ClawHub
Skill flagged — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Token Management

Centralized API token management workflow. Store tokens in .env with expiration dates, test permissions via script battery, document capabilities in connections/, set calendar renewal reminders. Prevents re-asking for credentials, ensures token security, tracks expiration.

Audits

Suspicious
ClawScanSuspicious

Agentic behavior and permission review.

Static analysisPending

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install token-management

Token Management

Published: https://clawhub.com/skills/token-management

Purpose: Centralize API token management - storage, testing, documentation, expiration tracking.

Triggers:

  • "adiciona token X"
  • "salva API key pra Y"
  • "preciso de token Z"

🔴 CRITICAL RULE

ALWAYS check ~/Documents/life/.env FIRST before asking for tokens!

Workflow

When receiving a new token:

  1. Git commit (if applicable)

    • If .env is in a git repo: cd ~/Documents/life && git add -A && git commit -m "Before updating TOKEN_NAME"
    • Safety first!

  2. Ask for expiration date

    • "Quando esse token expira?"
    • Format: YYYY-MM-DD or "1 year" / "never"

  3. Store in .env

    • Location: ~/Documents/life/.env (canonical location)
    • Format: SERVICE_NAME_TOKEN=value # Expires: YYYY-MM-DD
    • Example: WILEY_JIRA_TOKEN=abc123 # Expires: 2027-02-12

  4. Create calendar reminder (if expires)

    • When: 7 days before expiration (1 week warning)
    • Event: "⚠️ Renew [SERVICE] API token (expires in 7 days)"
    • Format: All-day event
    • Command: 
      gog calendar create primary \
  --summary "⚠️ Renew SERVICE token" \
  --from "YYYY-MM-DDT00:00:00-05:00" \
  --to "YYYY-MM-DDT23:59:59-05:00" \
  --description "Token expires YYYY-MM-DD. Renew at: [RENEWAL_URL]"

  5. Test token permissions

    • Run test battery to discover what token can do
    • Script: Use template below (adapt per service)
    • Document results in connections/ file
    • Example: 
      # Test Jira token
import requests, base64

TOKEN = "..."
EMAIL = "user@example.com"
auth = base64.b64encode(f"{EMAIL}:{TOKEN}".encode()).decode()

tests = [
    ("Get user", "GET", "/rest/api/3/myself"),
    ("List projects", "GET", "/rest/api/3/project"),
    ("Search issues", "GET", "/rest/api/3/search", {"jql": "assignee=currentUser()"}),
]

for name, method, endpoint, *params in tests:
    r = requests.get(f"https://DOMAIN{endpoint}", 
                    headers={'Authorization': f'Basic {auth}'},
                    params=params[0] if params else None)
    print(f"{'✅' if r.ok else '❌'} {name}: {r.status_code}")

  6. Document in connections/

    • Create or update ~/Documents/life/connections/SERVICE.md
    • Include:
      • What token offers (read/write/scope)
      • When obtained: YYYY-MM-DD
      • Expiry date: YYYY-MM-DD
      • Renewal link: URL to get new token
      • How to use (code examples)
    • Link to .env variable name
    • Example: 
      ## Token Info
- **Obtained:** 2026-02-12
- **Expires:** 2027-02-12
- **Renew at:** https://id.atlassian.com/manage-profile/security/api-tokens
- **Scope:** read-write
- **Variable:** `WILEY_JIRA_TOKEN` (~/Documents/life/.env)

  7. Update token index

    • Maintain list in this SKILL.md (see below)

When needing API access:

  1. ✅ ALWAYS check .env first: ~/Documents/life/.env
  2. If not found: Check connections/ for setup instructions
  3. If still missing: Ask Nicholas for token

Token Index

Location: ~/Documents/life/.env

Example tokens:

ServiceVariableScopeExpiresConnection Doc
FigmaFIGMA_TOKENread-writeYYYY-MM-DDfigma.md
JiraJIRA_TOKENread-writeYYYY-MM-DDjira.md
SlackSLACK_TOKENbot permissionsNeverslack.md
GitHubGITHUB_TOKENrepo, gistYYYY-MM-DDgithub.md

Your index: Keep your own list in this section (local copy of skill).

Commands

Add token

# Append to .env (skill will automate)
echo "SERVICE_TOKEN=value" >> ~/Documents/life/.env

Check token exists

grep SERVICE_TOKEN ~/Documents/life/.env

List all tokens

cat ~/Documents/life/.env

.env Location

Canonical location: ~/Documents/life/.env

Why here:

  • ✅ Life infrastructure (shareable, public)
  • ✅ Survives workspace wipes
  • ✅ Consistent with connections/ folder
  • ✅ Not tied to OpenClaw workspace

Python usage:

from dotenv import load_dotenv
load_dotenv('~/Documents/life/.env')  # Or absolute path

Shell usage:

source ~/Documents/life/.env
echo $YOUR_TOKEN_NAME

Created: 2026-02-12
Updated: 2026-02-13 (sanitized for publication)