← Back to Skills Marketplace
220
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install auto-authenticator-local
Description
Use when the user wants a local-first TOTP helper for accounts they personally own or are explicitly authorized to access. This skill stores TOTP seeds in sy...
README (SKILL.md)
Auto Authenticator Local
Auto Authenticator Local is a privacy-first skill for generating TOTP codes on the user's machine.
What this skill does
- Adds a TOTP seed to the operating system credential vault under a user-chosen alias.
- Generates the current 6-digit code for a single alias on explicit request.
- Deletes a stored alias when the user rotates or removes access.
- Helps the user integrate approved local login flows for accounts they own or are authorized to manage.
Hard safety rules
- Refuse any request framed as bypassing MFA, avoiding rate limits, defeating anti-abuse systems, or "hiding" OTP generation from security controls.
- Do not store TOTP seeds in plaintext files, shell history, screenshots, prompts, git, or chat transcripts.
- Do not bulk-export secrets or dump all aliases.
- Do not generate codes silently in the background. Require an explicit alias each time.
- If the account ownership or authorization is unclear, pause and ask for confirmation before helping.
Platform assumptions
- The bundled scripts are cross-platform through
keyring, which maps to OS-native secure storage. - macOS also has a built-in fallback through the
securityCLI. - If the host machine does not have a working secure storage backend, help the user install one rather than falling back to plaintext.
Files to use
scripts/totp_add.py: store or update a TOTP seed in secure storagescripts/totp_code.py: generate the current 6-digit code for one aliasscripts/totp_delete.py: delete an alias from secure storagereferences/security.md: storage and publication guidance
Default workflow
- Confirm the user owns the account or is authorized to manage it.
- Ask for a short alias that does not leak unnecessary sensitive context.
- Store the seed with:
python3 scripts/totp_add.py --alias \x3Calias> --issuer \x3Cissuer> --account \x3Caccount>
- Generate a code only when explicitly requested:
python3 scripts/totp_code.py --alias \x3Calias>
- Remove the seed if the account is decommissioned or rotated:
python3 scripts/totp_delete.py --alias \x3Calias>
Response style
- Keep generated output minimal.
- Prefer returning only the code and its expiry when that is what the user asked for.
- When discussing storage or rollout, emphasize privacy, explicit invocation, and device-local handling.
- If the user asks about publishing, position the skill as a local privacy and convenience tool for legitimate access.
Good deliverables
- A local setup guide
- A security checklist
- A migration plan from plaintext secrets to Keychain
- A small integration for approved local login steps
Avoid
- Marketing copy about bypassing protections
- Stealth or hidden code generation
- Unauthorized access flows
- Secret export or exfiltration helpers
Usage Guidance
This skill appears to do what it says: local-only TOTP storage and on-demand code generation using your OS keyring. Before installing, verify the GitHub repository and commit you are installing, avoid piping unknown install scripts directly into bash, and consider running the scripts locally (not through a shared agent) the first time to confirm behavior. Be careful not to paste generated codes into chat transcripts or logs if those are stored or reviewed. If you share the machine, ensure your OS credential store is locked and you understand which keyring backend will be used (keyring vs macOS security CLI).
Capability Analysis
Type: OpenClaw Skill
Name: auto-authenticator-local
Version: 1.0.0
The skill is a legitimate local-first TOTP (Time-based One-Time Password) manager that uses system-level secure storage (OS Keychain via the 'keyring' library or macOS 'security' CLI). The implementation follows security best practices by avoiding plaintext storage, using list-based subprocess calls to prevent shell injection, and including explicit safety instructions in SKILL.md that direct the AI agent to refuse requests for bypassing MFA or bulk-exporting secrets.
Capability Assessment
Purpose & Capability
Name/description match the implementation: scripts store/fetch/delete TOTP seeds using keyring or macOS security CLI and generate codes. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md limits actions to adding/generating/deleting a single alias and warns against exfiltration or stealth generation. The bundled scripts print codes to stdout (expected), which requires operator caution so codes are not inadvertently recorded in chat transcripts or logs.
Install Mechanism
There is no packaged install spec inside the skill; the provided install.sh clones a GitHub repository and runs pip install -r requirements.txt (keyring). Using GitHub is normal, but the README suggests curl | bash for one-line install — this invokes remote code and should be used only after verifying the repository and commit.
Credentials
No environment variables, keys, or unrelated credentials are requested. The only external dependency is the 'keyring' Python package to access OS-native secure storage, which is proportional to the stated purpose.
Persistence & Privilege
Skill is not always-enabled, and agents/openai.yaml explicitly disables implicit invocation. The skill does not request system-wide config changes or access to other skills' credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install auto-authenticator-local - After installation, invoke the skill by name or use
/auto-authenticator-local - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release. Local-first TOTP storage and 6-digit code generation with secure system credential storage.
Metadata
Frequently Asked Questions
What is Auto Authenticator Local?
Use when the user wants a local-first TOTP helper for accounts they personally own or are explicitly authorized to access. This skill stores TOTP seeds in sy... It is an AI Agent Skill for Claude Code / OpenClaw, with 220 downloads so far.
How do I install Auto Authenticator Local?
Run "/install auto-authenticator-local" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Auto Authenticator Local free?
Yes, Auto Authenticator Local is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Auto Authenticator Local support?
Auto Authenticator Local is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Auto Authenticator Local?
It is built and maintained by LucasZH7 (@lucaszh7); the current version is v1.0.0.
More Skills