← Back to Skills Marketplace
Otp Challenger
by
ryancnelson
· GitHub ↗
· v1.0.6
2689
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install otp-challenger
Description
Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - deploy commands, financial operations, data access, admin operations, and change control.
Usage Guidance
This skill appears to implement what it claims, but review these items before installing: 1) Inspect verify.sh (and related scripts) yourself to confirm there are no unexpected network endpoints beyond api.yubico.com and no hidden behavior. 2) Don’t set OTP_FAILURE_HOOK to an unrestricted or destructive script; prefer a safe notifier (append-only logging or an alert sender) and lock its file permissions. 3) Keep OTP_SECRET and YUBIKEY_SECRET_KEY in a secure secret manager (1Password/Bitwarden) and avoid plaintext in ~/.openclaw/config.yaml when possible. 4) Verify the skill source — SKILL.md references a GitHub repo, but the registry metadata shows no homepage; prefer installing from a verified upstream repository (and check commit history/signature). 5) Run the scripts in a controlled environment or sandbox first, and review audit logs after test runs. If you rely on autonomous agent invocation, be extra cautious about enabling any hook that executes commands.
Capability Analysis
Type: OpenClaw Skill
Name: otp-challenger
Version: 1.0.6
The skill is classified as suspicious due to the `OTP_FAILURE_HOOK` in `verify.sh` and `SKILL.md`. This hook is explicitly documented as a 'privileged feature' that 'can execute arbitrary shell commands on failure events' and is directly executed via `$FAILURE_HOOK &`. While intended for legitimate administrative actions (e.g., alerts, agent shutdown), this constitutes a direct Remote Code Execution (RCE) vulnerability if the `OTP_FAILURE_HOOK` environment variable is controlled by an attacker or set to an untrusted value. The skill otherwise demonstrates strong security practices, including robust input validation, secure YAML parsing, atomic file operations, and replay protection, as detailed in `otp-skill-summary.md`.
Capability Assessment
Purpose & Capability
Name/description (TOTP + YubiKey verification) align with the included scripts (verify.sh, check-status.sh, generate-secret.sh), the declared binaries (openssl, curl, base64, jq, python3, optionally oathtool) are reasonable for the stated functionality, and the conditional env vars (OTP_SECRET, YUBIKEY_CLIENT_ID, YUBIKEY_SECRET_KEY) are the exact credentials needed.
Instruction Scope
Runtime instructions and scripts operate within the expected scope: they read config (~/.openclaw/config.yaml) or env vars for secrets, maintain a local state file (memory/otp-state.json), call Yubico's API for YubiKey validation, and log audit events. They do not appear to read unrelated system files. However the SKILL.md and scripts document an OTP_FAILURE_HOOK that the skill will execute on failure events; that hook runs arbitrary shell commands and is therefore out-of-band behavior that increases risk if misconfigured or abused.
Install Mechanism
Install spec only references Homebrew formulas (jq, python3, oath-toolkit). No downloads from untrusted URLs, no archive extraction, and the repo files are present in the skill bundle. Homebrew usage is proportionate for these native binaries.
Credentials
No required global credentials are demanded by default; required credentials are conditional and match their purpose (TOTP secret or Yubico client id/secret). However OTP_FAILURE_HOOK is an environment/config option that allows arbitrary commands to run as the agent user on verification failures. The README even includes an example hook that kills OpenClaw — this is a high-risk capability that is disproportionate unless the operator explicitly intends it and has locked down the hook's contents and permissions.
Persistence & Privilege
The skill does not request forced or persistent platform-level privileges (always:false). It writes state to its own workspace memory file and may write audit logs, which is expected. The main persistence/privilege risk is the configurable failure hook and any scripts it calls; those run with the same privileges as the agent and can have system impact if misused.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install otp-challenger - After installation, invoke the skill by name or use
/otp-challenger - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
Version 1.0.6
- Expanded required binaries and environment variable documentation in SKILL.md.
- Added details for privileged features and OTP failure hooks.
- Noted `qrencode` requirement for `generate-secret.sh`.
- Improved clarity of configuration, environment variables, and installation sections.
v1.0.5
- Added INSTALLATION.md and memory/README.md files for clearer installation and memory usage documentation.
- Introduced config-template.yaml and env-template.sh to provide example configuration templates.
- Expanded README.md with more details on setup, configuration, and best practices.
- No user-facing code logic changes; documentation and configuration improvements only.
v1.0.4
Clarify qrencode dependency for QR code display
v1.0.3
No user-visible changes in this release; version increment only.
v1.0.2
- Added new OpenClaw examples: `openclaw/README.md`, `cron-expire.sh`, and `interceptor.sh` for easier integration and demonstration.
- No changes to core skill logic; core functionality and interfaces remain stable.
- Documentation now matches version 1.0.2 and details relevant configuration options.
- Useful for OpenClaw environments or automation workflows needing 2FA challenges.
v1.0.1
- Renamed skill from `otp` to `otp-challenger`, updating all references.
- Updated version to 1.1.0.
- Changed repository and homepage links to the new `otp-challenger` location.
- Added `otp-skill-summary.md` and removed `otp-skill-final-summary.md`.
- Minor documentation updates, including test suite reference and clarity improvements.
v1.0.0
Initial release of the OTP skill for two-factor authentication in sensitive approval workflows.
- Enables agents and skills to require time-based OTP verification before executing sensitive actions.
- Supports various use cases: deployments, financial operations, data access, admin actions, and change control.
- Offers flexible setup: stores secrets in config, environment, or 1Password/Bitwarden.
- Includes scripts for verification (`verify.sh`), status checks (`check-status.sh`), and TOTP secrets generation.
- Requires `jq` and `python3`; can use `oathtool` for extra validation.
- Stores no OTP secrets in state—only verification timestamps, improving security.
Metadata
Frequently Asked Questions
What is Otp Challenger?
Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - deploy commands, financial operations, data access, admin operations, and change control. It is an AI Agent Skill for Claude Code / OpenClaw, with 2689 downloads so far.
How do I install Otp Challenger?
Run "/install otp-challenger" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Otp Challenger free?
Yes, Otp Challenger is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Otp Challenger support?
Otp Challenger is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Otp Challenger?
It is built and maintained by ryancnelson (@ryancnelson); the current version is v1.0.6.
More Skills