kernel-auth

Setup and manage Kernel managed authentication connections for any website with safety checks and reauthentication support.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "kernel-auth" with this command: npx skills add kernel/skills/kernel-skills-kernel-auth

Kernel Auth Skill

Setup and manage Kernel managed authentication connections for any website with safety checks and reauthentication support.

Quick Start

kernel-auth setup gmail

Then visit the URL printed to complete login.

Works for any website — See Using Custom Domains for any other site.

Usage

kernel-auth setup <service> [--profile-name <name>]

Built-in Services

  • gmail → gmail.com

  • github → github.com

  • outlook → outlook.com

Using Custom Domains

For any other website, use the --domain flag:

kernel-auth setup --domain amazon.com --profile-name amazon-main kernel-auth setup --domain linkedin.com kernel-auth setup --domain example.com --profile-name custom-site

Examples

kernel-auth setup gmail kernel-auth setup github --profile-name github-work kernel-auth setup outlook

Authentication Flow

  • Create auth connection — Sets up a managed auth profile (domain + profile name)

  • Initiate login session — Generates a hosted login URL

  • You visit URL — Complete the login flow on your device/browser

  • Login state stored in profile — Kernel saves your authenticated session

  • Use authenticated browser — Create browser sessions with that profile, automatically logged in

Key Concepts

Auth Connections

  • Each connection ties a service domain to a profile name

  • Connections can be reused for multiple browser sessions

  • Status: AUTHENTICATED (user completed login, state stored) or NEEDS_AUTH (never logged in or login session expired)

Login Sessions

  • Login sessions (the hosted URL) expire after a generous timeframe as cleanup

  • If you don't complete login within that window, the session is deleted

  • The connection itself stays — just initiate a new login session

Check connection status:

kernel auth connections list # Check status kernel auth connections get <id> # Get connection details

If a connection shows NEEDS_AUTH :

kernel-auth setup <service> # Re-initiate login session with fresh URL

Why Manual URL Visit?

  • Login sessions are time-bound — If you don't visit within the window, they expire (cleanup)

  • Prevent auto-opening — Avoid Telegram/email clients accidentally consuming the link

  • Control is yours — You visit the URL when you're ready

Checking Status

List all auth connections

kernel auth connections list -o json

Check specific connection

kernel auth connections get <connection-id> -o json | jq '.status'

Using Authenticated Browsers

Once auth is connected, create browser sessions with that profile:

Create browser with Gmail auth already loaded

kernel browser create --profile-name gmail-main --stealth -o json

Browser will be logged into Gmail automatically

Important Notes

⚠️ Profile Deletion = Cascade Delete

Deleting a Kernel profile deletes ALL connections attached to it:

kernel profile delete gmail-main # Deletes ALL gmail-main connections

Use sparingly. Better to refresh auth than delete and recreate.

🔗 Telegram & Link Previews

If you send auth URLs via Telegram, disable link previews in settings:

  • Settings → Privacy & Security → Link Preview → Never show

Otherwise Telegram auto-opens the URL and consumes the code.

🌐 Network Requirements

Kernel auth requires:

  • Outbound HTTPS to Kernel's managed auth service

  • Browser with JavaScript enabled

  • Cookie/session storage support

Scripts

  • setup — Create connection, generate login URL, display instructions

  • No background watchers — You control when/if you visit the URL

Troubleshooting

"Code already used"

The auth code was consumed. This happens if:

  • You visited the URL twice

  • Telegram/email client auto-opened it

  • Someone else completed the login first

Solution: Run kernel-auth setup <service> again to get a fresh code.

"Code expired"

Codes expire after ~40 minutes. Re-run setup to generate a new one.

"Connection not found"

The connection may have been deleted. Run setup again to create it.

Auth Status is NEEDS_AUTH

You didn't complete the login within the session window, or you need to re-authenticate. Re-initiate login:

kernel-auth setup gmail

Integration with OpenClaw

The auth skill integrates with OpenClaw cron jobs:

  • Cron job checks auth status before running

  • If AUTHENTICATED , proceeds with browser automation

  • If not, sends message requesting reauthentication

  • User confirms, system re-runs auth flow

Example from GMAIL_DAILY_WORKFLOW.md:

Daily cron checks this before scraping

AUTH_STATUS=$(kernel auth connections list -o json | jq -r ".[] | select(.domain == "gmail.com") | .status") if [ "$AUTH_STATUS" != "AUTHENTICATED" ]; then echo "Reauthentication needed" exit 1 fi

Advanced

Programmatic Auth Check

Get auth status

kernel auth connections list -o json | jq '.[] | {id, status, domain}'

Delete and recreate

kernel profile delete gmail-main --yes kernel-auth setup gmail

Multiple Accounts

Create separate profiles for each account:

kernel-auth setup gmail --profile-name gmail-personal kernel-auth setup gmail --profile-name gmail-work

Then use the appropriate profile when creating browsers:

kernel browser create --profile-name gmail-work --stealth

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

kernel-browser-management

No summary provided by upstream source.

Repository SourceNeeds Review
-5
kernel
General

kernel-computer-controls

No summary provided by upstream source.

Repository SourceNeeds Review
-5
kernel
General

kernel-replays

No summary provided by upstream source.

Repository SourceNeeds Review
-5
kernel