Official Verified developer tools Safety 4/5

clawauth

Let agents request OAuth access from end users via short links, continue working asynchronously, and later claim reusable third-party API tokens from local keychain storage instead of a centralized SaaS token vault.

Why use this skill?

Learn to use clawauth for secure, asynchronous OAuth token management in OpenClaw. Store tokens locally in your keychain, not in the cloud.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/h4gen/clawauth

Download Source Code (.zip)

What This Skill Does

The clawauth skill provides a production-safe, asynchronous OAuth handover mechanism for OpenClaw agents. Unlike traditional OAuth patterns that rely on a centralized SaaS token vault to store user credentials, clawauth decentralizes security. When an agent requires access to a third-party service, clawauth generates a secure short link for the end-user. The user authorizes the request, and the resulting tokens are encrypted and transmitted directly to the requesting CLI session. The tokens are then stored locally in the user's system keychain, ensuring that sensitive data never sits permanently in an external database. This process is fully asynchronous, allowing your agent to continue other tasks while the authentication handshake completes in the background.

Installation

clawauth follows a declarative installation model. Operators should define the requirement in the agent's frontmatter using metadata.openclaw.requires.bins: ["clawauth"]. For automated environments, the skill provides a Node installer defined in metadata.openclaw.install. If automated provisioning is unavailable, you may perform a manual installation by running npm i -g clawauth. Once installed, verify the setup by executing clawauth --help. For production environments, we strongly recommend pre-installing the binary within your base container image or runner environment to minimize runtime dependency risks and ensure version consistency across all deployment nodes.

Use Cases

Long-Running Workflows: Use clawauth when an agent needs to pull data from a service like GitHub or Jira but must process large datasets that take time, preventing the agent from blocking on an immediate auth response.
Security-First Integration: Ideal for organizations that have strict compliance requirements preventing the storage of OAuth refresh tokens in cloud-hosted databases.
Disconnected Execution: Use this when you want an agent to begin its work, prompt the user for access only when a specific, privileged resource is hit, and automatically resume execution once the user completes the flow via their CLI session.

Example Prompts

"OpenClaw, please initiate an authentication request for my GitHub account using clawauth so you can start summarizing my pending pull requests."
"I need you to post a report to my Notion workspace. Run the clawauth flow to get the necessary permissions and notify me when you have access."
"Start the data ingestion process from my Google Drive. If you hit an access error, trigger the clawauth link so I can authorize you to read the files."

Tips & Limitations

Keychain Dependency: Ensure that your environment supports system-level keychain access, as clawauth relies on this for local token persistence.
Async Handling: Since this is an asynchronous flow, design your agents to handle 'access denied' or 'pending' states gracefully. Always implement a check mechanism to verify if the token has been successfully claimed before attempting API operations.
Network Security: The skill communicates with https://auth.clawauth.app. Ensure your egress firewall rules permit connections to this endpoint if your environment has restricted outbound traffic.

Read Full Documentation on GitHub

Metadata

Author@h4gen

Stars2387

Updated2026-03-09

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-h4gen-clawauth": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#oauth#security#authentication#asynchronous#keychain

Safety Score: 4/5

Flags: network-access, file-read, file-write

Related Skills

skills-search-fts

Instantly find the best AI agent skills, tools, and capabilities from across the entire web.

h4gen 2387

seo-ranker

Meta-skill for end-to-end SEO auditing and on-page optimization by orchestrating brave-search, summarize, api-gateway, and markdown-converter. Use when users want to understand why a page is not ranking for a target keyword and need concrete rewrite actions plus backlink intelligence.

h4gen 2387

no-code-frontend-builder

Meta-skill for generating production-ready React UI for non-programmers by orchestrating frontend-design-ultimate, shadcn-ui, and react-expert. Use when users describe UI outcomes (for example dashboards, landing pages, admin screens) and need a single copy-pasteable TSX component with explicit setup and dependency instructions.

h4gen 2387

defi-sniper

Meta-skill for early token-launch intelligence and execution orchestration across Solana and Base using minara, torchmarket, and torchliquidationbot. Use when users need fast launch detection, on-chain risk triage, social-signal confirmation, and rule-based swap execution with strict guardrails.

h4gen 2387

cold-outreach-hunter

Meta-skill for orchestrating Apollo API, LinkedIn API, YC Cold Outreach, and MachFive Cold Email into a complete B2B cold outreach pipeline. Use when the user wants end-to-end lead sourcing, enrichment, personalized copy strategy, and generation-ready outreach sequences with strict quality and safety gates.

h4gen 2387