ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

auth-guard

Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth state, gets intermittent 401/403 errors after restarts, relies on ad-hoc curl calls, or needs a reusable auth-first pattern for HEARTBEAT.md/AGENTS.md and helper scripts.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/adainthelab/auth-guard
Or

What This Skill Does

The auth-guard skill provides a standardized, deterministic framework for managing API credentials and authentication lifecycles within the OpenClaw agent environment. It eliminates "missing key" regressions by enforcing a centralized authentication pattern. Instead of scattered, ad-hoc curl requests or fragile inline secret handling, auth-guard mandates that all authenticated interactions pass through a controlled helper script located in workspace/.pi/. This tool ensures that credentials are sourced predictably—prioritizing environment variables followed by secure configuration files—and validates connection status during startup or heartbeat intervals. By implementing this, you prevent unauthorized states from stalling automated tasks and ensure that credentials never leak into logs, chat history, or memory notes.

Installation

To add this skill to your agent's environment, execute the following command in your terminal:

clawhub install openclaw/skills/skills/adainthelab/auth-guard

Ensure that your environment meets the runtime requirements by confirming the presence of bash, curl, and python3. You can verify this by running command -v bash curl python3 before initiating the installation.

Use Cases

  • Preventing Auth Drift: Ideal for agents that frequently lose connection states due to environment reset or session timeout, ensuring an automatic re-validation check before any task execution.
  • Standardizing API Access: Use this when working with services like GitHub, Slack, or proprietary APIs where raw curl commands are risky and prone to syntax errors regarding header formatting.
  • Safe Credential Management: Essential for teams building agents that interact with sensitive endpoints, ensuring that secret paths are locked to ~/.config/<service>/ locations rather than arbitrary workspace files.
  • Automated Startup Validation: Use the auth-guard pattern at the beginning of HEARTBEAT.md or AGENTS.md loops to guarantee that the agent is fully authenticated before it attempts any data retrieval or external API mutation.

Example Prompts

  1. "Auth-guard, set up a new authentication flow for the Jira API. Store the credentials in ~/.config/jira/credentials.json and ensure my heartbeat scripts use the helper method."
  2. "I'm getting 401 errors on my Slack integration. Can you integrate the auth-guard skill to verify my token before the daily reporting task runs?"
  3. "Check if my Moltbook integration is configured correctly using the auth-guard startup check pattern and ensure no keys are visible in the history logs."

Tips & Limitations

  • Strict Scoping: Never point your --cred-file at general directories or user-accessible workspace subdirectories. Keep sensitive configs inside system-protected ~/.config/ folders.
  • Noise Reduction: Configure the fallback policies to be explicit. Rather than crashing the entire agent, log a single, clean error message indicating that authentication is required before continuing.
  • Integration: Always refer to references/snippets.md for policy blocks that can be copy-pasted directly into your HEARTBEAT.md files to maintain uniformity across all your agents.
  • Limitation: This tool requires manual setup of the auth_check.sh script for each unique service; it is not a "set-it-and-forget-it" magic wand but a framework for professionalizing your agent's security posture.
Read Full Documentation on GitHub

Metadata

Author@adainthelab
Stars4473
Views1
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-adainthelab-auth-guard": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#auth#automation#workflow#credentials
Safety Score: 4/5

Flags: network-access, file-read, code-execution

Related Skills

skulk-email

Email via DreamHost — read inbox, send email, search messages. Send works from any VPS (including DigitalOcean) by routing through DreamHost's Roundcube webmail over HTTPS, bypassing SMTP port blocks. Optionally read a shared Gmail inbox via IMAP. Use when: sending email, checking inbox, reading messages, or setting up email for an agent. Dependencies: python3, curl, jq (must be installed on the host). Credentials: DreamHost mailbox email+password stored at ~/.config/skulk-email/credentials.json (user must create this file manually before use; see Setup). No third-party services or API keys needed.

adainthelab 4473

skulk-skill-scanner

Scan OpenClaw skill folders for security red flags before installing or publishing. Detects data exfiltration, credential theft, prompt injection, destructive commands, obfuscation, privilege escalation, and supply chain risks. Use when: evaluating a skill from ClawHub before install, auditing your own skills before publishing, or reviewing any SKILL.md for safety. NOT for: general code review or vulnerability scanning of non-skill codebases.

adainthelab 4473