← 返回 Skills 市场
OpenClaw OpenAI Multi Account
作者
tutouguai1933
· GitHub ↗
· v1.0.2
· MIT-0
409
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-openai-multi-account
功能描述
Manage multiple OpenAI OAuth login accounts inside OpenClaw, including OpenAI Codex OAuth account snapshots, switching, real active-account detection, 5-hour...
安全使用建议
This skill legitimately manipulates your OpenClaw account files (reading/writing openclaw.json and agent auth-profiles.json) to snapshot and switch accounts. The red flag is the default quota-probe URL in the script (CODEX_USAGE_URL) pointing at chatgpt.com—a non-official host—which the script may call while sending Authorization tokens. Before installing: 1) Inspect the full scripts yourself (you have them bundled); search for network calls and confirm the endpoint(s). 2) If you want to use quota probing, set OPENCLAW_CODEX_USAGE_URL to a trusted internal/mock server or remove/disable probing. 3) Run the tool in an isolated/test environment first (use a disposable OPENCLAW_HOME with test credentials). 4) Backup your OpenClaw configs (openclaw.json and agents/*/agent/auth-profiles.json) before use. 5) If you cannot verify the endpoint or author, treat this as untrusted code and avoid giving it access to real credentials.
功能分析
Type: OpenClaw Skill
Name: openclaw-openai-multi-account
Version: 1.0.2
The skill manages OpenAI OAuth tokens by reading/writing sensitive files in `~/.openclaw/` and transmitting them to a remote endpoint (`chatgpt.com`) to monitor usage. While these actions align with the stated purpose of account switching and the script uses restricted file permissions (0o600), the inherent risk of credential handling and the ability to override the usage URL via environment variables (`OPENCLAW_CODEX_USAGE_URL`) qualify it as suspicious under the review criteria. Furthermore, the script contains a `NameError` in `cmd_import_codex` (undefined `CODEX_ACCOUNTS_DIR`) and references specific local developer paths in `SKILL.md`, indicating potential quality issues or an incomplete state.
能力评估
Purpose & Capability
The code and SKILL.md align with the stated purpose of reading/writing OpenClaw auth files, snapshotting profiles, rotating accounts, and probing quota. However there are several mismatches: the SKILL.md and scripts reference invoking `openclaw` and an optional `codex` CLI even though the registry declares no required binaries; the default usage probe URL in the script is set to an unexpected domain (https://chatgpt.com/backend-api/wham/usage) rather than an OpenAI or clearly-official Codex endpoint. Those items are disproportionate or unexplained by the description.
Instruction Scope
The runtime instructions and the Python implemention read and write sensitive files (openclaw.json and every agent's agent/auth-profiles.json), modify agent config ordering, and propagate tokens across agent workspaces—this is expected for an account-switcher. However the code also probes quota by calling an external HTTP endpoint and (when present) will include bearer tokens in requests. That network probe is outside the minimal scope of local account management and could transmit sensitive auth data to a remote host.
Install Mechanism
This is an instruction-only skill with bundled Python scripts and no install spec. No arbitrary remote install or archive download is present in the registry metadata; the code runs locally. That lowers install risk, but the provided scripts will be written to disk as part of skill files and will operate on the user's OpenClaw home directory.
Credentials
The script uses several environment variables (OPENCLAW_HOME, OPENCLAW_PRIMARY_AGENT, OPENCLAW_FALLBACK_MODEL, OPENCLAW_CODEX_USAGE_URL) to control behavior, but the registry lists no required env vars. Most are legitimate for configuration, but OPENCLAW_CODEX_USAGE_URL defaults to a non-OpenAI domain (chatgpt.com). The code uses stored OAuth access tokens when probing usage; an attacker-controlled or unintended endpoint here could receive bearer tokens or account-identifying data. This is the clearest disproportionate risk.
Persistence & Privilege
The skill does not request always:true and doesn't alter other skills' configs. It will create and maintain a local state directory (~/.openclaw/openai-codex-accounts/) and update OpenClaw agent auth files, which is expected for its purpose and proportional to its function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-openai-multi-account - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-openai-multi-account触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Add live auth alias reconciliation, session-safe auto switching, 10-minute checks, and 5h/weekly soft+hard thresholds.
v1.0.1
Clarify that this skill manages multiple OpenAI OAuth login accounts inside OpenClaw; refine description and intro wording.
v1.0.0
Initial public release: OpenClaw-native OpenAI/Codex multi-account management, quota probing, ACTIVE repair, auto-enroll, threshold-based auto-switch, and fallback model support.
元数据
常见问题
OpenClaw OpenAI Multi Account 是什么?
Manage multiple OpenAI OAuth login accounts inside OpenClaw, including OpenAI Codex OAuth account snapshots, switching, real active-account detection, 5-hour... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 409 次。
如何安装 OpenClaw OpenAI Multi Account?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-openai-multi-account」即可一键安装,无需额外配置。
OpenClaw OpenAI Multi Account 是免费的吗?
是的,OpenClaw OpenAI Multi Account 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw OpenAI Multi Account 支持哪些平台?
OpenClaw OpenAI Multi Account 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw OpenAI Multi Account?
由 tutouguai1933(@tutouguai1933)开发并维护,当前版本 v1.0.2。
推荐 Skills