← 返回 Skills 市场
问题:
433
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install clawhub-login
功能描述
帮助无头服务器通过手动 OAuth 流程登录 ClawHub,生成授权 URL 并验证回调完成认证,避免浏览器启动失败。
使用说明 (SKILL.md)
clawhub-login
ClawHub OAuth 登录助手 - 无头服务器专用
version: 1.0.0
author: 大总管
description: 帮助在无头服务器上通过 OAuth 方式登录 ClawHub,解决浏览器认证问题
问题场景
在无头服务器(无浏览器)上使用 clawhub login 时:
- 默认会尝试打开浏览器 → 失败 (
spawn xdg-open ENOENT) - 需要手动获取授权 URL → 在本地浏览器打开 → 完成认证
本 skill 自动化这个流程。
使用方法
方式 1:交互式(推荐)
python3 ~/.openclaw/workspace/skills/clawhub-login/scripts/clawhub_login.py
按提示操作:
- 复制输出的授权 URL
- 在本地浏览器打开
- 授权后复制回调 URL
- 粘贴到服务器完成登录
方式 2:命令行
# 获取授权 URL
python3 ~/.openclaw/workspace/skills/clawhub-login/scripts/clawhub_login.py --get-url
# 验证登录状态
python3 ~/.openclaw/workspace/skills/clawhub-login/scripts/clawhub_login.py --check
# 退出登录
python3 ~/.openclaw/workspace/skills/clawhub-login/scripts/clawhub_login.py --logout
完整流程
步骤 1:运行脚本
$ python3 scripts/clawhub_login.py
🔐 ClawHub OAuth 登录助手
检测到无头环境,使用手动授权模式...
1. 打开以下 URL(复制到本地浏览器):
https://clawhub.ai/cli/auth?redirect_uri=...&state=xxx
2. 授权后,复制浏览器显示的 URL
3. 粘贴回调 URL:
步骤 2:在本地浏览器打开 URL
- 点击授权
- 浏览器会跳转到回调页面
- 复制完整的回调 URL
步骤 3:粘贴到服务器
粘贴回调 URL:https://clawhub.ai/cli/auth/callback?code=xxx&state=xxx
✅ 登录成功!欢迎 @mengwuzhi
在 OpenClaw 中使用
# 让 agent 帮你登录
openclaw agent --message "帮我登录 ClawHub"
Agent 会:
- 运行
clawhub login获取授权 URL - 输出 URL 让你复制到本地浏览器
- 等待你提供回调 URL
- 完成登录
技术原理
ClawHub 使用 OAuth 2.0 流程:
1. CLI 生成授权 URL(含 state 参数)
↓
2. 用户在浏览器打开并授权
↓
3. ClawHub 重定向到回调 URL(含 code)
↓
4. CLI 用 code 交换 token
↓
5. Token 保存到 ~/.clawhub/token
故障排查
问题:xdg-open ENOENT
原因: 无头服务器没有图形界面
解决: 使用本 skill 的手动授权模式
问题:回调 URL 无效
原因: 授权已过期或 state 不匹配
解决: 重新运行脚本获取新的授权 URL
问题:登录状态丢失
原因: Token 文件被删除或过期
解决: 重新登录
相关文件
| 文件 | 路径 |
|---|---|
| Token 存储 | ~/.clawhub/token |
| Token 配置 | ~/.config/clawhub/config.json |
安全提示
- ⚠️ Token 相当于密码,不要分享
- ⚠️ 定期更新 Token(重新登录)
- ⚠️ 不要在公共电脑上保存 Token
基于实战经验
本 skill 基于 2026-02-28 在无头服务器上登录 ClawHub 发布 create-openclaw-agent skill 的实战经验总结。
许可证
MIT License
作者备注: 这是第一个专门解决 ClawHub 无头登录问题的 skill。
安全使用建议
This skill's code matches its stated purpose, but be aware of two issues before installing: (1) the helper runs the 'clawhub' CLI (subprocess.run(['clawhub', ...])) yet the metadata lists no required binaries — ensure you have a legitimate, trusted 'clawhub' binary on the agent. A malicious or tampered 'clawhub' executable could perform arbitrary actions when invoked. (2) The script reads/writes your local token at ~/.clawhub/token and can delete it on logout — treat that token like a password. Recommendations: inspect the included Python script (already present), verify the origin and checksum of your 'clawhub' CLI, run the skill in a restricted user account or sandbox if uncertain, and do not install if you cannot verify the 'clawhub' binary's integrity.
功能分析
Type: OpenClaw Skill
Name: clawhub-login
Version: 1.0.0
The skill bundle is benign. The `SKILL.md` provides clear, non-malicious instructions to the AI agent, aligning with the stated purpose of facilitating ClawHub OAuth login in a headless environment. The `scripts/clawhub_login.py` script interacts with the `clawhub` CLI tool using `subprocess.run` to perform login, status checks, and logout by managing a local token file (`~/.clawhub/token`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent beyond the stated purpose.
能力评估
Purpose & Capability
SKILL.md and the script implement a headless/manual OAuth helper for ClawHub and the script calls the external 'clawhub' CLI via subprocess.run. However the skill metadata declares no required binaries or credentials. The script clearly requires a functional 'clawhub' binary in PATH for core functionality; that mismatch is inconsistent and should have been declared.
Instruction Scope
The SKILL.md instructions align with the intended purpose: generate an auth URL, have the user open it locally, paste the callback URL, and check for the token at ~/.clawhub/token. The instructions do not ask the agent to read unrelated files or exfiltrate data. They do rely on invoking the 'clawhub' CLI and on the presence/content of ~/.clawhub/token and ~/.config/clawhub/config.json (documented).
Install Mechanism
No install spec — this is instruction-only plus a helper script. Nothing is downloaded or installed by the skill itself, which reduces supply-chain risk. The only code present is the included Python script.
Credentials
The skill requests no environment variables or secrets. It checks DISPLAY to detect headless mode and reads/writes the user's home token file (~/.clawhub/token) and may remove it on logout. The main proportionality concern is that it calls an external 'clawhub' binary (not declared), so the security posture depends on whether that binary is trusted and genuine.
Persistence & Privilege
The skill is not always-on and does not request elevated privileges. It does not modify other skills or system-wide agent settings. It will read and occasionally delete the user's local token file (~/.clawhub/token) as part of normal operation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawhub-login - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawhub-login触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始版本,解决无头服务器 OAuth 登录问题
元数据
常见问题
ClawHub Login Helper 是什么?
帮助无头服务器通过手动 OAuth 流程登录 ClawHub,生成授权 URL 并验证回调完成认证,避免浏览器启动失败。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 433 次。
如何安装 ClawHub Login Helper?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawhub-login」即可一键安装,无需额外配置。
ClawHub Login Helper 是免费的吗?
是的,ClawHub Login Helper 完全免费(开源免费),可自由下载、安装和使用。
ClawHub Login Helper 支持哪些平台?
ClawHub Login Helper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawHub Login Helper?
由 mengwuzhi(@mengwuzhi)开发并维护,当前版本 v1.0.0。
推荐 Skills