← 返回 Skills 市场
markeljan

Codex Multi Subscription Auth Fallbacks

作者 Markeljan · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
849
总下载
2
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install codex-multi-subscription-auth-fallbacks
功能描述
Set up OpenClaw multi-provider auth with OpenAI Codex OAuth fallback profiles and automatic model switching. Use when configuring multiple OpenAI Codex accou...
使用说明 (SKILL.md)

Codex Auth Fallback

Multi-provider auth setup for OpenClaw with automatic failover between Anthropic and multiple OpenAI Codex OAuth sessions.

Overview

OpenClaw supports multiple auth profiles per provider. When one profile hits a rate limit, the platform can fail over to another. This skill covers:

  1. Adding Codex OAuth profiles via device-flow login
  2. Configuring openclaw.json for provider fallback order
  3. Setting up auth-profiles.json with multiple profiles
  4. Deploying a cron job to auto-switch models on cooldown

Prerequisites

  • OpenClaw instance running
  • codex CLI installed (npm i -g @openai/codex) — this also ensures node is available
  • One or more OpenAI accounts with Codex access

Security & Safety

What this skill accesses:

File Access Purpose
~/.codex/auth.json Read + Temporary Write Temporarily cleared to force a fresh device-flow login, then restored from backup. Original tokens are never deleted — a timestamped backup is created first.
~/.openclaw/agents/main/agent/auth-profiles.json Read + Write Imported OAuth tokens (access + refresh) are written here. A timestamped backup is created before any modification.

Important safety notes:

  • Tokens stay local. No tokens are sent to any external endpoint. The script reads tokens from the local Codex CLI auth file and writes them to the local OpenClaw auth-profiles file.
  • Backups are always created. Both files are backed up with timestamps before any modification. If login fails or the script is interrupted, a trap handler restores the original Codex CLI auth automatically.
  • Interactive confirmation. The script prompts for confirmation before clearing the Codex CLI auth file, so you can abort if needed.
  • No elevated privileges. The script runs as your user and does not require sudo or any special permissions.
  • Back up manually first. Despite the automatic backups, it is recommended to manually back up ~/.codex/auth.json and your OpenClaw configs before running, especially on first use.
  • Test with a non-production account. For initial testing, consider using a throwaway or non-production OpenAI account.

Step 1: Add Codex OAuth Profiles

Run the bundled script for each OpenAI account:

./scripts/codex-add-profile.sh \x3Cprofile-name>

The script:

  1. Backs up ~/.codex/auth.json and auth-profiles.json
  2. Clears Codex CLI auth to force fresh device-flow login
  3. Runs codex auth login (opens browser for OAuth)
  4. Extracts tokens and imports them into OpenClaw's auth-profiles.json
  5. Restores the original Codex CLI auth

Repeat for each account. Profile names should be short identifiers (e.g., the OpenAI username).

Step 2: Configure openclaw.json

Add auth profile declarations and fallback model config. See references/config-templates.md for the exact JSON blocks to add to openclaw.json.

Key sections:

  • auth.profiles — Declare each profile with provider and mode
  • auth.order — Set failover priority per provider
  • agents.defaults.model — Set primary model + fallbacks

Step 3: Auth Profiles JSON Structure

OpenClaw stores live tokens in agents/main/agent/auth-profiles.json. See references/config-templates.md for the schema.

Each Codex profile contains:

  • type: "oauth"
  • provider: "openai-codex"
  • access: JWT access token (auto-populated by the add-profile script)
  • refresh: Refresh token (auto-populated)
  • expires: Token expiry in ms (parsed from JWT)
  • accountId: OpenAI account ID (parsed from JWT)

The order object controls which profile is tried first per provider. The usageStats object tracks rate limits and cooldowns automatically.

Step 4: Model Cooldown Auto-Switch Cron (Optional)

This step is entirely optional. The auth profiles from Steps 1-3 work on their own with OpenClaw's built-in failover. This cron job adds automatic model switching, which means your active model may change without manual intervention. Only enable it if you understand and want this behavior.

Deploy a cron job that checks cooldown state every 10 minutes and switches the active model. See references/config-templates.md for the full cron job definition.

The cron job:

  1. Runs openclaw models status to check cooldown state
  2. Picks the best available model (priority: opus > codex profiles in order)
  3. Updates the session model override if needed
  4. Logs state to a local memory file; only notifies on change

Before enabling:

  • Test manually first: run openclaw models status to verify your profiles are working
  • Review the cron job template in references/config-templates.md — the job only runs local commands and writes to a local state file
  • The job runs in an isolated session and does not affect your main chat unless a model switch occurs

Add the job to cron/jobs.json using the template in the references.

File Layout

codex-auth-fallback/
├── SKILL.md                    # This file
├── scripts/
│   └── codex-add-profile.sh    # Device-flow profile importer
└── references/
    └── config-templates.md     # openclaw.json, auth-profiles, cron templates
安全使用建议
This skill appears internally consistent and does what it says: import Codex OAuth sessions into OpenClaw and optionally configure a local cron job to auto-switch models. Before running: (1) Inspect the script (you already have it) and confirm it matches what will be run; (2) Manually back up ~/.codex/auth.json and your OpenClaw configs (the script makes backups but manual backup is recommended); (3) Test with a non-production OpenAI account first; (4) Ensure you have the official codex CLI (npm package) and node installed, and do not run the script as root; (5) When enabling the cron job, replace placeholders (<workspace>, UUID, timestamps) and verify the job only executes local commands in an isolated session. If you see any hidden network requests or differences between the displayed script and the one you run, stop and re-evaluate—that would change this assessment.
功能分析
Type: OpenClaw Skill Name: codex-multi-subscription-auth-fallbacks Version: 1.1.0 The skill is classified as suspicious due to the use of direct prompt injection instructions within the `SKILL.md` and `references/config-templates.md` files, which instruct the AI agent to execute local commands (`openclaw models status`) and modify its internal state (`session_status`). While these actions are aligned with the skill's stated purpose of managing multi-provider authentication and model failover, they represent high-risk capabilities. The `scripts/codex-add-profile.sh` script also handles sensitive OAuth tokens by reading from `~/.codex/auth.json` and writing to `~/.openclaw/agents/main/agent/auth-profiles.json`, although it includes safety measures like backups and user confirmation. There is no evidence of intentional malicious behavior such as data exfiltration or unauthorized remote control.
能力评估
Purpose & Capability
Name/description (multi-provider Codex OAuth import + failover) match the included script and templates. The only sensitive accesses are the Codex CLI auth file and OpenClaw auth-profiles file, which are required to import OAuth tokens—no unrelated services or credentials are requested.
Instruction Scope
SKILL.md and the script stay within scope: they back up and temporarily clear ~/.codex/auth.json, run the codex device-flow login, parse tokens locally with Node, and write to OpenClaw's auth-profiles.json. The optional cron template only runs local commands and writes a local state file per the documentation.
Install Mechanism
No install spec is present; this is instruction-only with a supplied script. The script requires the official codex CLI (npm) and node, which the SKILL.md documents. Nothing is downloaded from arbitrary URLs or written into system-wide locations.
Credentials
No environment variables or external credentials are requested. The script accesses sensitive OAuth tokens stored locally—this is necessary for the stated purpose. Users should be aware these tokens are handled locally and that backups are created; the behavior is proportional but inherently sensitive.
Persistence & Privilege
always: false and the skill does not request persistent platform privileges. It writes only to its declared OpenClaw auth-profiles path and creates timestamped backups; it does not modify other skills or system-wide agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install codex-multi-subscription-auth-fallbacks
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /codex-multi-subscription-auth-fallbacks 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
### Safety & Reliability - Interactive confirmation before clearing `~/.codex/auth.json` — script now prompts `Continue? [y/N]` so you can abort - Trap handler automatically restores Codex CLI auth if the script is interrupted mid-run (EXIT/INT/TERM) - Backup verification — script checks that backup files were actually created before proceeding - Security & Safety section added to SKILL.md documenting exactly which files are accessed, how, and why ### Dependencies - Dropped `python3` and `jq` — the inline script now uses `node` (already present via the codex npm package), eliminating two external dependencies. Only `codex` is required. ### Metadata - SKILL.md frontmatter now declares `requires`, `files_read`, and `files_write` per OpenClaw review requirements ### Documentation - Cron job marked as optional — Step 4 heading and description now make clear that auto-switch is entirely optional, with a "before enabling" checklist - UUID/epoch helpers in config templates updated to use `node -e` instead of `python3 -c`
v1.0.0
Initial release with multi-provider auth and automatic fallback support for OpenClaw: - Enables OpenClaw to use multiple OpenAI Codex OAuth profiles for rate-limit failover. - Provides scripts and instructions to add and manage multiple Codex OAuth profiles via device-flow login. - Supports configuration of fallback priority across Codex and Anthropic providers. - Includes template references for configuring openclaw.json, auth-profiles.json, and required cron jobs. - Automates model switching via cron to handle provider cooldowns.
元数据
Slug codex-multi-subscription-auth-fallbacks
版本 1.1.0
许可证
累计安装 2
当前安装数 1
历史版本数 2
常见问题

Codex Multi Subscription Auth Fallbacks 是什么?

Set up OpenClaw multi-provider auth with OpenAI Codex OAuth fallback profiles and automatic model switching. Use when configuring multiple OpenAI Codex accou... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 849 次。

如何安装 Codex Multi Subscription Auth Fallbacks?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codex-multi-subscription-auth-fallbacks」即可一键安装,无需额外配置。

Codex Multi Subscription Auth Fallbacks 是免费的吗?

是的,Codex Multi Subscription Auth Fallbacks 完全免费(开源免费),可自由下载、安装和使用。

Codex Multi Subscription Auth Fallbacks 支持哪些平台?

Codex Multi Subscription Auth Fallbacks 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Codex Multi Subscription Auth Fallbacks?

由 Markeljan(@markeljan)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论