← 返回 Skills 市场
helloliuyongsheng-bot

Oauth Helper

作者 helloliuyongsheng-bot · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
2735
总下载
3
收藏
13
当前安装
2
版本数
在 OpenClaw 中安装
/install oauth-helper
功能描述
Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically
安全使用建议
Key things to verify before installing/using this skill: - Ask the publisher for source code or a homepage; this skill currently has 'unknown' source and no homepage. - Confirm exactly how Telegram integration works: which env vars or tokens are required (TELEGRAM_BOT_TOKEN, CHAT_ID, etc.), and ensure tokens are provided only via secure platform secrets (not pasted into chat). - Verify how the agent will access the 'clawd' browser profile (what path or credential) and whether that profile contains logged-in accounts you trust being used for OAuth. - Understand what the skill will send to Telegram: screenshots of QR codes and login pages may contain sensitive info. Insist on limiting or redacting data where possible. - Test with throwaway/dummy accounts first (not your primary Google/Microsoft/GitHub accounts) to confirm behavior and that no unwanted scopes/authorizations occur. - Prefer skills that explicitly declare required env vars, permissions, and a verifiable source; if the publisher cannot provide those, do not grant access to real accounts. If you are not comfortable providing access to a logged-in browser/profile or to a Telegram channel bot, do not enable this skill.
功能分析
Type: OpenClaw Skill Name: oauth-helper Version: 1.1.0 The OpenClaw AgentSkills skill bundle is classified as benign. The `SKILL.md` content clearly outlines a workflow for automating OAuth login flows, which involves browser interaction (navigation, clicking elements) and user confirmation via Telegram. All described actions are directly aligned with the stated purpose and do not contain instructions for data exfiltration, malicious execution, persistence, or prompt injection designed to make the agent act maliciously. The 'One-Time Setup' section provides example `browser` commands for a human to configure the environment, not for the agent to execute as part of the skill's runtime.
能力评估
Purpose & Capability
The SKILL.md describes automating OAuth flows and confirming via Telegram, which is coherent with the name. However the skill declares no required credentials or config but repeatedly instructs the agent to send messages via Telegram and use a 'clawd' browser profile logged into providers. Those capabilities require credentials/access that are not declared (no TELEGRAM token, channel ID, or browser profile path), which is an inconsistency.
Instruction Scope
Runtime instructions tell the agent to scan arbitrary login pages for DOM selectors, extract target site info, take screenshots of QR codes, and transmit those items to a Telegram channel. While relevant to the stated task, these steps involve collecting and sending potentially sensitive data (page content, screenshots, redirect targets) to an external messaging channel — the SKILL.md does not limit or justify this data exfiltration, nor does it describe safeguards.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal installation risk because nothing is downloaded or written by the skill itself.
Credentials
The skill requests no environment variables or primary credential, yet its flows require access to Telegram (to send/receive messages) and to a logged-in browser profile. This mismatch (no declared TELEGRAM_TOKEN, CHANNEL_ID, or config path to the 'clawd' browser profile) is disproportionate and unclear — either the platform provides these implicitly (not documented) or the SKILL.md is incomplete/ambiguous.
Persistence & Privilege
The skill does not request always:true and has no install footprint, so it doesn't demand permanent inclusion. However, because it instructs automated browser actions and external messaging, autonomous invocation (disable-model-invocation: false) increases blast radius if the agent is permitted to run it without tight user confirmation. That combination with the other concerns warrants caution.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install oauth-helper
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /oauth-helper 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
**Changelog for oauth-helper v1.1.0** - Major documentation overhaul: SKILL.md rewritten in English with concise step-by-step instructions and tables. - Improved clarity of supported providers, detection patterns, workflows, and click sequences. - Better structured prerequisites, error handling, and setup sections for easier onboarding. - Updated usage examples with clear, Telegram-driven flows.
v1.0.0
Initial release: Automates OAuth login flows across 7 major providers with Telegram confirmation. - Supports Google, Apple, Microsoft, GitHub, Discord, WeChat, and QQ OAuth providers. - Detects available OAuth options on login pages and prompts user selection via Telegram. - Requires one-time account login setup on clawd browser and an active Telegram channel. - Automates provider-specific login and authorization button clicks; handles 2FA and QR code flows. - Includes error handling for timeouts, user cancellations, 2FA requests, and failed logins.
元数据
Slug oauth-helper
版本 1.1.0
许可证
累计安装 14
当前安装数 13
历史版本数 2
常见问题

Oauth Helper 是什么?

Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2735 次。

如何安装 Oauth Helper?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install oauth-helper」即可一键安装,无需额外配置。

Oauth Helper 是免费的吗?

是的,Oauth Helper 完全免费(开源免费),可自由下载、安装和使用。

Oauth Helper 支持哪些平台?

Oauth Helper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Oauth Helper?

由 helloliuyongsheng-bot(@helloliuyongsheng-bot)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论