← 返回 Skills 市场
Ainative Auth Guide
作者
Toby Morning
· GitHub ↗
· v1.0.0
· MIT-0
152
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install ainative-auth-guide
功能描述
Implement authentication for AINative APIs. Use when (1) Choosing between API key and JWT auth, (2) Registering/logging in users, (3) Refreshing tokens, (4)...
使用说明 (SKILL.md)
AINative Authentication Guide
Auth Methods
| Method | Use Case | Header |
|---|---|---|
| API Key | Server-side, agents, SDKs, MCP tools | X-API-Key: ak_... |
| Bearer JWT | User sessions, web apps | Authorization: Bearer \x3Ctoken> |
| OAuth2 | Social login (LinkedIn, GitHub) | Standard OAuth2 flow |
API Key Auth (Simplest)
Get a key via npx zerodb init or from the dashboard.
import requests
response = requests.get(
"https://api.ainative.studio/api/v1/public/credits/balance",
headers={"X-API-Key": "ak_your_key"}
)
const res = await fetch("https://api.ainative.studio/api/v1/public/credits/balance", {
headers: { "X-API-Key": "ak_your_key" }
});
Email/Password Registration & Login
# Register
resp = requests.post(
"https://api.ainative.studio/api/v1/auth/register",
json={"email": "[email protected]", "password": "securepass", "name": "Alice"}
)
token = resp.json()["access_token"]
# Login
resp = requests.post(
"https://api.ainative.studio/api/v1/auth/login",
json={"email": "[email protected]", "password": "securepass"}
)
access_token = resp.json()["access_token"]
refresh_token = resp.json()["refresh_token"]
JWT Usage
headers = {"Authorization": f"Bearer {access_token}"}
me = requests.get("https://api.ainative.studio/api/v1/users/me", headers=headers).json()
Token Refresh
resp = requests.post(
"https://api.ainative.studio/api/v1/auth/refresh",
json={"refresh_token": refresh_token}
)
new_access_token = resp.json()["access_token"]
Logout
requests.post(
"https://api.ainative.studio/api/v1/auth/logout",
headers={"Authorization": f"Bearer {access_token}"}
)
OAuth2 Social Login
# LinkedIn
resp = requests.post(
"https://api.ainative.studio/api/v1/auth/linkedin/callback",
json={"code": oauth_code, "redirect_uri": "https://yourapp.com/callback"}
)
# GitHub
resp = requests.post(
"https://api.ainative.studio/api/v1/auth/github/callback",
json={"code": oauth_code, "redirect_uri": "https://yourapp.com/callback"}
)
token = resp.json()["access_token"]
Next.js Middleware
// middleware.ts
import { createMiddleware } from '@ainative/next-sdk/middleware';
export const middleware = createMiddleware({
apiKey: process.env.AINATIVE_API_KEY!,
protectedPaths: ['/dashboard', '/api/protected'],
loginPath: '/login',
});
Password Reset
# Request reset email
requests.post("https://api.ainative.studio/api/v1/auth/forgot-password",
json={"email": "[email protected]"})
# Set new password with token from email
requests.post("https://api.ainative.studio/api/v1/auth/reset-password",
json={"token": "reset_token_from_email", "new_password": "newpassword"})
Auth Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/v1/auth/register |
POST | Create account |
/api/v1/auth/login |
POST | Email/password → JWT |
/api/v1/auth/logout |
POST | Invalidate session |
/api/v1/auth/refresh |
POST | Refresh access token |
/api/v1/users/me |
GET | Current user profile |
/api/v1/auth/verify-email |
POST | Verify email address |
/api/v1/auth/forgot-password |
POST | Send reset email |
/api/v1/auth/reset-password |
POST | Apply new password |
/api/v1/auth/linkedin/callback |
POST | LinkedIn OAuth2 |
/api/v1/auth/github/callback |
POST | GitHub OAuth2 |
Error Codes
| Status | Meaning |
|---|---|
| 401 | Invalid or missing token/key |
| 403 | Valid auth, insufficient permissions |
| 409 | Email already registered |
References
src/backend/app/api/v1/endpoints/auth.py— Auth endpoint implementationpackages/sdks/nextjs/src/middleware/— Next.js auth middlewaredocs/guides/AUTHENTICATION.md— Full authentication guide
安全使用建议
This is a documentation-only skill that looks coherent for implementing AINative authentication. Before using it: (1) confirm api.ainative.studio is the expected service and that you trust the SDKs referenced (e.g., @ainative/next-sdk); (2) never paste real API keys or long-lived secrets into public or untrusted places—use environment variables and least-privilege keys; (3) the SKILL.md shows examples referencing process.env.AINATIVE_API_KEY but the skill metadata doesn't require any env vars—this is just an example, not an automatic credential access; (4) if you plan to install the referenced SDKs or run any npx commands, review those packages' sources and release provenance; and (5) if additional code files or an install script appear later (the skill currently has none), re-evaluate because that would change the risk profile.
功能分析
Type: OpenClaw Skill
Name: ainative-auth-guide
Version: 1.0.0
The skill bundle is a documentation guide for implementing authentication with the AINative API (api.ainative.studio). It provides standard code snippets for JWT, OAuth2, and API key management in Python and TypeScript, and does not contain any executable logic, data exfiltration attempts, or malicious instructions.
能力评估
Purpose & Capability
The name/description (implementing API key, JWT, OAuth2 flows) matches the SKILL.md content: example requests, endpoints, Next.js middleware usage and token flows are exactly what an auth guide would show. No unrelated services or credentials are demanded by the skill metadata.
Instruction Scope
The instructions are limited to demonstrating HTTP calls to api.ainative.studio, OAuth callback flows, token refresh/logout, and a Next.js middleware snippet. They do not instruct reading arbitrary local files or exfiltrating data to unexpected endpoints. References to repository paths and npx/SDK usage are documentation pointers, not directives to access unrelated system state.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it doesn't write or execute code on the host. That represents the lowest install risk.
Credentials
The skill metadata declares no required env vars or credentials, which is reasonable for a guide. The SKILL.md examples, however, reference process.env.AINATIVE_API_KEY and placeholder API keys (ak_your_key). This is an expected example usage pattern but is not reflected in requires.env; users should be aware the guide presumes you will provide your own keys when implementing the examples.
Persistence & Privilege
always is false and there is no install or code that would persist or modify other skills or global agent settings. The skill does not request permanent presence or elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ainative-auth-guide - 安装完成后,直接呼叫该 Skill 的名称或使用
/ainative-auth-guide触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the ainative-auth-guide skill.
- Provides comprehensive authentication guidance for AINative APIs, including API key, JWT, email/password, OAuth2 (LinkedIn/GitHub), and middleware patterns.
- Includes usage examples for Python and TypeScript, with step-by-step registration, login, token management, and social login flows.
- Lists main authentication endpoints, error codes, and reference links for further documentation.
元数据
常见问题
Ainative Auth Guide 是什么?
Implement authentication for AINative APIs. Use when (1) Choosing between API key and JWT auth, (2) Registering/logging in users, (3) Refreshing tokens, (4)... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 152 次。
如何安装 Ainative Auth Guide?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ainative-auth-guide」即可一键安装,无需额外配置。
Ainative Auth Guide 是免费的吗?
是的,Ainative Auth Guide 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ainative Auth Guide 支持哪些平台?
Ainative Auth Guide 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ainative Auth Guide?
由 Toby Morning(@urbantech)开发并维护,当前版本 v1.0.0。
推荐 Skills