Authenticate Openant
v0.1.1Sign in to OpenAnt. Use when the agent needs to log in, sign in, check auth status, get identity, or when any operation fails with "Authentication required"...
⭐ 0· 314·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description ask the agent to sign in to OpenAnt and all runtime instructions use the @openant-ai/cli via npx to check status, login, verify, whoami, wallet, and logout — these are coherent and expected for an authentication helper.
Instruction Scope
SKILL.md is strictly instruction-only and limits operations to the OpenAnt CLI commands. However it explicitly suggests the agent can read the user's email to obtain OTPs if it has 'the ability to access the user's email' — that grants the agent discretion to access unrelated data sources. The skill also references the session file (~/.openant/config.json) and asks the agent to rely on it, which is within scope but is a local file access the skill did not declaratively request.
Install Mechanism
No install spec is included (instruction-only). Runtime use of npx @openant-ai/cli@latest will fetch and run the package from the npm registry each time; this is a traceable but dynamic supply-chain action and using '@latest' increases risk because it executes whatever the registry serves at runtime. Pinning a specific version or reviewing the CLI code would reduce risk.
Credentials
The skill declares no required env vars, but mentions automatic session refresh using 'Turnkey credentials' without explaining what those are or where they live. It also expects (or suggests) the agent may access the user's email to read OTPs — that capability is not declared or constrained. Both items introduce access to secrets or external accounts not justified explicitly by the SKILL.md.
Persistence & Privilege
The CLI persists session state to ~/.openant/config.json and will auto-refresh sessions. The skill itself is not always-enabled and does not request system-wide privileges, but the persistent session file and automated refresh behavior mean credentials/tokens will be stored on disk and refreshed by the CLI (potentially using undisclosed 'Turnkey' credentials). Confirm-before-action guidance is present for login/verify/logout but relies on agent behavior rather than enforcement.
What to consider before installing
This skill appears to be the legitimate OpenAnt login helper, but there are a few things to check before installing or using it:
- Understand the email-OTP flow: the skill suggests the agent may read the user's email to fetch OTPs. If you don't want the agent accessing email, ensure you or the agent manually provide the OTP each time.
- Review or pin the CLI package: npx @openant-ai/cli@latest dynamically downloads and executes code from npm. Prefer a pinned version (e.g., @1.2.3) or inspect the CLI's source before allowing execution to reduce supply-chain risk.
- Ask what 'Turnkey credentials' are and where they are stored: the SKILL.md claims the CLI auto-refreshes sessions using Turnkey credentials but does not document what those credentials are or what scope they have. Confirm that auto-refresh behavior aligns with your security policy.
- Be aware of local persistence: the CLI stores session data in ~/.openant/config.json. If multiple users or automated processes run on the host, verify file permissions and consider whether you are comfortable with that session file existing.
- Prefer explicit confirmation: the SKILL.md asks the agent to confirm with the user before login/verify/logout. If you want strict control, ensure your agent enforces confirmation prompts rather than executing autonomously.
If you want a stronger assurance, ask the skill author for the CLI repository link or a pinned package version and documentation about the Turnkey refresh mechanism.Like a lobster shell, security has layers — review code before you run it.
latestvk973476zmnqpqxd563wf1pj4hd822r11
License
MIT-0
Free to use, modify, and redistribute. No attribution required.