← 返回 Skills 市场
OAuth Providers
作者
maverick-software
· GitHub ↗
· v1.1.0
367
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install oauth-providers
功能描述
Adds an "OAuth" settings tab to the OpenClaw Control UI for connecting AI model providers. Supports Anthropic Claude Pro/Max subscription tokens (setup-token...
安全使用建议
This skill appears to do what it says: add an OAuth/API-key UI and store credentials in OpenClaw's auth and secrets stores. Before installing, consider the following:
- It will read ~/.claude/.credentials.json (Claude CLI) if you use the Anthropic auto-detect feature and copy that token into OpenClaw — only enable auto-detect if you trust this behavior.
- Credentials are written to OpenClaw config/secrets (auth-profiles.json, ~/.openclaw/secrets.json). Make backups if you want to revert changes.
- OAuth manual fallback requires pasting the full redirect URL (contains codes/state). Avoid pasting such URLs into untrusted UIs or shared clipboards.
- The gateway uses a third-party package (@mariozechner/pi-ai) via dynamic import; ensure that dependency in your environment comes from a trusted source before using the OAuth flow.
- Logs may include short token prefixes in error messages (the code prints the token start in some errors). If that concerns you, review/modify logging before use.
If you are comfortable with these behaviors (reading Claude CLI creds, writing to OpenClaw auth/secrets, and relying on the external pi-ai package), the skill is coherent with its stated purpose. If you need higher assurance, review the included TypeScript files and the provenance of @mariozechner/pi-ai before enabling the feature.
功能分析
Type: OpenClaw Skill
Name: oauth-providers
Version: 1.1.0
The skill provides legitimate AI provider credential management but employs high-risk capabilities, such as reading sensitive access tokens from the Claude CLI configuration file (~/.claude/.credentials.json) and instructing the AI agent to execute Python scripts and system commands (systemctl) for troubleshooting. While these actions are aligned with the stated purpose and lack evidence of malicious intent or data exfiltration, the direct access to external application secrets and the use of agent-led shell execution for configuration management meet the criteria for a suspicious classification under the provided rubric.
能力评估
Purpose & Capability
Name/description align with the code and SKILL.md: the UI view, controller, and gateway RPCs implement OAuth, subscription-token, and API-key storage for Anthropic, OpenAI (Codex PKCE), Google, and OpenRouter. The actions (reading ~/.claude, writing auth-profiles and secrets, invoking a PKCE flow) are expected for this feature.
Instruction Scope
Instructions and code stay within the stated purpose but do include reading another tool's credentials (~/.claude/.credentials.json) for an auto-detect feature and accept pasted redirect URLs for OAuth manual completion. Those behaviors are documented in SKILL.md and implemented in code; users should be aware this imports tokens from the Claude CLI into OpenClaw's auth store.
Install Mechanism
No install spec / no arbitrary remote downloads. The code dynamically imports an external package (@mariozechner/pi-ai) at runtime; if that package is required it must be present in the runtime environment (the code handles a missing package by returning an error). No extract-from-URL installs or unknown binary downloads are present in the skill bundle.
Credentials
The skill declares no required env vars but writes API keys into OpenClaw's secrets store and the mapping uses environment variable names (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, OPENROUTER_API_KEY). It also reads/writes local config and agent store files (auth-profiles.json, openclaw config, secrets.json). These accesses are proportionate to credential management, but users should expect these files to be modified and tokens copied into OpenClaw's encrypted stores.
Persistence & Privilege
always:false and user-invocable:true; the skill registers gateway RPC handlers and writes auth profiles/config when invoked, but it does not request permanent inclusion or modify other skills. Autonomous invocation is allowed by default but not combined here with other elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install oauth-providers - 安装完成后,直接呼叫该 Skill 的名称或使用
/oauth-providers触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
WSL2 manual-paste fallback, Anthropic auto-detect, auth order architecture docs, badge rendering reference, stale order troubleshooting guide
v1.0.0
Initial release — Anthropic subscription token, OpenAI Codex PKCE OAuth, and API key flows for the OpenClaw Control UI OAuth settings tab
元数据
常见问题
OAuth Providers 是什么?
Adds an "OAuth" settings tab to the OpenClaw Control UI for connecting AI model providers. Supports Anthropic Claude Pro/Max subscription tokens (setup-token... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 367 次。
如何安装 OAuth Providers?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install oauth-providers」即可一键安装,无需额外配置。
OAuth Providers 是免费的吗?
是的,OAuth Providers 完全免费(开源免费),可自由下载、安装和使用。
OAuth Providers 支持哪些平台?
OAuth Providers 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OAuth Providers?
由 maverick-software(@maverick-software)开发并维护,当前版本 v1.1.0。
推荐 Skills