← 返回 Skills 市场

Oauth Disguise

Name: Oauth Disguise
Author: jiafar

作者 jiafar · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ⚠ suspicious

229

总下载

当前安装

版本数

在 OpenClaw 中安装

/install oauth-disguise

功能描述

Configure Anthropic OAuth tokens (sk-ant-oat01-*) to work as API keys in OpenClaw via environment variable injection, enabling Claude Pro/Team API access.

安全使用建议

This skill is coherent with its stated purpose but treats a sensitive OAuth token as an API key by storing it in OpenClaw config. Before using it: (1) confirm the source/trustworthiness of this guidance (origin unknown), (2) prefer per-agent configuration instead of a global defaults patch to limit exposure, (3) never commit openclaw.json or config files containing tokens to version control, (4) rotate tokens after testing and use least-privilege or short-lived tokens if available, and (5) verify with Anthropic/OpenClaw documentation that using sk-ant-oat01-* tokens this way is supported and does not violate terms. If you need higher assurance, ask the publisher for provenance or test in an isolated non-production environment first.

能力评估

ℹ Purpose & Capability

The skill's name/description and SKILL.md are consistent: the goal is to make Anthropic OAuth tokens work as API keys by injecting them into OpenClaw env.vars. However the package metadata declares no required env vars or credentials while the instructions explicitly require placing a sensitive token into the OpenClaw config—an inconsistency in declared requirements vs. runtime needs.

⚠ Instruction Scope

The runtime instructions tell the agent to patch global OpenClaw config (env.vars and model providers) and restart the gateway. That can affect all agents if applied globally and results in sensitive tokens being stored in OpenClaw configuration. The doc does advise per-agent config as an alternative, but the examples include a global defaults patch which increases blast radius.

✓ Install Mechanism

Instruction-only skill with no install, no binaries, and no code files—there is nothing being downloaded or executed beyond calls to the user's OpenClaw CLI, which is low install risk.

⚠ Credentials

The skill requires the user to supply a sensitive Anthropic OAuth token (sk-ant-oat01-*) and to put it into OpenClaw's env.vars, but the metadata lists no required credentials and no primary credential. Storing tokens in config (even if redacted in output) is sensitive and not further constrained by the skill; this is disproportionate unless the user understands and accepts the exposure and scope.

ℹ Persistence & Privilege

The skill does not request always:true and does not install persistent code, but its recommended global config patch will persist the token in OpenClaw configuration until removed. That persistence is normal for config changes but raises long-term exposure risk if applied globally rather than per-agent.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install oauth-disguise
安装完成后，直接呼叫该 Skill 的名称或使用 /oauth-disguise 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.1

- Updated documentation to clarify usage for Anthropic OAuth tokens (`sk-ant-oat01-*`) with OpenClaw as API keys via environment variable injection. - Added step-by-step instructions for both global and per-agent token configuration. - Expanded troubleshooting section with common issues, causes, and solutions. - Documented dual-provider (proxy + official API fallback) setup examples. - Enhanced security guidance for token handling and environment variable best practices.

v1.1.0

- Added support for configuring Anthropic OAuth tokens (sk-ant-oat01-*) as API keys via OpenClaw environment variable injection. - Clarified intended use cases: switching from proxy to Anthropic API, using Claude Pro/Team subscription tokens, and addressing authentication errors with OAuth tokens. - Provided detailed setup instructions for both global and per-agent configurations. - Included troubleshooting guidance and verification steps for successful setup. - Documented security practices around token redaction and environment variable usage. - Expanded documentation with a dual provider example to allow seamless fallback to proxy.

v1.0.0

Initial release of oauth-disguise skill. - Allows OAuth tokens (sk-ant-oat01-*) to be used as API keys with OpenClaw via environment variable injection. - Enables switching from proxy or legacy configurations to the official Anthropic API when OAuth tokens fail direct API calls. - Provides detailed setup, troubleshooting steps, and migration guidelines. - Designed specifically for scenarios where direct OAuth or API key auth does not work, but OpenClaw's processing allows token usage. - Includes security notes on token handling and verification tips for successful configuration.

元数据

Slug oauth-disguise

版本 1.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Oauth Disguise 是什么？

Configure Anthropic OAuth tokens (sk-ant-oat01-*) to work as API keys in OpenClaw via environment variable injection, enabling Claude Pro/Team API access. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 229 次。

如何安装 Oauth Disguise？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install oauth-disguise」即可一键安装，无需额外配置。

Oauth Disguise 是免费的吗？

是的，Oauth Disguise 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Oauth Disguise 支持哪些平台？

Oauth Disguise 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Oauth Disguise？

由 jiafar（@jiafar）开发并维护，当前版本 v1.1.1。