← Back to Skills Marketplace
178
Downloads
0
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install openai-auth-switcher-public
Description
Web-first, publishable OpenClaw skill for OpenAI OAuth account switching. Use when you need a reusable public-track workflow for first-run takeover, environm...
Usage Guidance
This package is credential-adjacent and will read/write local OpenClaw auth files and manage a user-level service. Before installing: 1) Review service/app.py and any network/telemetry code (hourly_usage.py) to confirm nothing phones home or exposes tokens. 2) Inspect scripts that copy or restore auth-profiles.json (scripts/auth_file_lib.py, scripts/import_auth_file.py) to ensure import behavior is intentional and safe. 3) Run doctor.py and env_detect.py in --json mode on an isolated/test machine first. 4) Set OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR to an external test directory (per docs) to avoid polluting the source tree. 5) Backup existing auth-profiles.json and related OpenClaw state before any import/switch operations. 6) If you do not trust the author or cannot audit the code, do not run install.sh on production hosts — prefer running in a sandbox or VM and use the packaging wrapper (package_public_skill.py) to inspect artifacts before publishing or deploying.
Capability Analysis
Type: OpenClaw Skill
Name: openai-auth-switcher-public
Version: 0.3.1-preview
This skill functions as an OpenAI authentication manager that can swap, backup, and monitor OAuth tokens within the OpenClaw environment. While it aligns with its stated purpose, it is classified as suspicious due to high-risk capabilities: it implements a persistent web server (service/app.py) that provides a remote/local interface for manipulating sensitive credentials, installs a systemd user service for persistence (scripts/install_web_app.py), and includes functions to import/export auth profiles from the local filesystem (service/channel_store.py). The web server is protected by basic auth and binds to localhost by default, but the inherent risk of a background service managing API tokens, combined with terminology like 'account takeover' in SKILL.md, warrants caution.
Capability Assessment
Purpose & Capability
Name/description match the included scripts: the package contains installers, runtime discovery, import/backup/restore helpers, and a web preview—all expected for an OpenAI OAuth 'auth switcher' workflow. The presence of file-copy, backup and restore logic, port selection, generated admin credentials, and systemd user service management is coherent with the stated goals.
Instruction Scope
SKILL.md explicitly instructs the operator to run install.sh and helper scripts (doctor.py, env_detect.py, inspect_runtime.py, import-auth flows). These instructions require reading and writing local OpenClaw runtime files (auth-profiles.json, service units, runtime state). The preview API includes POST /api/import-auth that accepts an absolute path and will copy/validate the supplied auth file into the runtime location—this is functionally appropriate for first-run takeover but is high-sensitivity behavior and should be executed only after manual inspection and on trusted machines.
Install Mechanism
No external install spec or network download is present in the manifest (instruction-only in registry). The repository contains local install.sh and Python scripts that run locally; there are no obvious external fetches in the provided snippets. That lowers supply-chain risk compared to remote installers, but you must still audit included scripts because they will be executed on the host.
Credentials
The skill declares no required env vars, but the code and docs reference OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR and other OpenClaw path overrides and will probe/copy local auth files. The scripts perform file I/O on sensitive auth-profiles.json, create backups, and rebuild token ledgers. There is also an 'hourly_usage' rollup script (local analytics) which could transmit telemetry—its network behavior is not shown and should be audited. Access to local credential-bearing files is expected for this tool, but it is inherently sensitive and the skill does not declare explicit credential requirements in metadata (so users may underestimate impact).
Persistence & Privilege
always:false and model invocation is allowed (default) — normal for skills. The install flow creates/manages a systemd user unit under ~/.config/systemd/user (the unit path is hard-coded in install.sh). The skill writes runtime files under its own runtime area by design but also writes or copies auth files into the OpenClaw runtime location and may create backups. This is coherent with its purpose but elevates its privileges on the host; run only with appropriate user consent and review.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openai-auth-switcher-public - After installation, invoke the skill by name or use
/openai-auth-switcher-public - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.1-preview
0.3.1-preview:修复认证后页面前端请求失败问题,确认新增账号流程可用,并保留真实接管逻辑供另一台 Claw 继续实战测试。
v0.3.0-preview
0.3.0-preview:完成 public 版首页重构,新增账号通道、新增授权主流程(开始授权/完成授权)、设为当前、高级导入导出授权文件、统一版本显示与中文化状态展示,供另一台 Claw 实战测试。
v0.2.6
0.2.6:安装前仅做服务态 pre-cleanup,不删除用户持久数据;优化 systemd-user 不可用时的人话提示,并收敛安装输出噪音。
v0.2.4
0.2.4:美化 install.sh 安装输出,增加成功/警告分区展示,并在 systemd 模板缺失时自动再生模板后继续走 systemd-user。
v0.2.3
0.2.3:新增 install.sh 统一安装入口,修复跨机安装缺失 service/app.py 的打包问题,并修复 systemd 模板缺失时 install 的降级行为。
v0.2.2
0.2.2:优化 ClawHub 发布文案,突出 web-first、首次接管、dry-run 验证与清洁打包定位。
v0.2.1
0.2.1:更新嵌套 Web 页面与静态展示页 UI,切换为亮色白+淡蓝风格,增强信息层次,并补齐移动端自适应体验。
v0.2.0
0.2.0:新增 web-first 首次接管安装流,支持 9527→12138→随机端口回退,补齐 systemd-user 主路径、reinstall、stop/status、发布前验证与清洁打包规则。
v0.1.0
首个公开版本:提供环境检测、运行时检查、账号槽位管理、受控切换实验、回滚、本地 token 账本与小时日统计,并补齐公开发布所需兼容性与安全文档。 / First public release: adds environment checks, runtime inspection, slot management, controlled switch experiments, rollback helpers, local token ledger and hourly/daily usage analytics, plus compatibility and security docs for public distribution.
Metadata
Frequently Asked Questions
What is OpenAI Auth Switcher Public?
Web-first, publishable OpenClaw skill for OpenAI OAuth account switching. Use when you need a reusable public-track workflow for first-run takeover, environm... It is an AI Agent Skill for Claude Code / OpenClaw, with 178 downloads so far.
How do I install OpenAI Auth Switcher Public?
Run "/install openai-auth-switcher-public" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenAI Auth Switcher Public free?
Yes, OpenAI Auth Switcher Public is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenAI Auth Switcher Public support?
OpenAI Auth Switcher Public is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenAI Auth Switcher Public?
It is built and maintained by amior1024 (@amior1024); the current version is v0.3.1-preview.
More Skills