind script) or add a dry-run that prints intended changes without writing. 4) Ensure the openclaw CLI is present and you can restart the gateway manually. 5) Be aware that SKILL.md reads the OPENCLAW_GATEWAY_TOKEN env var even though metadata lists no env requirements — confirm any environment-token source before letting the skill modify files. 6) After changes, verify logs and CLI auth in a controlled environment (staging) before applying in production. If you are not comfortable with file edits or service restarts, ask an admin to perform these steps.
Capability Analysis
Type: OpenClaw Skill
Name: gateway-token-doctor
Version: 1.0.0
The 'gateway-token-doctor' skill, while designed for a legitimate administrative task (fixing token mismatches), contains a significant information disclosure vulnerability. The 'Token Audit' section in `SKILL.md` explicitly prints full token values to the agent's output, directly contradicting the skill's own 'Privacy/Safety' guidelines. This flaw could expose sensitive authentication tokens, making the skill suspicious despite the absence of clear evidence of intentional malicious behavior like data exfiltration to external endpoints or backdoor installation.
Capability Assessment
Purpose & Capability
The name/description match the actions in SKILL.md: auditing and aligning gateway tokens stored in $HOME/.openclaw/openclaw.json, the gateway startup script, and the OPENCLAW_GATEWAY_TOKEN environment variable. Asking to read and update those files is coherent with the stated purpose.
Instruction Scope
Instructions directly read and overwrite $HOME/.openclaw/openclaw.json and $HOME/.openclaw/gateway.cmd and then restart the gateway. There are no safety measures (no backups, no validation of a non-empty token, no dry-run). Regex replacement ('OPENCLAW_GATEWAY_TOKEN=.*') and writing token values directly can accidentally clobber files or inject malformed values. Verification steps reference logs generically ('Select-String "401" logs') without specifying paths. These are functional for the task but risky and insufficiently defensive.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. Nothing is written to disk by an installer, which is the lowest-risk install profile.
Credentials
The SKILL.md reads the OPENCLAW_GATEWAY_TOKEN environment variable and other local config paths, but the registry metadata lists no required env vars. That mismatch reduces transparency. While the env var and files are relevant to the stated purpose, the skill asks to read and overwrite local configuration and a startup script — privileges that should be clearly declared and confirmed with the user beforehand.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not include installation steps that persist beyond execution. Autonomous invocation is enabled by default on the platform, but this skill does not escalate privileges beyond modifying only OpenClaw-related files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gateway-token-doctor - After installation, invoke the skill by name or use
/gateway-token-doctor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of gateway-token-doctor.
- Diagnose and resolve 401 errors caused by gateway token mismatches.
- Audits token values in config, service, and CLI environments.
- Provides step-by-step Powershell workflow to align and verify token consistency.
- Includes safety guidelines for token handling and redaction.
Metadata
Frequently Asked Questions
What is Gateway Token Doctor?
Diagnose and fix gateway token mismatches causing 401 errors. Align tokens across config, service, and CLI surfaces. It is an AI Agent Skill for Claude Code / OpenClaw, with 447 downloads so far.
How do I install Gateway Token Doctor?
Run "/install gateway-token-doctor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Gateway Token Doctor free?
Yes, Gateway Token Doctor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Gateway Token Doctor support?
Gateway Token Doctor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Gateway Token Doctor?
It is built and maintained by Dalomeve (@dalomeve); the current version is v1.0.0.
More Skills