← 返回 Skills 市场
134
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install authlock
功能描述
AuthLock (机密保护) - MFA-bound secret protection. Triggers when user mentions authlock, secret protection (机密保护), TOTP encryption, MFA binding (MFA绑定), password...
使用说明 (SKILL.md)
AuthLock - MFA-bound Secret Protection (机密保护)
Provides TOTP-based encryption for sensitive data (passwords, certificates, keys), requiring MFA verification for each decryption.
Installation (安装)
# Install dependencies (安装依赖)
pip3 install --user cryptography pyotp qrcode
Usage:
# Direct call (recommended)
python3 \x3CSKILL_DIR>/authlock_cli.py \x3Ccommand>
# Or add temporary alias (current shell only)
alias authlock='python3 \x3CSKILL_DIR>/authlock_cli.py'
\x3CSKILL_DIR>is the skill installation directory, the parent folder of this SKILL.md file.
Multi-tenant Support (多租户支持)
Achieve tenant isolation via different locations, internal structure remains unchanged.
Location Levels (位置级别)
| Level | Location | Description |
|---|---|---|
| System (系统级) | ~/.authlock/ |
Shared across all workspaces, default |
| Workspace (工作区级) | \x3CWORKSPACE>/.authlock/ |
Independent for current workspace |
| User (用户级) | Custom path | User-specified location |
Lookup Priority
User (--path/AUTHLOCK_HOME) → Workspace → System
- User level highest: Via
--pathparameter orAUTHLOCK_HOMEenv var - Workspace level medium: Auto-detect
OPENCLAW_WORKSPACEenv or current directory - System level fallback: Default
~/.authlock/
Initialize Level
# Interactive selection (recommended)
authlock init
# Specify level
authlock init --level system # System level
authlock init --level workspace # Workspace level
authlock init --level user --path /custom/path # User level
View Location
# Show current location and lookup paths
authlock which
# List all existing locations
authlock locations
Location-specific Operations
# All commands support --path parameter
authlock seal secret.txt --name my-pass --path /custom/path
authlock open my-pass --code 123456 --path /custom/path
authlock list --path /custom/path
Quick Start (快速开始)
Initialize (初始化)
# Interactive level selection
authlock init
# Or specify level
authlock init --level system
authlock init --level workspace
authlock init --level user --path /custom/path
# Or import existing seed
authlock init --seed JBSWY3DPEHPK3PXP
Initialization displays QR code, scan with Microsoft Authenticator.
Seal (Encrypt) / 封印(加密)
# Encrypt file
authlock seal ~/.ssh/id_rsa --name my-server-key
# Encrypt text (from pipe)
echo "super_secret_password" | authlock seal - --name db-password
# Encrypt with specified name
authlock seal ~/.ssh/server.pem --name prod-ssh-key
Open (Decrypt) / 解密
# Decrypt to stdout
authlock open my-server-key --code 123456
# Decrypt to file
authlock open my-server-key --code 123456 --output ~/.ssh/id_rsa
# Decrypt and execute (SSH example)
authlock open prod-ssh-key --code 123456 --exec "ssh -i - user@host"
Management
# List all sealed secrets
authlock list
# Delete secret
authlock delete old-password
# Show current location
authlock which
# List all locations
authlock locations
How It Works
┌─────────────────────────────────────────────────────────┐
│ Encryption Flow │
│ │
│ Sensitive data ──┐ │
│ ├──► AES-256-GCM ──► Ciphertext │
│ TOTP seed ───────┘ │
│ + salt │
└─────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────┐
│ Decryption Flow │
│ │
│ User enters TOTP code (123456) │
│ │ │
│ ▼ │
│ Code valid ✓ ──► Derive key ──► AES-256-GCM decrypt │
│ ──► Plaintext │
│ │
└─────────────────────────────────────────────────────────┘
Configuration
Optional PIN
Add second layer protection:
# Set PIN
authlock config --set-pin
# Enable mandatory PIN
authlock config --require-pin
# Now each decryption needs TOTP + PIN
authlock open my-key --code 123456 --pin
Security Notes (安全说明)
⚠️ TOTP 授权隔离原则
每次解密都是独立事件,必须单独验证:
| 禁止 | 说明 |
|---|---|
| ❌ 复用 TOTP code | "刚才已经提供过 code 了" |
| ❌ 缓存 code | 将 code 存储起来后续使用 |
| ❌ 批量授权 | 一次 code 覆盖多次解密 |
| 必须 | 说明 |
|---|---|
| ✅ 每次独立询问 | 每次 open 都询问当前有效的 TOTP |
| ✅ 验证时效性 | TOTP 有效期约 30 秒,过期必须重新获取 |
| ✅ 即用即弃 | 解密后明文仅用于当前操作,不保留 |
Agent 执行流程:
用户请求解密 AUTHLOCK-xxx
↓
询问:"请提供当前有效的 TOTP code"
↓
用户提供 code (如: 123456)
↓
执行: authlock open xxx --code 123456
↓
使用明文执行操作 (SSH连接等)
↓
清除内存中的明文
重要: 即使对话中有过解密操作,下次请求时必须重新询问 TOTP code。
⛔ Absolute Prohibitions (绝对禁止事项)
Never echo plaintext password in conversation! (绝对不能在会话中回显明文密码!)
- Agent must never show decrypted plaintext in chat response
- Even with
--outputto file, don't echo file contents - Plaintext input during
sealoperation also shouldn't be echoed - To confirm success, only return "✅ Sealed/Decrypted", not content
Example (wrong vs correct):
❌ Wrong: Decryption successful, password: super_secret_password
✅ Correct: ✅ Decrypted to specified file
Session Security
- Decrypted result only for in-memory operations (SSH connection, DB connection)
- Not written to chat history
- Not written to session cache files
- Immediately clear plaintext from memory after operation
Other Security Notes
- TOTP seed safety: Seed stored in config file, backup carefully
- Time sync: Ensure accurate system time, TOTP depends on time
- Memory safety: Decrypted plaintext exists briefly in memory only
- Backup: Backup corresponding
~/.authlock/directory
Trigger Keywords
authlock, secret protection, TOTP encryption, MFA binding, password vault, certificate encryption
Secret Reference Convention
Use AUTHLOCK-\x3CNAME> format in documents to reference encrypted secrets.
Reference Format
AUTHLOCK-\x3CUPPERNAME>
| Reference Example | Actual Secret Name | Description |
|---|---|---|
AUTHLOCK-TEST-HELLO |
test-hello |
Test secret |
AUTHLOCK-DB-PASSWORD |
db-password |
Database password |
AUTHLOCK-PROD-SSH-KEY |
prod-ssh-key |
SSH private key |
Naming rules:
- Reference uses uppercase letters and hyphens
- Actual secret name: remove
AUTHLOCK-prefix, convert to lowercase - Example:
AUTHLOCK-DB-PASSWORD→db-password
Agent Usage Flow
- Discover reference: Find
AUTHLOCK-xxxformat in document - Request verification: Ask user for current TOTP code
- Decrypt secret:
python3 \x3CSKILL_DIR>/authlock_cli.py open \x3Cname> --code \x3Ccode> - In-memory use: Keep decryption result in memory, no disk write
- Write file: Only when user explicitly specifies output path
Using in Documents
# Server Configuration
- SSH Key: AUTHLOCK-PROD-SSH-KEY
- Database Password: AUTHLOCK-DB-PASSWORD
- API Token: AUTHLOCK-API-TOKEN
Security principles:
- Decrypted result should not be written to disk
- Agent should handle secret in memory only
- Only write to file when user explicitly specifies output path
安全使用建议
This skill appears to do what it claims (a local TOTP-bound secret store). Before installing or invoking it: 1) Review the authlock_cli.py implementation yourself (it runs locally and writes files to ~/.authlock or workspace paths). 2) Prefer initializing at workspace or user-level rather than system-level unless you understand multi-workspace implications. 3) Be cautious with the --exec feature: running commands with a decrypted secret can expose secrets via process arguments, remote transmission, or logging — inspect how the tool injects secrets into commands. 4) The init flow prints the TOTP seed/QR; treat that output as highly sensitive and do not post it into chat. 5) The SKILL.md instructs agents never to echo plaintext — if you let an automated agent call this skill, enforce that policy (ask for TOTP every time, do not record plaintext in conversation or logs). 6) If you need higher assurance, run the script in an isolated environment, and consider having a security-aware person audit memory handling and the exec path for accidental leakage.
功能分析
Type: OpenClaw Skill
Name: authlock
Version: 1.0.2
The authlock skill is a legitimate MFA-protected secret management tool that uses AES-256-GCM encryption and TOTP (Time-based One-Time Password) for data protection. The SKILL.md file contains robust security instructions directing the AI agent to never echo decrypted secrets in chat and to handle sensitive data only in memory. While authlock_cli.py includes a potentially risky --exec feature using subprocess.run(shell=True), this functionality is aligned with the tool's stated purpose of using secrets (like SSH keys) without writing them to permanent storage, and no evidence of malicious intent or data exfiltration was found.
能力评估
Purpose & Capability
Name/description (MFA-bound secret protection) align with included CLI implementation: TOTP seed generation, AES-256-GCM encryption, local storage (~/.authlock or workspace/user path), PIN support and per-decryption TOTP verification. No unrelated credentials, services, or binaries are requested.
Instruction Scope
SKILL.md stays within the tool's purpose and explicitly forbids echoing plaintext in chat and requires per-decryption TOTP. One notable capability is the --exec option (run a command using the decrypted secret), which is reasonable for use-cases like SSH but increases risk of secret exposure (process args, remote hosts, logs). The instructions also reference AUTHLOCK_HOME and OPENCLAW_WORKSPACE (expected). The skill puts the seed/QR on-screen during init (expected for provisioning) — agents must not leak that to chat.
Install Mechanism
No packaged install spec; SKILL.md suggests a local pip install of reasonably scoped Python packages (cryptography, pyotp, qrcode). This is a low-risk, common developer install step. No downloads from untrusted URLs or execution of external installers are present.
Credentials
The skill requests no external environment variables or credentials. It optionally uses AUTHLOCK_HOME and OPENCLAW_WORKSPACE for locating storage; these are proportional to multi-tenant/local path functionality. No unrelated SECRET/TOKEN env vars are requested.
Persistence & Privilege
Skill is not always-enabled and uses its own on-disk config under user/workspace/system-scoped .authlock directories. It does not request system-wide privileges, modify other skills' configs, or require persistent platform-level privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install authlock - 安装完成后,直接呼叫该 Skill 的名称或使用
/authlock触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fix data directory name: .clawauth -> .authlock; Improve SKILL.md language consistency
v1.0.1
Rename clawauth to authlock, update CLI filename and env vars
v1.0.0
MFA-bound secret protection with TOTP encryption
元数据
常见问题
authlock 是什么?
AuthLock (机密保护) - MFA-bound secret protection. Triggers when user mentions authlock, secret protection (机密保护), TOTP encryption, MFA binding (MFA绑定), password... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。
如何安装 authlock?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install authlock」即可一键安装,无需额外配置。
authlock 是免费的吗?
是的,authlock 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
authlock 支持哪些平台?
authlock 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 authlock?
由 johnluicn(@johnluicn)开发并维护,当前版本 v1.0.2。
推荐 Skills