← 返回 Skills 市场
376
总下载
0
收藏
3
当前安装
3
版本数
在 OpenClaw 中安装
/install auth-guard
功能描述
Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth sta...
使用说明 (SKILL.md)
Auth Guard
Enforce a deterministic auth path: one credential source, one helper command path, one startup check, one fallback policy.
Quick Workflow
- Identify the target service endpoint and current failing flow.
- Define canonical credential source (env var first, credentials file second).
- Create/update a helper script in workspace (
.pi/) that always injects auth. - Add a startup/auth-check command that verifies credentials and endpoint access.
- Update HEARTBEAT.md or AGENTS.md to require helper usage (ban raw unauthenticated calls).
- Add explicit fallback behavior for unauthorized states.
Rules to Apply
- Prefer
ENV_VARoverride, then~/.config/\x3Cservice>/credentials.json. - Never embed secrets in logs, memory notes, or chat responses.
- Never call protected endpoints via raw curl if a helper exists.
- Keep fallback behavior explicit and low-noise.
- Store helper scripts in
workspace/.pi/for easy reuse.
Runtime Requirements
bashcurlpython3
Check once before using this skill:
command -v bash curl python3 >/dev/null
Safety Limits
- Pass only trusted credential paths under
~/.config/\x3Cservice>/...by default. - Do not point
--cred-fileat arbitrary workspace files or unrelated secret stores. - Keep probe URLs scoped to the target service auth endpoint.
Startup Auth Check Pattern
Run at session start (or before heartbeat loops):
bash skills/auth-guard/scripts/auth_check.sh \
--service moltbook \
--url 'https://www.moltbook.com/api/v1/feed?sort=new&limit=1' \
--env-var MOLTBOOK_API_KEY \
--cred-file "$HOME/.config/moltbook/credentials.json"
Expected outcomes:
AUTH_OK→ proceed with normal authenticated helper flow.AUTH_MISSINGorAUTH_FAIL_*→ use defined fallback path and record one concise note.
Reusable Snippets
Use drop-in policy snippets from:
references/snippets.md(HEARTBEAT + AGENTS + helper policy blocks)
References
references/contract.mdfor the full Keychain Contract patternreferences/snippets.mdfor ready-to-paste operational snippetsreferences/examples.mdfor multi-service usage examples (Moltbook, GitHub, Slack)
安全使用建议
This skill appears coherent and limited to auth-probing behavior. Before installing or running: (1) review the included scripts in skills/auth-guard/scripts/auth_check.sh and any helper templates you copy into workspace/.pi/ so you understand what will be executed; (2) only pass probe URLs you trust and that belong to the target service (the script requires https://); (3) keep credential files under ~/.config/ as advised and ensure those files have appropriate filesystem permissions; (4) when adding the helper to HEARTBEAT.md/AGENTS.md, ensure teammates know the canonical retrieval order (env var first) so no automation unintentionally loses access; (5) if you plan to use helper scripts that read other local credential formats (e.g., gh/gh auth), integrate those carefully rather than pointing --cred-file at arbitrary workspace files.
功能分析
Type: OpenClaw Skill
Name: auth-guard
Version: 1.1.1
The 'auth-guard' skill is designed to standardize and verify API credential handling for an AI agent. It includes a bash script (scripts/auth_check.sh) that validates credentials from environment variables or local configuration files (~/.config/) and performs a connectivity check via curl. The skill includes several security-conscious features, such as enforcing HTTPS for probe URLs, restricting credential file access to the user's config directory, and explicit instructions in SKILL.md and references/contract.md to never log or expose raw secrets.
能力评估
Purpose & Capability
Name/description, examples, SKILL.md, and scripts all focus on performing an auth probe for protected endpoints and establishing helper scripts. The included script accepts a service name, probe URL, env-var name, and credentials file — exactly what an auth-check tool needs. No unrelated resources (cloud creds, extra binaries, or external services) are requested.
Instruction Scope
Runtime instructions and the provided script limit actions to reading an env var or a credentials JSON (under ~/.config/*), probing an HTTPS endpoint with curl, and returning a short status string. The SKILL.md explicitly warns against logging secrets and against pointing cred-file at arbitrary workspace files. There is no instruction to collect or transmit secrets elsewhere.
Install Mechanism
No install spec; this is instruction-only with one included helper script. Nothing is downloaded or written by an installer. Risk is limited to executing the provided script (which the user can review).
Credentials
The registry metadata declares no required env vars or primary credential. The script takes an env-var name as a parameter and checks a credentials file path supplied at runtime; it does not demand unrelated secrets. It also enforces that credential files must live under $HOME/.config/, reducing the chance of reading arbitrary workspace secrets.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated privileges, nor does it modify other skills' configs. It asks users to place helper scripts in workspace/.pi/, which is normal for helper tooling and something the user should review before executing.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install auth-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/auth-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
Tightened auth probe safety limits and fixed Moltbook URL normalization to eliminate false unauthorized checks.
v1.0.1
auth-guard 1.0.1 — No visible changes
- No file changes were detected in this version.
- Documentation, rules, and workflow remain the same as the previous release.
- No updates to code, scripts, or reference materials.
v1.0.0
Initial release of auth-guard — a standardized approach to API credential handling and startup authentication checks.
- Enforces a single credential source and deterministic startup auth check to prevent "missing key" regressions.
- Provides a recommended workflow: credential sourcing, helper scripts, startup checks, and fallback policy.
- Includes rules for secure, reusable helper script usage and explicit unauthorized fallback handling.
- Supplies a standard startup auth check pattern and example script invocation.
- Offers reference snippets and contracts for easy integration into agent workflows and documentation.
元数据
常见问题
Auth Guard 是什么?
Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth sta... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 376 次。
如何安装 Auth Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install auth-guard」即可一键安装,无需额外配置。
Auth Guard 是免费的吗?
是的,Auth Guard 完全免费(开源免费),可自由下载、安装和使用。
Auth Guard 支持哪些平台?
Auth Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Auth Guard?
由 Ada Vale(@adainthelab)开发并维护,当前版本 v1.1.1。
推荐 Skills