← Back to Skills Marketplace
cenralsolution

MFA WORD

by Cenralsolution · GitHub ↗ · v1.1.0
cross-platform ✓ Security Clean
721
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install mfa-word
Description
Enforces MFA by requiring a secret word to access protected sensitive data and allows emergency reset with a super secret word.
Usage Guidance
This skill is coherent with its stated purpose, but review these points before installing: - Local file writes: it stores a vault (hashed secrets) and an audit log in ~/.openclaw. Ensure you are comfortable with those files existing and set restrictive filesystem permissions (chmod 600) if you use it. - Crypto: secrets are hashed with plain SHA-256 without salt or a slow KDF; low-entropy secret words could be brute-forced if an attacker obtains mfa_vault.json. Consider using a stronger KDF (e.g., PBKDF2/scrypt/Argon2) or adding a per-user salt. - Agent-enforced-only: the skill relies on the agent to call its check/verify functions before performing sensitive actions. The skill cannot prevent other code from accessing files or running commands — it is a procedural gate, not a kernel-level enforcer. - Code quality: index.js mixes CommonJS require(...) with export const declarations which may cause runtime errors depending on how the platform loads modules; validate the module works in your agent environment. - Audit logs: logs contain action/result entries (no plaintext secrets) but may reveal usage patterns; consider rotating or protecting them. If you decide to use it: verify the module runs in your environment, harden vault/log permissions, consider improving the hashing method, and test reset and dead-man-switch behavior. If you need a stronger enforcement boundary, use a system-level access control mechanism rather than relying solely on an agent skill.
Capability Analysis
Type: OpenClaw Skill Name: mfa-word Version: 1.1.0 The OpenClaw AgentSkills bundle 'mfa-word' is designed to implement a multi-factor authentication gatekeeper. The `SKILL.md` provides clear instructions for the AI agent to enforce security checks before sensitive actions, without any prompt injection attempts to bypass security or perform malicious acts. The `index.js` code uses standard Node.js file system operations to store hashed secrets and audit logs locally within the user's `.openclaw` directory. It uses SHA256 for hashing secrets and has no external dependencies or network calls. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized execution, or persistence mechanisms. While the `sensitive_list` parameter could theoretically be a vector for prompt injection if the AI agent's internal detection mechanism for patterns is vulnerable, the skill itself does not instruct the AI to exploit this, nor does its code perform any malicious actions with these patterns. The skill's functionality is aligned with its stated purpose of enhancing security.
Capability Assessment
Purpose & Capability
The skill claims to gate access to sensitive actions using a secret word and an emergency reset word; the code implements local storage of hashed secrets, a session state, check/verify/reset functions, and audit logging under ~/.openclaw. The requested resources (no network, no external credentials) match the stated purpose.
Instruction Scope
SKILL.md instructs the agent to call check_gate_status/verify_access before performing sensitive actions — the code provides those functions. However, the skill cannot enforce checks on I/O or commands outside of agent cooperation; it relies on the agent following the protocol. Also SKILL.md mentions protecting .ssh in examples, but the default sensitive_list in code does not include '.ssh' (only .env, password, config, sudo).
Install Mechanism
No install spec or external downloads are present. The skill includes a local JS module only; nothing is pulled from the network or written to non-standard system locations beyond ~/.openclaw.
Credentials
The skill requests no environment variables or external credentials. It stores data locally in ~/.openclaw (vault and audit log) which is consistent with a local MFA gatekeeper. Note: file writes require filesystem permissions and the vault/log files should be protected by filesystem ACLs/permissions.
Persistence & Privilege
The skill does create persistent artifacts (~/.openclaw/mfa_vault.json and ~/.openclaw/mfa_audit.log) and will append audit entries. It does not set always: true, does not modify other skills, and has no network persistence — but users should be aware that it writes persistent files to the home directory and that audit logs may reveal usage timing.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mfa-word
  3. After installation, invoke the skill by name or use /mfa-word
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
- Expanded the operational protocol for greater clarity, including session duration and the "dead man's switch" security mode. - Added and described the check_gate_status tool for session authentication checks. - Provided defaults and options for sensitive pattern protection and user preferences during MFA setup. - Updated instructions for user challenges and session re-locking after sensitive actions. - Improved documentation formatting and metadata, clarifying category and tags.
v1.0.0
The Zero-Trust Gatekeeper for OpenClaw Agents. MFA Word is a security-first middleware skill designed to patch the "autonomy risk" inherent in LLM agents. While OpenClaw is powerful because it can touch your file system and environment variables, that power is a liability if the AI is tricked via prompt injection. This skill acts as a human-in-the-loop firewall. It forces the AI to stop, challenge the user for a pre-agreed "Secret Word," and verify a cryptographic hash before granting access to sensitive data or high-privilege commands.
Metadata
Slug mfa-word
Version 1.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is MFA WORD?

Enforces MFA by requiring a secret word to access protected sensitive data and allows emergency reset with a super secret word. It is an AI Agent Skill for Claude Code / OpenClaw, with 721 downloads so far.

How do I install MFA WORD?

Run "/install mfa-word" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MFA WORD free?

Yes, MFA WORD is completely free (open-source). You can download, install and use it at no cost.

Which platforms does MFA WORD support?

MFA WORD is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MFA WORD?

It is built and maintained by Cenralsolution (@cenralsolution); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments