Let agents request OAuth access from end users via short links, continue working asynchronously, and later claim reusable third-party API tokens from local k...
Security Analysis
medium confidenceThe skill's declared purpose (an async OAuth handoff using a CLI and local keychain storage) matches what it asks the agent to do and the only external artifact it requires is the clawauth CLI; review of the CLI/package is still recommended before install.
Name/description, the required binary (clawauth), and the included installer metadata all align: this is an OAuth handover helper that expects a preinstalled CLI and an operator-managed install path. No unrelated env vars, binaries, or config paths are requested.
Runtime instructions are narrowly scoped to running the clawauth CLI commands (start/status/claim/etc.), parsing JSON, and avoiding token leakage. The skill explicitly forbids running package installs from the agent and warns not to paste tokens to chat/logs. This is coherent, but it relies on the agent/operator to enforce secret-handling rules—accidental token exposure via logs or chat would be a real operational risk.
Installer metadata points to an npm package ('clawauth') which is an expected and traceable mechanism for a CLI. npm installs are a moderate-risk install vector; the SKILL.md recommends operator-side preinstallation and pinning. No ad-hoc or unknown URL downloads are instructed by the skill itself.
The skill requests no environment variables or credentials in its metadata. The only notable side-effect is that claimed tokens are stored in the local system keychain by the CLI—this is plausible and proportionate to the stated purpose, but requires operators to accept local keychain writes.
The skill does not request always:true and does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests.
Guidance
This skill is internally consistent for providing an async OAuth handoff via a CLI, but before installing: 1) Review the clawauth npm package and its GitHub source (the SKILL.md points to a repo) and pin an approved version; 2) Ensure the operator pre-installs the CLI into a trusted runtime image (avoid agent-run npm installs); 3) Confirm your runtime's keychain policies and that storing provider tokens locally is acceptable; 4) Make sure agents are configured to never paste CLI output containing tokenData into chat, logs, or telemetry; and 5) If you need higher assurance, run the CLI in an isolated environment and audit its network traffic (it communicates with auth.clawauth.app by default).
Latest Release
v1.0.6
**Major update: Skill rebranded and refactored to "clawauth" with new OAuth handover flow and async-first pattern.** - Skill renamed from "Auth" to "clawauth", with new focus and description. - New OAuth architecture: agents request short OAuth links for end users, claim tokens asynchronously, and store securely in local system keychain—no centralized SaaS vault. - Detailed CLI usage instructions, runtime requirements, and supported providers documented. - Expanded metadata/frontmatter for operator-controlled install flows; exposed Node-based install path. - Security and agent handling guidelines formalized (token boundary, error handling, keychain storage). - Added reference file: `references/commands.md` for command-line examples.
More by @h4gen
Published by @h4gen on ClawHub
