← Back to Skills Marketplace
h4gen

User-Delegated OAuth API Access

by Hagen Hoferichter · GitHub ↗ · v1.0.6
cross-platform ✓ Security Clean
647
Downloads
0
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install clawauth
Description
Let agents request OAuth access from end users via short links, continue working asynchronously, and later claim reusable third-party API tokens from local k...
README (SKILL.md)

Clawauth OAuth Skill

This skill gives agents a production-safe OAuth handover flow that is async by default and works across chat/session interruptions.

Use this when the agent needs provider credentials from a human user, but must avoid blocking execution and must avoid long-lived token storage on a third-party auth SaaS.

Why this exists

Most "OAuth gateway" patterns keep user refresh tokens in a central hosted database. clawauth avoids that model:

  • Hosted edge service mints short-lived auth sessions.
  • User authorizes directly with the provider.
  • Token response is encrypted end-to-end to the requesting CLI session.
  • CLI claims once and stores token locally in system keychain.
  • Server-side session is ephemeral and deleted on claim/expiry.

Result: async UX for agents, minimal operator overhead, and no permanent central token vault by design.

Runtime prerequisite

clawauth must already be preinstalled in the trusted runtime image/environment by the operator. This skill does not instruct dynamic package installation.

OpenClaw can detect this requirement from frontmatter metadata:

  • metadata.openclaw.requires.bins: ["clawauth"] gates eligibility.
  • metadata.openclaw.install can expose an operator-approved install action in OpenClaw UI/Gateway flows.

How installation is documented and triggered

  • Installation intent is declared in frontmatter, not in free-form shell instructions.
  • This skill declares a Node installer in metadata.openclaw.install for package clawauth.
  • OpenClaw/Gateway uses that metadata to offer a managed install action when clawauth is missing.
  • If multiple installer options are present, Gateway selects a preferred one (OpenClaw docs: brew preferred when available, otherwise node manager policy).
  • For this skill we publish a single Node installer path to keep behavior deterministic across hosts.
  • Reference: https://docs.openclaw.ai/tools/skills
  • Reference: https://docs.openclaw.ai/platforms/mac/skills
  • Source code (review before install): https://github.com/claw-auth/clawauth

Manual install (operator fallback)

If OpenClaw/Gateway does not run the install action automatically, install the CLI manually:

npm i -g clawauth

Then verify:

clawauth --help
openclaw skills check --json

Install policy (recommended)

  • Pre-install clawauth in the base image/runner and disable ad-hoc package fetches.
  • Pin and approve the CLI version in operator-managed tooling policy.
  • Keep package source/provenance controls outside this skill (CI image build or internal artifact policy).

Hosted service endpoint

The published CLI is already wired to:

  • https://auth.clawauth.app

Agents do not need CLAWAUTH_WORKER_URL for normal hosted usage.

Provider support

Implemented providers in current worker:

  • notion
  • github
  • discord
  • linear
  • airtable
  • todoist
  • asana
  • trello
  • dropbox
  • digitalocean
  • slack
  • gitlab
  • reddit
  • figma
  • spotify
  • bitbucket
  • box
  • calendly
  • fathom
  • twitch

Always treat server output as source of truth:

clawauth providers --json

Canonical async flow (non-blocking)

  1. Start auth and return immediately:
clawauth login start \x3Cprovider> --json

  1. Extract and forward shortAuthUrl to the user.

  2. Continue other work. Do not block.

  3. Later poll/check:

clawauth login status \x3CsessionId> --json
  1. When status is completed, claim once:
clawauth login claim \x3CsessionId> --json
  1. Claim completion and hand off control to the operator-defined API call layer. This skill intentionally avoids instructing raw token materialization commands.

Token exposure boundaries

  • login claim may return sensitive token payload data in JSON output.
  • Do not paste sensitive command output to chat, logs, traces, or telemetry.
  • Do not materialize tokens into shell environments from this skill.
  • Use operator-controlled secret handling for downstream provider API calls.

Command map

Login lifecycle

  • clawauth login start [provider] [--ttl \x3Cseconds>] [--scope \x3Cscope>] [--json]
  • clawauth login status \x3CsessionId> [--json]
  • clawauth login claim \x3CsessionId> [--json]
  • clawauth login wait \x3CsessionId> [--timeout \x3Cms>] [--interval \x3Cms>] [--json]

Session management

  • clawauth sessions [--json]
  • clawauth session-rm \x3CsessionId> [--json]

Token access

  • clawauth token list [--json]

Discovery and docs

  • clawauth providers [--json]
  • clawauth explain
  • clawauth docs

JSON fields agents should parse

login start --json

  • provider
  • sessionId
  • expiresIn
  • shortAuthUrl
  • authUrl
  • statusCommand
  • claimCommand

login status --json

  • status (pending | completed | error)
  • provider
  • error

login claim --json

  • status (pending | completed | error)
  • provider
  • tokenData
  • storedInKeychain
  • keychainService
  • keychainAccount

Agent behavior rules

  • Prefer --json for machine parsing.
  • Never block by default; only use login wait when explicitly needed.
  • On pending: schedule retry later.
  • On completed: run login claim once.
  • On error: surface concise reason and restart with new login start.
  • If session context is lost, recover using clawauth sessions --json.
  • If provider unknown, run clawauth providers --json and choose supported value.
  • Never print raw tokens into user-facing chat.
  • Do not run package install/fetch commands from this skill.
  • Do not export tokens into shell environment variables from this skill.

Security model summary

  • Short-lived session data in Cloudflare KV (default TTL: 3600s, configurable).
  • Signed OAuth state binding provider and expiry.
  • Signed request verification for status/claim with timestamp + nonce.
  • Replay and rate-limit protections during polling.
  • End-to-end encrypted token blob (nacl.box) from callback to CLI claimant.
  • Session blob removed from server on successful claim.
  • Tokens stored locally in OS keychain via CLI.

Failure handling

Provider not implemented:

  • login start returns error indicating feature request recorded.

Provider misconfigured on backend:

  • server returns clear missing secret/config message.

Session expired:

  • status/claim returns not found/expired; start new session.

Lost chat context:

  • run clawauth sessions --json, then continue with status/claim.

No token found later:

  • run clawauth token list --json and select provider/account explicitly.

Minimal end-to-end example

# 1) Start
clawauth login start notion --json

# 2) Share shortAuthUrl with user (from JSON output)

# 3) Later check
clawauth login status \x3CsessionId> --json

# 4) Claim when completed
clawauth login claim \x3CsessionId> --json

# 5) Continue with operator-defined downstream API handling

Reference

See references/commands.md for compact copy-paste command blocks.

Usage Guidance
This skill is internally consistent for providing an async OAuth handoff via a CLI, but before installing: 1) Review the clawauth npm package and its GitHub source (the SKILL.md points to a repo) and pin an approved version; 2) Ensure the operator pre-installs the CLI into a trusted runtime image (avoid agent-run npm installs); 3) Confirm your runtime's keychain policies and that storing provider tokens locally is acceptable; 4) Make sure agents are configured to never paste CLI output containing tokenData into chat, logs, or telemetry; and 5) If you need higher assurance, run the CLI in an isolated environment and audit its network traffic (it communicates with auth.clawauth.app by default).
Capability Analysis
Type: OpenClaw Skill Name: clawauth Version: 1.0.6 This skill bundle is designed with a strong focus on security and explicitly instructs the OpenClaw agent to avoid risky behaviors. The `SKILL.md` file clearly states that the agent should 'Never print raw tokens into user-facing chat' and 'Do not run package install/fetch commands from this skill,' even when manual installation steps are provided for human operators. The purpose of the skill, which is to facilitate secure, asynchronous OAuth with local keychain storage, is legitimate, and all commands (`clawauth`) align with this stated purpose. There is no evidence of malicious intent, data exfiltration, or prompt injection attempts designed to harm the system or user.
Capability Assessment
Purpose & Capability
Name/description, the required binary (clawauth), and the included installer metadata all align: this is an OAuth handover helper that expects a preinstalled CLI and an operator-managed install path. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are narrowly scoped to running the clawauth CLI commands (start/status/claim/etc.), parsing JSON, and avoiding token leakage. The skill explicitly forbids running package installs from the agent and warns not to paste tokens to chat/logs. This is coherent, but it relies on the agent/operator to enforce secret-handling rules—accidental token exposure via logs or chat would be a real operational risk.
Install Mechanism
Installer metadata points to an npm package ('clawauth') which is an expected and traceable mechanism for a CLI. npm installs are a moderate-risk install vector; the SKILL.md recommends operator-side preinstallation and pinning. No ad-hoc or unknown URL downloads are instructed by the skill itself.
Credentials
The skill requests no environment variables or credentials in its metadata. The only notable side-effect is that claimed tokens are stored in the local system keychain by the CLI—this is plausible and proportionate to the stated purpose, but requires operators to accept local keychain writes.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawauth
  3. After installation, invoke the skill by name or use /clawauth
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
**Major update: Skill rebranded and refactored to "clawauth" with new OAuth handover flow and async-first pattern.** - Skill renamed from "Auth" to "clawauth", with new focus and description. - New OAuth architecture: agents request short OAuth links for end users, claim tokens asynchronously, and store securely in local system keychain—no centralized SaaS vault. - Detailed CLI usage instructions, runtime requirements, and supported providers documented. - Expanded metadata/frontmatter for operator-controlled install flows; exposed Node-based install path. - Security and agent handling guidelines formalized (token boundary, error handling, keychain storage). - Added reference file: `references/commands.md` for command-line examples.
v1.0.5
- Declared CLI requirements and installer in skill metadata for automatic runtime/tooling integration. - Added explicit documentation on how OpenClaw detects, installs, and manages the clawauth CLI via frontmatter metadata. - Published single Node installer path within metadata for deterministic behavior. - Documented the fallback manual install process and updated references to OpenClaw/Gateway install mechanisms. - No changes to core command usage, async flow, or security posture.
v1.0.4
- Skill now requires `clawauth` to be preinstalled in the runtime; dynamic package installation is no longer described or recommended. - Guidance on zero-install and ad-hoc invocation (e.g., with `npx`) has been removed. - Token materialization commands (`token get`, `token env`) are no longer included or recommended; responsibility for secret handling is delegated to operator policy. - Skill now emphasizes avoiding export of tokens to shell environments and not exposing sensitive output. - Install and version management is clarified as an operator-controlled responsibility, outside the skill’s runtime scope. - Documentation updates reflect these policy and security model clarifications.
v1.0.3
- Clarified install policy recommendations for managed environments and npx usage; discourage use of @latest in production. - Added a new "Token exposure boundaries" section with stricter guidance on handling and forwarding secret output. - Noted that the token env command intentionally outputs secrets and must be used sparingly. - Improved the skill description for clarity and to better emphasize the avoidance of a centralized SaaS token vault. - No changes to commands or functional behaviors.
v1.0.2
clawauth 1.0.2 - Updated usage guidance for command invocation and installation (removed mention of `npx ...@latest` as primary fallback). - Strengthened security and UX agent guidelines: avoid printing raw tokens, discourage shell-wide token exports, and limit use of token env only to explicit cases. - Minor metadata change: removed `requires.anyBins` from skill metadata. - Clarified operator-driven version pinning and fallback approach for autonomous execution.
v1.0.1
- Improved documentation for agent integration, with expanded usage instructions and provider support. - Clarified async OAuth flow, fallback logic, and explicit handling rules for session and token management. - Listed all implemented providers as of this version for easier capability discovery. - Added detailed breakdowns of expected JSON fields for CLI command responses. - Expanded security model explanation and provided more example workflows for agents.
v1.0.0
Initial release of clawauth skill for secure OAuth handover. - Enables agents to obtain user-authorized OAuth credentials without persisting tokens in SaaS databases. - Supports connecting accounts for major providers (e.g. Notion, GitHub, Slack) via secure, ephemeral workflows. - Async authorization: agents can request access, perform other tasks, and claim credentials once user action is completed. - Credentials are stored locally in the keychain, not on third-party servers. - Both hosted and self-hosted deployment options supported. - Comprehensive CLI command set for session management, token retrieval, and provider discovery.
Metadata
Slug clawauth
Version 1.0.6
License
All-time Installs 1
Active Installs 1
Total Versions 7
Frequently Asked Questions

What is User-Delegated OAuth API Access?

Let agents request OAuth access from end users via short links, continue working asynchronously, and later claim reusable third-party API tokens from local k... It is an AI Agent Skill for Claude Code / OpenClaw, with 647 downloads so far.

How do I install User-Delegated OAuth API Access?

Run "/install clawauth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is User-Delegated OAuth API Access free?

Yes, User-Delegated OAuth API Access is completely free (open-source). You can download, install and use it at no cost.

Which platforms does User-Delegated OAuth API Access support?

User-Delegated OAuth API Access is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created User-Delegated OAuth API Access?

It is built and maintained by Hagen Hoferichter (@h4gen); the current version is v1.0.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments