← 返回 Skills 市场
eric8810

Authy

作者 eric8810 · GitHub ↗ · v0.3.0
cross-platform ⚠ suspicious
772
总下载
2
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install authy
功能描述
Inject secrets into subprocesses via environment variables. You never see secret values — authy run injects them directly. Use for any command that needs API...
使用说明 (SKILL.md)

Authy — Secure Secret Injection

Inject secrets into subprocesses as environment variables. You never see, handle, or log secret values.

How It Works

Your token is run-only. You can discover secret names with authy list and inject them into subprocesses with authy run. You never see secret values directly.

Inject Secrets into a Command

authy run --scope \x3Cpolicy> --uppercase --replace-dash '_' -- \x3Ccommand> [args...]

The --uppercase --replace-dash '_' flags turn secret names like db-host into env vars like DB_HOST.

Examples:

authy run --scope deploy --uppercase --replace-dash '_' -- ./deploy.sh
authy run --scope backend --uppercase --replace-dash '_' -- node server.js
authy run --scope testing --uppercase --replace-dash '_' -- pytest

Discover Secret Names

authy list --scope \x3Cpolicy> --json

Output: {"secrets":[{"name":"db-host","version":1,...}]}

Write Scripts That Use Secrets

Write code that reads environment variables, then run it with authy run:

cat > task.sh \x3C\x3C 'EOF'
#!/bin/bash
curl -H "Authorization: Bearer $API_KEY" https://api.example.com/data
EOF
chmod +x task.sh
authy run --scope my-scope --uppercase --replace-dash '_' -- ./task.sh

Error Codes

Code Meaning
0 Success
2 Auth failed — check AUTHY_TOKEN / AUTHY_KEYFILE
3 Secret or policy not found
4 Access denied or run-only restriction
6 Token invalid, expired, or revoked

Rules

  1. Only use authy run and authy list — these are the only commands available to you
  2. Never hardcode credentials — reference env vars, run via authy run
  3. Never echo, print, or log env vars in subprocess scripts — secrets exist in memory only
  4. Never redirect env vars to files — do not write $SECRET to disk
  5. Use --scope to limit access to needed secrets only
安全使用建议
This skill appears to do what it says — it wraps an on-PATH authy CLI to inject secrets as environment variables for subprocesses. Before installing, verify: (1) the `authy` binary's origin and integrity (the SKILL.md references a GitHub repo but registry shows no homepage), (2) whether you are comfortable giving the agent access to AUTHY_TOKEN and AUTHY_KEYFILE (these allow retrieval/injection of secrets), and (3) that tokens granted are least-privilege and run-only. Note the metadata mismatches (registry vs SKILL.md) and ask the publisher to clarify required files and which env var is the primary credential. Finally, avoid enabling autonomous agent invocations with broad permissions — any command run via `authy run` can access injected secrets and could exfiltrate them if misused.
功能分析
Type: OpenClaw Skill Name: authy Version: 0.3.0 This skill is suspicious due to its inherent design enabling arbitrary command execution and file manipulation, which creates a significant prompt injection vulnerability for the AI agent. The `SKILL.md` and `references/commands.md` explicitly demonstrate how to create and execute shell scripts (`cat > task.sh ... chmod +x task.sh ... ./task.sh`) that can perform network operations (e.g., `curl`, `psql`). While the skill's stated purpose is legitimate (secret injection), these capabilities, combined with the agent's ability to interpret instructions, provide a direct vector for a malicious prompt to instruct the agent to exfiltrate data or execute arbitrary code, despite the 'Rules' attempting to guide secure usage.
能力评估
Purpose & Capability
The skill name/description (secret injection) matches the required binary (authy) and required env vars (AUTHY_TOKEN, AUTHY_KEYFILE). However, registry metadata lists no required config file or primary credential while the SKILL.md metadata explicitly requires $AUTHY_KEYFILE and AUTHY_TOKEN — a mismatch in declared requirements between registry and SKILL.md.
Instruction Scope
SKILL.md limits agent actions to `authy list` and `authy run`, and describes how to run arbitrary subprocesses with secrets injected. That is consistent with the stated purpose, but by design it gives an invoked command full access to secret values in its environment. The instructions also rely on the agent/script writer to never echo/log secrets (a behavioral constraint that is unenforceable), which increases the risk of accidental or malicious exfiltration.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. It does require a preinstalled `authy` binary on PATH, which is reasonable for a CLI wrapper.
Credentials
Requiring AUTHY_TOKEN and AUTHY_KEYFILE is proportionate for a secret-injection CLI. But SKILL.md metadata claims the KEYFILE path (files: ["$AUTHY_KEYFILE"]) while registry metadata lists no config paths; primary credential is unspecified in registry though SKILL.md calls out AUTHY_TOKEN as the run credential. This inconsistency should be clarified.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request modifying other skills or global config. Autonomous invocation is allowed by platform default, which increases blast radius but is not a standalone reason to reject.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install authy
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /authy 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
Project config (.authy.toml), shell hook, alias generator, tightened agent skill scope
v0.2.2
Tighten instruction scope: remove operator commands from agent-facing docs, strengthen credential language, declare file path dependency
v0.2.1
Add structured metadata for ClawHub trust review
v0.2.0
v0.2.0: Run-only enforcement, JSON output, env/import/export commands
元数据
Slug authy
版本 0.3.0
许可证
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Authy 是什么?

Inject secrets into subprocesses via environment variables. You never see secret values — authy run injects them directly. Use for any command that needs API... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 772 次。

如何安装 Authy?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install authy」即可一键安装,无需额外配置。

Authy 是免费的吗?

是的,Authy 完全免费(开源免费),可自由下载、安装和使用。

Authy 支持哪些平台?

Authy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Authy?

由 eric8810(@eric8810)开发并维护,当前版本 v0.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论