← Back to Skills Marketplace
eyhn

botauth

by EYHN · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ Security Clean
238
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install botauth
Description
Use the botauth CLI to list, search, and retrieve secrets from the user's unlocked botauth vault with per-request approval in the desktop app. Use when a tas...
README (SKILL.md)

botauth

Use botauth to securely retrieve API keys, tokens, and credentials from the user's botauth vault. The desktop app must be running, the vault must be unlocked, and every list, search, and get request can trigger an approval prompt.

When to use

  • You need an API key, token, or password to complete a task
  • The user asks you to use credentials that already exist in botauth
  • You need to fill a .env file or config from the user's vault

Do not save new secrets unless the user explicitly asks. botauth add opens a desktop flow for the user to fill in the credential.

Prerequisites

  • botauth must be installed and available on PATH
  • The botauth desktop app must be running
  • The vault must be unlocked
  • Run botauth status first

Core commands

Check connection

botauth status

Search or list secrets

botauth search "openai"
botauth search "github" --provider github
botauth list
botauth list --provider github
botauth list --tags dev,production

Retrieve a secret in two steps

First get metadata:

botauth get "OpenAI API Key"
botauth get --id \x3Csecret-id>

Then fetch the sensitive fields:

botauth get --id \x3Csecret-id> --fields api_key
botauth get --id \x3Csecret-id> --fields api_key,client_secret --access-key \x3Ckey>

Reuse --access-key inside the same workflow when possible to avoid redundant approval prompts.

Ask the user to create a secret

botauth add
botauth add --app openai --secret-name "Production Key"

Typical workflow

botauth status
botauth search "openai"
botauth get "OpenAI API Key"
botauth get --id \x3Cid> --fields api_key --access-key \x3Caccess-key>
export OPENAI_API_KEY="\x3Cvalue>"

JSON output

Use --json for machine-readable output:

botauth search "github" --json
botauth get --id \x3Cid> --fields token --json

Important notes

  • list, search, get, and add may show approval prompts in the desktop app
  • Sensitive values only come back from get --fields
  • Access keys are short-lived; reuse them during a single task, then discard them
  • If botauth status fails, ask the user to launch or unlock the desktop app
Usage Guidance
This skill is consistent with its description: it runs your local 'botauth' CLI to fetch secrets and relies on desktop approval prompts. Before installing/using it: 1) verify you trust the botauth CLI package source (README suggests npm @botauth/cli) and install only from the official package or vendor; 2) be aware that if the agent invokes the skill and you approve a request, the agent will receive the secret value (avoid persisting it to files and clear env vars after use); 3) consider disabling autonomous invocation of the agent or requiring explicit user confirmation for actions that retrieve secrets; and 4) note the minor metadata mismatch (registry didn't declare the botauth binary requirement) — confirm the 'botauth' CLI is present on hosts where the agent will run.
Capability Analysis
Type: OpenClaw Skill Name: botauth Version: 0.1.0 The botauth skill bundle provides instructions for an AI agent to interact with a local secret management CLI. It facilitates searching and retrieving credentials from a vault, but includes security-conscious instructions such as requiring a desktop app for per-request approval prompts and using a two-step process to fetch sensitive fields. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or the associated metadata.
Capability Assessment
Purpose & Capability
The SKILL.md, README, and manifest consistently describe retrieving secrets from a local botauth vault via the botauth CLI and desktop approval prompts. However, registry metadata lists no required binaries while the instructions explicitly require a 'botauth' CLI on PATH — a minor metadata mismatch.
Instruction Scope
Instructions are narrowly scoped to running botauth commands (status, search, list, get, add), parsing JSON output, and exporting retrieved secrets for use. They do not instruct reading unrelated files, contacting external endpoints, or exfiltrating data to third parties. The workflow explicitly expects user approval for secret retrieval.
Install Mechanism
This is an instruction-only skill (no install spec). README suggests installing the CLI with 'npm install -g @botauth/cli', but the registry has no formal install step — the skill will rely on a preinstalled CLI. That is reasonable but means the user/host must vet the CLI package source before installing.
Credentials
The skill does not declare or request environment variables or credentials. It does, however, guide retrieving sensitive values and exporting them into the agent's runtime environment for task use — this is expected for a secret-retrieval helper but increases sensitivity: any retrieved secret becomes accessible to the agent session if you approve retrieval.
Persistence & Privilege
always:false and normal autonomous invocation are set. Autonomous invocation plus secret retrieval increases blast radius only if the agent is allowed to call the skill and a user approves retrieval prompts. Consider whether you want the agent to be able to call this skill autonomously.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install botauth
  3. After installation, invoke the skill by name or use /botauth
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of the botauth skill. - Allows secure listing, searching, and retrieval of secrets from the user's botauth vault with per-request approval in the desktop app. - Supports common workflows to get credentials, fill config files, and prompt users to add new secrets. - Implements `status`, `list`, `search`, `get`, and `add` commands. - Sensitive values are only accessible with approval; short-lived access keys enhance security. - Emphasizes security best practices and integration with the desktop app.
Metadata
Slug botauth
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is botauth?

Use the botauth CLI to list, search, and retrieve secrets from the user's unlocked botauth vault with per-request approval in the desktop app. Use when a tas... It is an AI Agent Skill for Claude Code / OpenClaw, with 238 downloads so far.

How do I install botauth?

Run "/install botauth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is botauth free?

Yes, botauth is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does botauth support?

botauth is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created botauth?

It is built and maintained by EYHN (@eyhn); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments