ClawHub

Pdauth

Dynamic OAuth for AI agents via Pipedream. Generate OAuth links for 2500+ APIs, let users authorize, then call MCP tools on their behalf.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.5k · 2 current installs · 2 all-time installs
by@G9Pedro
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (dynamic OAuth via Pipedream) match the declared required binary ('pdauth') and the install spec (npm package 'pdauth' that provides a pdauth CLI). The listed workflows (connect, status, call) are consistent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to generate OAuth links, ask the user to authorize, and then call tools via pdauth — all in-scope. It does not instruct reading unrelated system files or secrets. However, it explicitly tells operators to run 'pdauth config' to set up Pipedream credentials without describing what credentials are needed or where they're stored, leaving an important operational detail unspecified.
Install Mechanism
Install uses an npm package ('pdauth') that creates the 'pdauth' binary; this is expected for a CLI. npm packages can execute arbitrary install-time code, so this is a moderate-risk install mechanism but not unusual for a CLI tool.
!
Credentials
SKILL.md refers to configuring Pipedream credentials ('pdauth config') and to long-lived OAuth connections for many apps, yet the skill metadata declares no required env vars or primary credential. The lack of declared credentials/config-paths is an incoherence: the skill will need credentials (and will store tokens somewhere) but does not state this up front. Also, enabling OAuth for '2500+ APIs' means broad potential access once users authorize—this is powerful and should be explicitly justified and constrained.
Persistence & Privilege
The skill does not request 'always: true' and has no OS/config path requirements declared. That said, OAuth tokens obtained via the flow are likely to persist in Pipedream (or local pdauth config), allowing the agent to act on users' behalf across sessions. Autonomous invocation (allowed) combined with granted OAuth scopes increases blast radius, but autonomous invocation itself is the platform default.
What to consider before installing
This skill largely does what it says (generate OAuth links and call APIs via Pipedream), but you should proceed cautiously. Before installing: 1) Verify the npm package publisher and inspect the pdauth package source (or the GitHub repo) to ensure you trust its install-time behavior. 2) Ask the publisher which credentials 'pdauth config' requires, where those credentials/tokens are stored (local files vs. Pipedream account), and how to revoke them. 3) Limit OAuth scopes when authorizing and prefer short-lived or per-action consent. 4) Consider running the npm package in an isolated environment first (container or VM) and review its code. 5) If you need an explicit guarantee, request the skill metadata be updated to declare required env vars/config paths and a clear data-handling policy.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97c1wtskb5p7gpjfpv8180dpd80hex1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binspdauth

Install

Install pdauth (node)
Bins: pdauth
npm i -g pdauth

SKILL.md

pdauth — Dynamic OAuth for AI Agents

Use pdauth to give yourself (the agent) access to 2500+ APIs via OAuth. The flow:

  1. Agent needs access to an app (Spotify, Slack, Notion, etc.)
  2. Generate an OAuth link with pdauth connect <app>
  3. Share link with user → they click and authorize
  4. Agent can now call tools via pdauth call <app.tool>

Quick Reference

# Configure (one-time setup)
pdauth config

# Search for apps
pdauth apps --search spotify

# Generate OAuth link
pdauth connect spotify --user USER_ID

# Check what's connected
pdauth status --user USER_ID

# List available tools
pdauth tools spotify --user USER_ID

# Call a tool
pdauth call spotify.get_my_playlists --user USER_ID
pdauth call slack.send_message channel=general text="Hello!"

The OAuth Flow (How to Request Access)

When you need access to an app the user hasn't authorized:

1. Run: pdauth connect <app> --user <user_id>
2. Get the OAuth link from output
3. Send link to user: "To do this, I need access to <App>. Click here to authorize: <link>"
4. User clicks, authorizes via Pipedream
5. Confirm with: pdauth status --user <user_id>
6. Now you can call tools!

User ID Strategy

Use a consistent identifier per user:

  • Telegram: telegram:5439689035
  • Email: pedro@example.com
  • Custom: pedro-mainframe

The same user ID across sessions maintains their connected accounts.

Calling Tools

# Format: pdauth call <app>.<tool_name> [key=value ...]

# Simple args
pdauth call slack.send_message channel=general text="Hello"

# JSON args for complex data
pdauth call notion.create_page --args '{"title": "My Page", "content": "..."}'

# Get JSON output for parsing
pdauth call spotify.get_my_playlists --json

Checking Status

# See what user has connected
pdauth status --user pedro

# See all users
pdauth status --all

# JSON for scripting
pdauth status --user pedro --json

Popular Apps

Browse all at https://mcp.pipedream.com

AppSlugExample Tools
Slackslacksend_message, list_channels
Spotifyspotifyget_my_playlists, add_to_playlist
Notionnotioncreate_page, query_database
Google Sheetsgoogle_sheetsget_values, update_values
Gmailgmailsend_email, list_messages
GitHubgithubcreate_issue, list_repos
Linearlinearcreate_issue, list_issues
Airtableairtablelist_records, create_record

Error Handling

"App not connected" → Generate link with pdauth connect and ask user to authorize

"Tool not found" → List available tools with pdauth tools <app>

"Invalid credentials" → Run pdauth config to set up Pipedream credentials

Tips

  1. Always check status first before attempting tool calls
  2. Use consistent user IDs so connections persist across sessions
  3. JSON output (--json) is best for parsing results programmatically
  4. Link expiry — OAuth links expire after 4 hours, generate fresh ones as needed

Example Workflow

User: "Add 'Bohemian Rhapsody' to my Spotify playlist"

Agent:
1. pdauth status --user telegram:5439689035 --json
   → No Spotify connection

2. pdauth connect spotify --user telegram:5439689035
   → Gets OAuth link

3. Send to user: "I need Spotify access. Click here: <link>"

4. User authorizes

5. pdauth status --user telegram:5439689035
   → Spotify ✓ connected

6. pdauth call spotify.search_tracks query="Bohemian Rhapsody" --json
   → Get track ID

7. pdauth call spotify.add_to_playlist playlist_id=... track_id=...
   → Done!

8. Reply: "Added Bohemian Rhapsody to your playlist! 🎵"

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…