auth-guard

Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth state, gets intermittent 401/403 errors after restarts, relies on ad-hoc curl calls, or needs a reusable auth-first pattern for HEARTBEAT.md/AGENTS.md and helper scripts.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "auth-guard" with this command: npx skills add auth-guard

Auth Guard

Enforce a deterministic auth path: one credential source, one helper command path, one startup check, one fallback policy.

Quick Workflow

  1. Identify the target service endpoint and current failing flow.
  2. Define canonical credential source (env var first, credentials file second).
  3. Create/update a helper script in workspace (.pi/) that always injects auth.
  4. Add a startup/auth-check command that verifies credentials and endpoint access.
  5. Update HEARTBEAT.md or AGENTS.md to require helper usage (ban raw unauthenticated calls).
  6. Add explicit fallback behavior for unauthorized states.

Rules to Apply

  • Prefer ENV_VAR override, then ~/.config/<service>/credentials.json.
  • Never embed secrets in logs, memory notes, or chat responses.
  • Never call protected endpoints via raw curl if a helper exists.
  • Keep fallback behavior explicit and low-noise.
  • Store helper scripts in workspace/.pi/ for easy reuse.

Runtime Requirements

  • bash
  • curl
  • python3

Check once before using this skill:

command -v bash curl python3 >/dev/null

Safety Limits

  • Pass only trusted credential paths under ~/.config/<service>/... by default.
  • Do not point --cred-file at arbitrary workspace files or unrelated secret stores.
  • Keep probe URLs scoped to the target service auth endpoint.

Startup Auth Check Pattern

Run at session start (or before heartbeat loops):

bash skills/auth-guard/scripts/auth_check.sh \
  --service moltbook \
  --url 'https://www.moltbook.com/api/v1/feed?sort=new&limit=1' \
  --env-var MOLTBOOK_API_KEY \
  --cred-file "$HOME/.config/moltbook/credentials.json"

Expected outcomes:

  • AUTH_OK → proceed with normal authenticated helper flow.
  • AUTH_MISSING or AUTH_FAIL_* → use defined fallback path and record one concise note.

Reusable Snippets

Use drop-in policy snippets from:

  • references/snippets.md (HEARTBEAT + AGENTS + helper policy blocks)

References

  • references/contract.md for the full Keychain Contract pattern
  • references/snippets.md for ready-to-paste operational snippets
  • references/examples.md for multi-service usage examples (Moltbook, GitHub, Slack)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Banana Claws

Generate images via OpenRouter API (text-to-image) with automation-ready local scripts and a queue-first workflow. Use for single images or batched variants...

Registry SourceRecently Updated
061
Profile unavailable
Security

Battle Tested Agent

16 production-hardened patterns for OpenClaw agents. WAL Protocol, anti-hallucination, ambiguity gate, compaction survival, QA gates, multi-agent handoffs, s...

Registry SourceRecently Updated
0251
Profile unavailable
Security

AI Persona OS

The complete operating system for OpenClaw agents. Now with 13 Iconic Character souls (Thanos, Deadpool, JARVIS, Mary Poppins, Darth Vader, and more), SOUL.m...

Registry SourceRecently Updated
817.8K
Profile unavailable