← 返回 Skills 市场
Otp Challenger
作者
ryancnelson
· GitHub ↗
· v1.0.6
2689
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install otp-challenger
功能描述
Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - deploy commands, financial operations, data access, admin operations, and change control.
安全使用建议
This skill appears to implement what it claims, but review these items before installing: 1) Inspect verify.sh (and related scripts) yourself to confirm there are no unexpected network endpoints beyond api.yubico.com and no hidden behavior. 2) Don’t set OTP_FAILURE_HOOK to an unrestricted or destructive script; prefer a safe notifier (append-only logging or an alert sender) and lock its file permissions. 3) Keep OTP_SECRET and YUBIKEY_SECRET_KEY in a secure secret manager (1Password/Bitwarden) and avoid plaintext in ~/.openclaw/config.yaml when possible. 4) Verify the skill source — SKILL.md references a GitHub repo, but the registry metadata shows no homepage; prefer installing from a verified upstream repository (and check commit history/signature). 5) Run the scripts in a controlled environment or sandbox first, and review audit logs after test runs. If you rely on autonomous agent invocation, be extra cautious about enabling any hook that executes commands.
功能分析
Type: OpenClaw Skill
Name: otp-challenger
Version: 1.0.6
The skill is classified as suspicious due to the `OTP_FAILURE_HOOK` in `verify.sh` and `SKILL.md`. This hook is explicitly documented as a 'privileged feature' that 'can execute arbitrary shell commands on failure events' and is directly executed via `$FAILURE_HOOK &`. While intended for legitimate administrative actions (e.g., alerts, agent shutdown), this constitutes a direct Remote Code Execution (RCE) vulnerability if the `OTP_FAILURE_HOOK` environment variable is controlled by an attacker or set to an untrusted value. The skill otherwise demonstrates strong security practices, including robust input validation, secure YAML parsing, atomic file operations, and replay protection, as detailed in `otp-skill-summary.md`.
能力评估
Purpose & Capability
Name/description (TOTP + YubiKey verification) align with the included scripts (verify.sh, check-status.sh, generate-secret.sh), the declared binaries (openssl, curl, base64, jq, python3, optionally oathtool) are reasonable for the stated functionality, and the conditional env vars (OTP_SECRET, YUBIKEY_CLIENT_ID, YUBIKEY_SECRET_KEY) are the exact credentials needed.
Instruction Scope
Runtime instructions and scripts operate within the expected scope: they read config (~/.openclaw/config.yaml) or env vars for secrets, maintain a local state file (memory/otp-state.json), call Yubico's API for YubiKey validation, and log audit events. They do not appear to read unrelated system files. However the SKILL.md and scripts document an OTP_FAILURE_HOOK that the skill will execute on failure events; that hook runs arbitrary shell commands and is therefore out-of-band behavior that increases risk if misconfigured or abused.
Install Mechanism
Install spec only references Homebrew formulas (jq, python3, oath-toolkit). No downloads from untrusted URLs, no archive extraction, and the repo files are present in the skill bundle. Homebrew usage is proportionate for these native binaries.
Credentials
No required global credentials are demanded by default; required credentials are conditional and match their purpose (TOTP secret or Yubico client id/secret). However OTP_FAILURE_HOOK is an environment/config option that allows arbitrary commands to run as the agent user on verification failures. The README even includes an example hook that kills OpenClaw — this is a high-risk capability that is disproportionate unless the operator explicitly intends it and has locked down the hook's contents and permissions.
Persistence & Privilege
The skill does not request forced or persistent platform-level privileges (always:false). It writes state to its own workspace memory file and may write audit logs, which is expected. The main persistence/privilege risk is the configurable failure hook and any scripts it calls; those run with the same privileges as the agent and can have system impact if misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install otp-challenger - 安装完成后,直接呼叫该 Skill 的名称或使用
/otp-challenger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
Version 1.0.6
- Expanded required binaries and environment variable documentation in SKILL.md.
- Added details for privileged features and OTP failure hooks.
- Noted `qrencode` requirement for `generate-secret.sh`.
- Improved clarity of configuration, environment variables, and installation sections.
v1.0.5
- Added INSTALLATION.md and memory/README.md files for clearer installation and memory usage documentation.
- Introduced config-template.yaml and env-template.sh to provide example configuration templates.
- Expanded README.md with more details on setup, configuration, and best practices.
- No user-facing code logic changes; documentation and configuration improvements only.
v1.0.4
Clarify qrencode dependency for QR code display
v1.0.3
No user-visible changes in this release; version increment only.
v1.0.2
- Added new OpenClaw examples: `openclaw/README.md`, `cron-expire.sh`, and `interceptor.sh` for easier integration and demonstration.
- No changes to core skill logic; core functionality and interfaces remain stable.
- Documentation now matches version 1.0.2 and details relevant configuration options.
- Useful for OpenClaw environments or automation workflows needing 2FA challenges.
v1.0.1
- Renamed skill from `otp` to `otp-challenger`, updating all references.
- Updated version to 1.1.0.
- Changed repository and homepage links to the new `otp-challenger` location.
- Added `otp-skill-summary.md` and removed `otp-skill-final-summary.md`.
- Minor documentation updates, including test suite reference and clarity improvements.
v1.0.0
Initial release of the OTP skill for two-factor authentication in sensitive approval workflows.
- Enables agents and skills to require time-based OTP verification before executing sensitive actions.
- Supports various use cases: deployments, financial operations, data access, admin actions, and change control.
- Offers flexible setup: stores secrets in config, environment, or 1Password/Bitwarden.
- Includes scripts for verification (`verify.sh`), status checks (`check-status.sh`), and TOTP secrets generation.
- Requires `jq` and `python3`; can use `oathtool` for extra validation.
- Stores no OTP secrets in state—only verification timestamps, improving security.
元数据
常见问题
Otp Challenger 是什么?
Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - deploy commands, financial operations, data access, admin operations, and change control. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2689 次。
如何安装 Otp Challenger?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install otp-challenger」即可一键安装,无需额外配置。
Otp Challenger 是免费的吗?
是的,Otp Challenger 完全免费(开源免费),可自由下载、安装和使用。
Otp Challenger 支持哪些平台?
Otp Challenger 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Otp Challenger?
由 ryancnelson(@ryancnelson)开发并维护,当前版本 v1.0.6。
推荐 Skills