← 返回 Skills 市场
eyhn

botauth

作者 EYHN · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ 安全检测通过
238
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install botauth
功能描述
Use the botauth CLI to list, search, and retrieve secrets from the user's unlocked botauth vault with per-request approval in the desktop app. Use when a tas...
使用说明 (SKILL.md)

botauth

Use botauth to securely retrieve API keys, tokens, and credentials from the user's botauth vault. The desktop app must be running, the vault must be unlocked, and every list, search, and get request can trigger an approval prompt.

When to use

  • You need an API key, token, or password to complete a task
  • The user asks you to use credentials that already exist in botauth
  • You need to fill a .env file or config from the user's vault

Do not save new secrets unless the user explicitly asks. botauth add opens a desktop flow for the user to fill in the credential.

Prerequisites

  • botauth must be installed and available on PATH
  • The botauth desktop app must be running
  • The vault must be unlocked
  • Run botauth status first

Core commands

Check connection

botauth status

Search or list secrets

botauth search "openai"
botauth search "github" --provider github
botauth list
botauth list --provider github
botauth list --tags dev,production

Retrieve a secret in two steps

First get metadata:

botauth get "OpenAI API Key"
botauth get --id \x3Csecret-id>

Then fetch the sensitive fields:

botauth get --id \x3Csecret-id> --fields api_key
botauth get --id \x3Csecret-id> --fields api_key,client_secret --access-key \x3Ckey>

Reuse --access-key inside the same workflow when possible to avoid redundant approval prompts.

Ask the user to create a secret

botauth add
botauth add --app openai --secret-name "Production Key"

Typical workflow

botauth status
botauth search "openai"
botauth get "OpenAI API Key"
botauth get --id \x3Cid> --fields api_key --access-key \x3Caccess-key>
export OPENAI_API_KEY="\x3Cvalue>"

JSON output

Use --json for machine-readable output:

botauth search "github" --json
botauth get --id \x3Cid> --fields token --json

Important notes

  • list, search, get, and add may show approval prompts in the desktop app
  • Sensitive values only come back from get --fields
  • Access keys are short-lived; reuse them during a single task, then discard them
  • If botauth status fails, ask the user to launch or unlock the desktop app
安全使用建议
This skill is consistent with its description: it runs your local 'botauth' CLI to fetch secrets and relies on desktop approval prompts. Before installing/using it: 1) verify you trust the botauth CLI package source (README suggests npm @botauth/cli) and install only from the official package or vendor; 2) be aware that if the agent invokes the skill and you approve a request, the agent will receive the secret value (avoid persisting it to files and clear env vars after use); 3) consider disabling autonomous invocation of the agent or requiring explicit user confirmation for actions that retrieve secrets; and 4) note the minor metadata mismatch (registry didn't declare the botauth binary requirement) — confirm the 'botauth' CLI is present on hosts where the agent will run.
功能分析
Type: OpenClaw Skill Name: botauth Version: 0.1.0 The botauth skill bundle provides instructions for an AI agent to interact with a local secret management CLI. It facilitates searching and retrieving credentials from a vault, but includes security-conscious instructions such as requiring a desktop app for per-request approval prompts and using a two-step process to fetch sensitive fields. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or the associated metadata.
能力评估
Purpose & Capability
The SKILL.md, README, and manifest consistently describe retrieving secrets from a local botauth vault via the botauth CLI and desktop approval prompts. However, registry metadata lists no required binaries while the instructions explicitly require a 'botauth' CLI on PATH — a minor metadata mismatch.
Instruction Scope
Instructions are narrowly scoped to running botauth commands (status, search, list, get, add), parsing JSON output, and exporting retrieved secrets for use. They do not instruct reading unrelated files, contacting external endpoints, or exfiltrating data to third parties. The workflow explicitly expects user approval for secret retrieval.
Install Mechanism
This is an instruction-only skill (no install spec). README suggests installing the CLI with 'npm install -g @botauth/cli', but the registry has no formal install step — the skill will rely on a preinstalled CLI. That is reasonable but means the user/host must vet the CLI package source before installing.
Credentials
The skill does not declare or request environment variables or credentials. It does, however, guide retrieving sensitive values and exporting them into the agent's runtime environment for task use — this is expected for a secret-retrieval helper but increases sensitivity: any retrieved secret becomes accessible to the agent session if you approve retrieval.
Persistence & Privilege
always:false and normal autonomous invocation are set. Autonomous invocation plus secret retrieval increases blast radius only if the agent is allowed to call the skill and a user approves retrieval prompts. Consider whether you want the agent to be able to call this skill autonomously.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install botauth
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /botauth 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of the botauth skill. - Allows secure listing, searching, and retrieval of secrets from the user's botauth vault with per-request approval in the desktop app. - Supports common workflows to get credentials, fill config files, and prompt users to add new secrets. - Implements `status`, `list`, `search`, `get`, and `add` commands. - Sensitive values are only accessible with approval; short-lived access keys enhance security. - Emphasizes security best practices and integration with the desktop app.
元数据
Slug botauth
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

botauth 是什么?

Use the botauth CLI to list, search, and retrieve secrets from the user's unlocked botauth vault with per-request approval in the desktop app. Use when a tas... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 238 次。

如何安装 botauth?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install botauth」即可一键安装,无需额外配置。

botauth 是免费的吗?

是的,botauth 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

botauth 支持哪些平台?

botauth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 botauth?

由 EYHN(@eyhn)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论