auth-guard
Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth state, gets intermittent 401/403 errors after restarts, relies on ad-hoc curl calls, or needs a reusable auth-first pattern for HEARTBEAT.md/AGENTS.md and helper scripts.
Best use case
auth-guard is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth state, gets intermittent 401/403 errors after restarts, relies on ad-hoc curl calls, or needs a reusable auth-first pattern for HEARTBEAT.md/AGENTS.md and helper scripts.
Teams using auth-guard should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/auth-guard/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How auth-guard Compares
| Feature / Agent | auth-guard | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Standardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth state, gets intermittent 401/403 errors after restarts, relies on ad-hoc curl calls, or needs a reusable auth-first pattern for HEARTBEAT.md/AGENTS.md and helper scripts.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agent for YouTube Script Writing
Find AI agent skills for YouTube script writing, video research, content outlining, and repeatable channel production workflows.
SKILL.md Source
# Auth Guard Enforce a deterministic auth path: one credential source, one helper command path, one startup check, one fallback policy. ## Quick Workflow 1. Identify the target service endpoint and current failing flow. 2. Define canonical credential source (env var first, credentials file second). 3. Create/update a helper script in workspace (`.pi/`) that always injects auth. 4. Add a startup/auth-check command that verifies credentials and endpoint access. 5. Update HEARTBEAT.md or AGENTS.md to require helper usage (ban raw unauthenticated calls). 6. Add explicit fallback behavior for unauthorized states. ## Rules to Apply - Prefer `ENV_VAR` override, then `~/.config/<service>/credentials.json`. - Never embed secrets in logs, memory notes, or chat responses. - Never call protected endpoints via raw curl if a helper exists. - Keep fallback behavior explicit and low-noise. - Store helper scripts in `workspace/.pi/` for easy reuse. ## Runtime Requirements - `bash` - `curl` - `python3` Check once before using this skill: ```bash command -v bash curl python3 >/dev/null ``` ## Safety Limits - Pass only trusted credential paths under `~/.config/<service>/...` by default. - Do not point `--cred-file` at arbitrary workspace files or unrelated secret stores. - Keep probe URLs scoped to the target service auth endpoint. ## Startup Auth Check Pattern Run at session start (or before heartbeat loops): ```bash bash skills/auth-guard/scripts/auth_check.sh \ --service moltbook \ --url 'https://www.moltbook.com/api/v1/feed?sort=new&limit=1' \ --env-var MOLTBOOK_API_KEY \ --cred-file "$HOME/.config/moltbook/credentials.json" ``` Expected outcomes: - `AUTH_OK` → proceed with normal authenticated helper flow. - `AUTH_MISSING` or `AUTH_FAIL_*` → use defined fallback path and record one concise note. ## Reusable Snippets Use drop-in policy snippets from: - `references/snippets.md` (HEARTBEAT + AGENTS + helper policy blocks) ## References - `references/contract.md` for the full Keychain Contract pattern - `references/snippets.md` for ready-to-paste operational snippets - `references/examples.md` for multi-service usage examples (Moltbook, GitHub, Slack)
Related Skills
authenticate-wallet
Sign in to AgnicPay wallet via browser-based OAuth. Use when you or the user want to authenticate, sign in, log in, connect wallet, or set up the CLI. Covers phrases like "sign in", "log in", "authenticate", "connect my wallet", "set up agnic".
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
guardian-wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").
session-guardian
Never lose a conversation again. Auto-backup, smart recovery, and health monitoring for OpenClaw sessions. Protects against gateway crashes, model disconnections, and token overflow. Use this skill when: - User worries about losing conversations after gateway restart or model crash - User mentions session backup, conversation recovery, session protection, or data loss - User's agent is slow or timing out (likely token overflow from large sessions) - User runs multiple agents and needs to track collaboration across sessions - User asks about session health, backup strategy, or disaster recovery - User mentions "对话丢失", "会话备份", "上下文溢出", "token超限", "Gateway重启后记忆丢失" - Even if user just says "my agent lost everything after a restart" — this is the skill
skill-guard
Scan ClawHub skills for prompt injection and malicious content using Lakera Guard before installing them. Run automatically when the user asks to install a skill, or on-demand to audit any skill by slug or search query.
agentguard
GoPlus AgentGuard — AI agent security guard. Automatically blocks dangerous commands, prevents data leaks, and protects secrets. Use when reviewing third-party code, auditing skills, checking for vulnerabilities, evaluating action safety, or viewing security logs.
pentest-auth-bypass
Test authentication and session management controls for bypass and account takeover scenarios.
cpa-codex-auth-sweep-cliproxy
通过 CLI Proxy Management API 拉取 Codex 认证文件并高并发探活扫描。适用于「扫号」「清死号」「清理 Codex 401」场景;仅在用户明确确认后可删除 401。执行前必须提供 base_url 与 management_key。安全限制:默认仅允许 https://chatgpt.com 作为 probe 主机,非白名单目标需显式危险确认。
mayguard
A security auditor for agent skills. Scans skill directories for malicious patterns (credential theft, suspicious network calls, destructive commands) and provides a safety score. Use before installing unknown skills.
code-quality-guard
Professional pre-deployment code review and quality enforcement. Ensures imports are valid, tags are closed, and logic follows best practices before announcing a build is live.
Twenty CRM OAuth Mastery Skill
**Author**: Generated from extensive OAuth debugging sessions in OpenCode
solidity-guardian
Smart contract security analysis skill. Detect vulnerabilities, suggest fixes, generate audit reports. Supports Hardhat/Foundry projects. Uses pattern matching + best practices from Trail of Bits, OpenZeppelin, and Consensys.