← 返回 Skills 市场
673
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install user-authentication-system
功能描述
Role-based access control for Greek accounting firms. Login, role hierarchy, per-client permissions, session management, audit logging.
安全使用建议
This skill looks like it does what it says (a local RBAC/auth system) but contains cryptographic and documentation inconsistencies that matter for security. Before installing: 1) Do not accept SHA‑256 password hashing—require the author to use a modern password KDF (bcrypt, scrypt, or Argon2) with explicit parameters. 2) Ask for details on how salts and TOTP secrets are generated, stored, and protected (secrets should be encrypted at rest and access-limited). 3) Verify that audit logs don't leak credentials or tokens and that file permissions restrict access to the auth directory (chmod 700 is suggested, but confirm ownership). 4) Confirm the discrepancy between SKILL.md (SHA‑256) and the EVALS tests (bcrypt) is resolved — this could be a documentation error or an implementation bug. 5) Prefer a non-default OPENCLAW_DATA_DIR (avoid using a global /data if that is shared) and review the actual implementation source before trusting it with production accounts. If you cannot obtain satisfactory answers or the owner/repo provenance, treat this as unsafe to deploy for real user accounts.
功能分析
Type: OpenClaw Skill
Name: user-authentication-system
Version: 0.1.1
The OpenClaw AgentSkills bundle for 'user-authentication-system' is classified as benign. The skill is designed as a robust, local authentication and authorization system, employing strong security practices such as bcrypt for password hashing, secure session token management, 2FA, account lockout, and comprehensive audit logging. Crucially, the `SKILL.md` documentation explicitly outlines critical file system permission hardening (`chmod 700 /data/auth/`, `chmod 600 /data/auth/users/*/credentials.json`) required to protect sensitive data, demonstrating an awareness of security implications within the OpenClaw environment rather than malicious intent. There is no evidence of data exfiltration, backdoors, or prompt injection attempts against the agent in the provided content; the `SKILL.md` serves as legitimate user instructions.
能力评估
Purpose & Capability
Name/description (RBAC for Greek accounting firms) align with the requested binaries (openclaw, jq, openssl) and the single env var OPENCLAW_DATA_DIR. Requiring openclaw and a data directory is expected. However, the SKILL.md claims credentials are stored with salted SHA-256 hashes while the included EVALS expectations explicitly require bcrypt hashing — this is an inconsistency between claimed behavior and test expectations and suggests either outdated/insecure crypto choices or a mismatch between documentation and implementation.
Instruction Scope
Instructions are local and file-based under $OPENCLAW_DATA_DIR/auth (no external endpoints), which is consistent with 'fully local' claims. However, the runtime instructions specify storing passwords as salted SHA-256 (fast hash) and using openssl to generate 'SHA-256 TOTP' without describing secure secret storage, iteration count, salt generation, or protection of TOTP secrets. These omissions are security-relevant: SHA‑256 is not an appropriate password KDF by modern standards (should use bcrypt/argon2/scrypt), and 2FA/TOTP secret handling is underspecified. The EVALS.json expectations explicitly call for bcrypt and 'never plaintext', which contradicts SKILL.md; that mismatch is a substantive scope/behavior inconsistency.
Install Mechanism
There is no install spec (instruction-only), so nothing will be downloaded or written beyond creating the data directory and running openclaw commands. This lowers install-time risk. The only package suggestion is using the system package manager to install jq and openssl if missing.
Credentials
Only OPENCLAW_DATA_DIR is required and is appropriate for a file-based auth system. No API keys, tokens, or unrelated credentials are requested. Small note: examples default OPENCLAW_DATA_DIR to /data which may be a privileged or shared location on some hosts—users should ensure the directory is set to a safe path with correct ownership and permissions.
Persistence & Privilege
always: false and no special privileges are requested. The skill does not request to persist itself or modify other skills. It only writes to its own $OPENCLAW_DATA_DIR subpaths per instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install user-authentication-system - 安装完成后,直接呼叫该 Skill 的名称或使用
/user-authentication-system触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Minor update for metadata and environment notes.
- Added "openclaw" to required bins in metadata.
- Included explicit note in metadata: `/data/ in examples refers to $OPENCLAW_DATA_DIR (default: /data/)`.
v0.1.0
Initial release – provides role-based authentication for Greek accounting firms.
- Implements local user management with salted SHA-256 hashes and TOTP-based 2FA.
- Supports hierarchical roles, per-client permissions, and access matrix.
- Includes session tracking, password policy settings, and account lockouts.
- Logs all authentication events for audit and security purposes.
- Fully file-based architecture designed for local/OnPrem OpenClaw deployment.
- No reliance on external authentication services; everything managed locally.
元数据
常见问题
User Authentication System 是什么?
Role-based access control for Greek accounting firms. Login, role hierarchy, per-client permissions, session management, audit logging. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 673 次。
如何安装 User Authentication System?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install user-authentication-system」即可一键安装,无需额外配置。
User Authentication System 是免费的吗?
是的,User Authentication System 完全免费(开源免费),可自由下载、安装和使用。
User Authentication System 支持哪些平台?
User Authentication System 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 User Authentication System?
由 Stems(@satoshistackalotto)开发并维护,当前版本 v0.1.1。
推荐 Skills