← Back to Skills Marketplace
satoshistackalotto

User Authentication System

by Stems · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
673
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install user-authentication-system
Description
Role-based access control for Greek accounting firms. Login, role hierarchy, per-client permissions, session management, audit logging.
Usage Guidance
This skill looks like it does what it says (a local RBAC/auth system) but contains cryptographic and documentation inconsistencies that matter for security. Before installing: 1) Do not accept SHA‑256 password hashing—require the author to use a modern password KDF (bcrypt, scrypt, or Argon2) with explicit parameters. 2) Ask for details on how salts and TOTP secrets are generated, stored, and protected (secrets should be encrypted at rest and access-limited). 3) Verify that audit logs don't leak credentials or tokens and that file permissions restrict access to the auth directory (chmod 700 is suggested, but confirm ownership). 4) Confirm the discrepancy between SKILL.md (SHA‑256) and the EVALS tests (bcrypt) is resolved — this could be a documentation error or an implementation bug. 5) Prefer a non-default OPENCLAW_DATA_DIR (avoid using a global /data if that is shared) and review the actual implementation source before trusting it with production accounts. If you cannot obtain satisfactory answers or the owner/repo provenance, treat this as unsafe to deploy for real user accounts.
Capability Analysis
Type: OpenClaw Skill Name: user-authentication-system Version: 0.1.1 The OpenClaw AgentSkills bundle for 'user-authentication-system' is classified as benign. The skill is designed as a robust, local authentication and authorization system, employing strong security practices such as bcrypt for password hashing, secure session token management, 2FA, account lockout, and comprehensive audit logging. Crucially, the `SKILL.md` documentation explicitly outlines critical file system permission hardening (`chmod 700 /data/auth/`, `chmod 600 /data/auth/users/*/credentials.json`) required to protect sensitive data, demonstrating an awareness of security implications within the OpenClaw environment rather than malicious intent. There is no evidence of data exfiltration, backdoors, or prompt injection attempts against the agent in the provided content; the `SKILL.md` serves as legitimate user instructions.
Capability Assessment
Purpose & Capability
Name/description (RBAC for Greek accounting firms) align with the requested binaries (openclaw, jq, openssl) and the single env var OPENCLAW_DATA_DIR. Requiring openclaw and a data directory is expected. However, the SKILL.md claims credentials are stored with salted SHA-256 hashes while the included EVALS expectations explicitly require bcrypt hashing — this is an inconsistency between claimed behavior and test expectations and suggests either outdated/insecure crypto choices or a mismatch between documentation and implementation.
Instruction Scope
Instructions are local and file-based under $OPENCLAW_DATA_DIR/auth (no external endpoints), which is consistent with 'fully local' claims. However, the runtime instructions specify storing passwords as salted SHA-256 (fast hash) and using openssl to generate 'SHA-256 TOTP' without describing secure secret storage, iteration count, salt generation, or protection of TOTP secrets. These omissions are security-relevant: SHA‑256 is not an appropriate password KDF by modern standards (should use bcrypt/argon2/scrypt), and 2FA/TOTP secret handling is underspecified. The EVALS.json expectations explicitly call for bcrypt and 'never plaintext', which contradicts SKILL.md; that mismatch is a substantive scope/behavior inconsistency.
Install Mechanism
There is no install spec (instruction-only), so nothing will be downloaded or written beyond creating the data directory and running openclaw commands. This lowers install-time risk. The only package suggestion is using the system package manager to install jq and openssl if missing.
Credentials
Only OPENCLAW_DATA_DIR is required and is appropriate for a file-based auth system. No API keys, tokens, or unrelated credentials are requested. Small note: examples default OPENCLAW_DATA_DIR to /data which may be a privileged or shared location on some hosts—users should ensure the directory is set to a safe path with correct ownership and permissions.
Persistence & Privilege
always: false and no special privileges are requested. The skill does not request to persist itself or modify other skills. It only writes to its own $OPENCLAW_DATA_DIR subpaths per instructions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install user-authentication-system
  3. After installation, invoke the skill by name or use /user-authentication-system
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Minor update for metadata and environment notes. - Added "openclaw" to required bins in metadata. - Included explicit note in metadata: `/data/ in examples refers to $OPENCLAW_DATA_DIR (default: /data/)`.
v0.1.0
Initial release – provides role-based authentication for Greek accounting firms. - Implements local user management with salted SHA-256 hashes and TOTP-based 2FA. - Supports hierarchical roles, per-client permissions, and access matrix. - Includes session tracking, password policy settings, and account lockouts. - Logs all authentication events for audit and security purposes. - Fully file-based architecture designed for local/OnPrem OpenClaw deployment. - No reliance on external authentication services; everything managed locally.
Metadata
Slug user-authentication-system
Version 0.1.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is User Authentication System?

Role-based access control for Greek accounting firms. Login, role hierarchy, per-client permissions, session management, audit logging. It is an AI Agent Skill for Claude Code / OpenClaw, with 673 downloads so far.

How do I install User Authentication System?

Run "/install user-authentication-system" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is User Authentication System free?

Yes, User Authentication System is completely free (open-source). You can download, install and use it at no cost.

Which platforms does User Authentication System support?

User Authentication System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created User Authentication System?

It is built and maintained by Stems (@satoshistackalotto); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments