ClawHub

oauth-coder-bridge

v1.3.0

Routes OpenClaw Anthropic API calls through oauth-coder (Claude CLI with OAuth), no API key needed.

0· 122·1 current·1 all-time
byEarl Co@earlvanze

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for earlvanze/oauth-coder-bridge.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "oauth-coder-bridge" (earlvanze/oauth-coder-bridge) from ClawHub.
Skill page: https://clawhub.ai/earlvanze/oauth-coder-bridge
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install oauth-coder-bridge

ClawHub CLI

Package manager switcher

npx clawhub@latest install oauth-coder-bridge
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's code, README, and SKILL.md all implement a local HTTP bridge that translates Anthropic messages to oauth-coder CLI calls to the claude binary — this matches the name/description. However, the registry metadata declared no required binaries/env vars while the script requires a local 'oauth-coder' binary (or OAUTH_CODER_BIN) to exist; that metadata omission is an inconsistency users should be aware of. The setup script also updates the user's OpenClaw config (~/.openclaw/openclaw.json) which is consistent with enabling the bridge but is a side effect that requires write access to user config.
Instruction Scope
The SKILL.md and included scripts stay within the bridge's scope: install the bridge script to ~/.openclaw/scripts, update the OpenClaw provider config to point at localhost:8787, and run a local HTTP server. The bridge accepts /v1/messages and runs oauth-coder as a subprocess to produce completions. The instructions do modify the user's OpenClaw config and suggest systemd enablement if desired; both are expected for this kind of integration. The documentation warns that prompts/responses can be logged if LOG_FILE is set.
Install Mechanism
There is no external download step in the included setup.sh — it copies the provided bridge script into ~/.openclaw/scripts and runs a local Python updater to modify openclaw.json. That is low-risk compared to remote installs. The package does not pull code from untrusted URLs during install.
Credentials
The skill does not request external API keys via registry metadata, but it requires an already-authenticated oauth-coder/claude CLI on the host. That means the bridge will cause OpenClaw requests to be fulfilled using the user's local OAuth tokens/session managed by oauth-coder/claude — this is proportional to the stated purpose but is sensitive (local credentials/tokens are used). The bridge may also log prompts/responses if LOG_FILE is set. Also, environment variables used by the code (OAUTH_CODER_BIN, OAUTH_CODER_BRIDGE_PORT, etc.) are documented in SKILL.md but not declared in registry metadata — another discrepancy.
Persistence & Privilege
The skill does install a script under ~/.openclaw/scripts and updates ~/.openclaw/openclaw.json to add a new provider. This is expected to expose the bridge to OpenClaw but it is not 'always: true' and does not force persistent installation by itself. The README/SKILL.md also suggest an optional systemd unit for auto-start; enabling that would increase persistence but is user-controlled.
Assessment
This skill is functionally coherent with its description, but review these points before installing: - Ensure you trust and have oauth-coder and the claude CLI installed and authenticated locally (run 'claude login' yourself). The bridge will use those local OAuth tokens to answer requests — this gives OpenClaw access to use your authenticated CLI session. - Back up ~/.openclaw/openclaw.json before running the setup script: scripts/update-openclaw-config.py will modify that file and add a 'claude-cli' provider. Confirm the exact changes match your expectations. - Inspect the included scripts (oauth-coder-bridge.py, setup.sh, update-openclaw-config.py) yourself. The bridge runs oauth-coder as a subprocess (subprocess.run) and will execute whatever the oauth-coder binary does — trust in that binary is required. - Be aware prompts/responses may be written to a log file if you set OAUTH_CODER_BRIDGE_LOG_FILE; by default logging goes to stderr. If you are handling sensitive prompts, avoid enabling persistent logging or ensure log file permissions are secure. - The registry metadata omits the required oauth-coder dependency and environment variables documented in SKILL.md; treat that as an authoring oversight and verify prerequisites before install. If you are uncertain about trusting the oauth-coder/claude CLI or do not want OpenClaw to be able to use your local OAuth session, do not install or run the bridge.

Like a lobster shell, security has layers — review code before you run it.

bridgevk97aavheqqqjs02030547h49kx84facdclaudevk97aavheqqqjs02030547h49kx84facdcodingvk97aavheqqqjs02030547h49kx84facdlatestvk97aavheqqqjs02030547h49kx84facdoauthvk97aavheqqqjs02030547h49kx84facd
122downloads
0stars
5versions
Updated 2w ago
v1.3.0
MIT-0
Earl Co@earlvanze
bridgeclaudecodinglatestoauth
Download

oauth-coder-bridge

Local HTTP bridge: OpenClaw → oauth-coder → real claude CLI (OAuth tokens, no API key).

Upstream: codeninja/oauth-cli-coder

Prerequisites

  • oauth-coder installed and authenticated (claude login)
  • Binary on PATH or set OAUTH_CODER_BIN

Install & Run

bash scripts/setup.sh              # copies bridge, adds claude-cli provider to openclaw.json
python3 ~/.openclaw/scripts/oauth-coder-bridge.py &
# Or: systemctl --user enable --now oauth-coder-bridge

Verify

curl http://127.0.0.1:8787/health  # → {"status":"ok"}
openclaw models set claude         # use alias
openclaw models set claude-cli/claude-opus-4-6  # or full path

Models

Opus: claude-opus-4-6, claude-opus-4-5, claude-opus-4-1, claude-opus-4-0 Sonnet: claude-sonnet-4-6, claude-sonnet-4-5, claude-sonnet-4-0, claude-3-7-sonnet-latest, claude-3-5-sonnet-latest Haiku: claude-haiku-4-5, claude-3-5-haiku-latest

All prefixed with claude-cli/ (e.g. claude-cli/claude-opus-4-6).

How It Works

OpenClaw → HTTP :8787 → oauth-coder-bridge → oauth-coder → claude CLI

Bridge translates Anthropic-messages JSON → oauth-coder ask claude ... subprocess calls.

Config (env vars)

VariableDefaultDescription
OAUTH_CODER_BIN$HOME/bin/oauth-coderPath to binary
OAUTH_CODER_BRIDGE_PORT8787Listen port
OAUTH_CODER_BRIDGE_HOST127.0.0.1Bind address
OAUTH_CODER_BRIDGE_TIMEOUT300Request timeout (s)
OAUTH_CODER_BRIDGE_MAX_PROMPT100000Max prompt length
OAUTH_CODER_BRIDGE_LOG_FILE(empty)Log file (stderr only if unset)

Security

  • Binds localhost only
  • Rate limited: 30 req/min per IP
  • Prompts pass through to claude CLI subprocess
  • If LOG_FILE is set, prompts/responses may be logged locally

Troubleshooting

curl http://127.0.0.1:8787/health    # check bridge
which oauth-coder                     # check binary
claude login                          # re-auth
oauth-coder stop-all                  # clear stuck sessions

Files

  • scripts/oauth-coder-bridge.py — bridge server
  • scripts/setup.sh — installer
  • scripts/update-openclaw-config.py — config updater
  • references/oauth-coder-bridge.service — systemd template

MIT License

Comments

Loading comments...