identity
UserPool login, TIP token, credential hosting, and tool risk approval. Activate when user needs to check identity (whoami/status), log in, list/add credentials, manage env bindings, configure the plugin, or diagnose/approve risky tool calls. Also activates for: 用户说登录、查身份、获取凭据、添加/配置API密钥、绑定环境变量、配置插件、审批工具调用、风险检查.
Why use this skill?
Manage Volcengine UserPool logins, TIP tokens, and API credential bindings securely with the OpenClaw identity skill. Ensure safe tool approvals.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/loveyana/volcengine-agent-identityWhat This Skill Does
The identity skill for OpenClaw is a robust security and authorization management interface designed for the Volcengine ecosystem. It acts as the central hub for managing UserPool OIDC login flows, TIP (Workload Access Token) lifecycle management, and credential hosting. By bridging the gap between the agent and cloud infrastructure, this skill ensures that all identity-related operations—such as authenticating users, fetching OAuth2 credentials, and managing environment variable bindings—are handled securely and transparently. Furthermore, the skill integrates a comprehensive permission management system (AuthZ), allowing users to monitor and approve potentially high-risk tool calls through chat-based interactions.
Installation
To integrate this skill into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/loveyana/volcengine-agent-identity
Use Cases
- Unified Authentication: Streamlining user logins across various Volcengine services without manual token management.
- Secure Credential Management: Safely hosting API keys and OAuth2 tokens while mapping them to specific environment variables for tool usage.
- Risk Control and Auditing: Implementing a granular 'Human-in-the-loop' verification process for sensitive agent actions. If an agent attempts an action flagged as high-risk, the identity plugin pauses the process, requiring the user to explicitly approve via an
/identity approve <id>command. - Session Lifecycle Monitoring: Regularly checking session health, TIP expiration times, and verifying current account status to ensure uninterrupted workflow execution.
Example Prompts
- "I need to access my cloud resources. Can you help me log in via OIDC and set up the necessary credentials?"
- "Show me the status of my current session and list all API credentials that I have currently bound to environment variables."
- "I received a notification about a risky tool call. Can you list the pending approvals so I can authorize the correct one?"
Tips & Limitations
- Security First: Never share your TIP tokens or sensitive keys in conversation history. The agent automatically redacts sensitive data in output.
- Human Verification: Do not attempt to override the risk-approval system. The system is designed to force explicit user confirmation for high-risk operations; the agent itself is strictly forbidden from self-approving these tasks. Use the
/identity approvecommand exclusively for manual verification. - Documentation: For deep technical details regarding specific OIDC flows or Volcengine IAM policies, refer to the official Volcengine documentation linked within the plugin configuration.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-loveyana-volcengine-agent-identity": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: external-api