User-Delegated OAuth API Access
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent, but it gives agents reusable OAuth token access to many third-party services through an external CLI, so it should be reviewed carefully before use.
Install this only if you intentionally want agents to request and claim OAuth access for third-party services. Use a pinned, reviewed clawauth CLI, authorize minimal scopes, restrict which agents can invoke it, avoid logging token outputs, and confirm how to revoke or remove locally stored tokens.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent may be able to act with the permissions granted to the authorized third-party account, and token material could pass through agent-visible command output.
This shows the skill can give an agent reusable provider credentials and may expose token payloads through command output. That is aligned with the skill purpose, but it is high-impact and the artifacts do not show enforced masking, minimal-scope controls, or a bounded downstream permission model.
later claim reusable third-party API tokens from local keychain storage ... `login claim` may return sensitive token payload data in JSON output.
Use this only with trusted agents and trusted runtimes, authorize the minimum provider scopes needed, ensure logs/tool outputs redact token data, and confirm how stored tokens are revoked or removed.
If the external CLI package or its supply chain is compromised, OAuth credentials handled by the skill could be at risk.
The credential-handling behavior depends on an external npm package rather than code included in the reviewed artifacts. The install path is disclosed and purpose-aligned, and the skill recommends pinning, but users should still verify package provenance.
This skill declares a Node installer in `metadata.openclaw.install` for package `clawauth` ... Manual fallback: `npm i -g clawauth`
Install only an operator-approved, pinned version of the CLI from a trusted source, and review the linked source/package before allowing it to handle tokens.