← 返回 Skills 市场
Approve Pairing
作者
madan-wego
· GitHub ↗
· v2.0.0
1032
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install approve-pairing
功能描述
Approve a pending DM pairing request without the openclaw CLI, by directly editing credential files. Use when `openclaw pairing approve` is unavailable (CLI...
使用说明 (SKILL.md)
approve-pairing
Approve pending DM pairing requests by writing directly to OpenClaw credential files — no CLI required.
How It Works
Pairing state lives in two files under ~/.openclaw/credentials/:
\x3Cchannel>-pairing.json— pending requests (sender ID, code, accountId)\x3Cchannel>-\x3CaccountId>-allowFrom.json— approved senders allowlist
Approving = add sender ID to allowFrom file + remove code from pairing file.
Quick Approval (script)
python3 skills/approve-pairing/scripts/approve_pairing.py \x3Cchannel> \x3Ccode>
Example:
python3 skills/approve-pairing/scripts/approve_pairing.py telegram PWVW264M
The script:
- Reads
~/.openclaw/credentials/\x3Cchannel>-pairing.json - Finds the request matching the code
- Appends the sender ID to the allowFrom file
- Removes the code from pending requests
Manual Steps (if script unavailable)
- Read
~/.openclaw/credentials/\x3Cchannel>-pairing.jsonto getidandmeta.accountId - Write/update
~/.openclaw/credentials/\x3Cchannel>-\x3CaccountId>-allowFrom.json:{ "version": 1, "allowFrom": ["\x3Csender_id>"] } - Clear the pending request from
\x3Cchannel>-pairing.json
Notes
- Codes expire after 1 hour — check
createdAtif approval fails - A gateway restart may be needed:
openclaw gateway restart - If
accountIdis"default"or empty, the file is\x3Cchannel>-default-allowFrom.json - Pending requests capped at 3 per channel; old ones must expire before new ones are created
安全使用建议
This skill directly edits your OpenClaw credential files to approve a sender. That is the intended behavior, but it's powerful: only run the script locally on a machine you trust and after verifying the pairing code and sender ID. Before running, (1) inspect the script (it's included) to confirm it will target the correct credentials directory; (2) back up ~/.openclaw/credentials; (3) be aware of the documentation mismatch — the script uses '<channel>-allowFrom.json' for empty accountId whereas the SKILL.md mentions '<channel>-default-allowFrom.json'; and (4) note the script respects OPENCLAW_CREDENTIALS_DIR if set (SKILL.md doesn't mention this). Prefer the official 'openclaw pairing approve' CLI when available; use this only when you understand and accept the filesystem changes.
功能分析
Type: OpenClaw Skill
Name: approve-pairing
Version: 2.0.0
The `scripts/approve_pairing.py` script is vulnerable to path traversal. The `channel` argument, taken directly from command-line input, is used to construct file paths (e.g., `f"{channel}-pairing.json"`) without proper sanitization or validation against a whitelist. This allows an attacker to use `../` sequences to read and write arbitrary files outside the intended `~/.openclaw/credentials/` directory, leading to a critical arbitrary file read/write vulnerability. While the script's stated purpose is to manage OpenClaw credential files, this flaw extends its capabilities beyond the intended scope, making it suspicious.
能力评估
Purpose & Capability
The Python script reads and writes the same ~/.openclaw/credentials files the SKILL.md describes and implements the described approve-by-editing workflow. No unrelated binaries, services, or credentials are requested.
Instruction Scope
Instructions are narrowly scoped to reading and updating pairing/allowlist JSON files. Minor inconsistencies between SKILL.md and the script: SKILL.md says a missing/empty accountId should map to '<channel>-default-allowFrom.json', while the script uses '<channel>-allowFrom.json' for an absent accountId. SKILL.md also does not document the optional OPENCLAW_CREDENTIALS_DIR environment variable the script supports.
Install Mechanism
No install spec is present (instruction-only skill with one included script). Nothing is downloaded or installed; the risk surface is limited to running the provided local script.
Credentials
The skill requests no credentials and does not call external endpoints. It does read an optional OPENCLAW_CREDENTIALS_DIR env var (not declared in the SKILL.md). This is reasonable but should be noted because it can change which files are modified.
Persistence & Privilege
The skill is not always-on, does not request elevated platform privileges, and does not modify other skills or global agent configuration. Its effect is limited to filesystem edits in the credentials directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install approve-pairing - 安装完成后,直接呼叫该 Skill 的名称或使用
/approve-pairing触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Approve DM pairing requests without the openclaw CLI
v1.0.0
Approve DM pairing requests without the openclaw CLI
元数据
常见问题
Approve Pairing 是什么?
Approve a pending DM pairing request without the openclaw CLI, by directly editing credential files. Use when `openclaw pairing approve` is unavailable (CLI... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1032 次。
如何安装 Approve Pairing?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install approve-pairing」即可一键安装,无需额外配置。
Approve Pairing 是免费的吗?
是的,Approve Pairing 完全免费(开源免费),可自由下载、安装和使用。
Approve Pairing 支持哪些平台?
Approve Pairing 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Approve Pairing?
由 madan-wego(@madan-wego)开发并维护,当前版本 v2.0.0。
推荐 Skills