← 返回 Skills 市场

Auth Preflight Checklist

Name: Auth Preflight Checklist
Author: nissan

作者 Nissan Dookeran · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ pending

总下载

当前安装

版本数

在 OpenClaw 中安装

/install auth-preflight-checklist

功能描述

Preflight checklist for auth-dependent work: verify the active credential lane, runtime environment, scopes, and smallest safe live probe before writing, dep...

使用说明 (SKILL.md)

Auth Preflight Checklist

Use before auth-dependent docs, troubleshooting, cron jobs, deploys, API integrations, or any task where the result depends on a token, service account, OAuth session, 1Password item, gateway model route, deploy key, or approval flag.

Rule

Do not infer auth from configuration alone. Prove the same runtime that will do the work can access the credential and complete the smallest safe live action.

Checklist

Identify the active auth lane.
- Human OAuth, Codex subscription, OpenClaw gateway, raw API key, 1Password service account, deploy key, GitHub App, or provider token.
- Runtime: interactive shell, LaunchAgent, cron, OpenClaw gateway, subagent, CI, VPS, container, or browser session.
Verify secret source and runtime agree.
- Confirm the expected vault/item/field or env var name.
- Check presence only; never print secret values.
- If the job runs under launchd/cron/container, verify inside that environment or with an equivalent env capture.
Run the smallest live probe.
- Notion: retrieve bot/user or target database.
- GitHub: read repo metadata or list app installation access.
- Vercel/Coolify: read project/app metadata before deploy.
- OpenClaw/Codex: run a tiny gateway model smoke test.
- 1Password: read the exact item field with bounded retry.
Check scopes and target access.
- Token exists is not enough.
- Confirm the token can access the specific database, repo, branch, app, project, model route, or webhook target.
Fail with a useful blocker.
- Include missing auth lane, expected secret reference, runtime, probe command, response class, and next owner/action.
- Do not continue into writes/deploys after 401/403/missing scope unless the task explicitly asks for forensic collection only.

Completion Evidence

Auth work is not complete until one is true:

Preflight command passed in the same runtime lane.
Live action succeeded and produced the expected artifact.
Blocker is recorded with exact missing credential/scope/approval and next action.

For OpenClaw model calls in scheduled scripts, prefer gateway/Codex routing. A missing raw OPENAI_API_KEY is not a failure if the OpenClaw gateway smoke test proves the Codex-backed route works.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install auth-preflight-checklist
安装完成后，直接呼叫该 Skill 的名称或使用 /auth-preflight-checklist 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial ClawHub contribution.

元数据

Slug auth-preflight-checklist

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题