Account & Authentication

What This Skill Does

The Account & Authentication skill for OpenClaw is a comprehensive module designed to manage the full lifecycle of user identities within the AIOT Network ecosystem. It provides robust tools for identity verification, session handling, and security-critical operations. The skill supports traditional email and password workflows, modern biometric authentication, and Web3-integrated experiences such as wallet linking and nonce-based verification. By centralizing these tasks, the skill ensures that AI agents can interact with secure backend services reliably, maintaining session state and handling token refreshes automatically to prevent service interruptions during long-running tasks.

Installation

To integrate this skill into your environment, run the following command in your terminal:

clawhub install openclaw/skills/skills/d9m1n1c/aiotnetwork-account-auth

Ensure your local environment configuration allows for connectivity to the base API at https://payment-api-dev.aiotnetwork.io. If you are developing locally, override this by setting the AIOT_API_BASE_URL environment variable to your local endpoint (e.g., http://localhost:8080).

Use Cases

• Secure Onboarding: Automate the email/OTP verification flow for new users wanting to create an AIOT account.
• Wallet Integration: Seamlessly link or unlink cryptocurrency wallets to an existing user profile for decentralized features.
• Session Management: Maintain stateful interactions by handling token refreshes or providing a unified logout mechanism for all active device sessions.
• Account Security: Facilitate password resets and account unlocking procedures to assist users who have lost access to their credentials.
• Developer Workflows: Build agents that automatically authenticate against the AIOT platform to perform authorized data requests on behalf of a user.

Example Prompts

1. "I need to create a new account with my email [email protected]. Please start the OTP registration process for me."
2. "Can you help me link my Web3 wallet to my current account? I have the public address ready."
3. "My session seems to be acting up, could you refresh my authentication token or show me how to logout of all my active devices?"

Tips & Limitations

• Security: Always treat the verification tokens and refresh tokens as sensitive data. Avoid logging raw response bodies from authentication endpoints.
• Rate Limiting: Note that otp_rate_limit_status is available; use this to inform the user if they have exceeded request thresholds before blindly attempting another OTP send.
• Authentication: Remember that endpoints tagged with 'Requires auth' will fail unless a valid Authorization: Bearer <access_token> header is present. Ensure your agent workflow correctly captures the access token from the login flow before calling protected tools like get_account.