ClawHub

Mirrory - MVP

v1.0.0

Token generation and validation service for WordPress proxy and desktop application session management.

0· 91·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for krishnakumarmahadevan-cmd/toolweb-mirrory-mvp.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Mirrory - MVP" (krishnakumarmahadevan-cmd/toolweb-mirrory-mvp) from ClawHub.
Skill page: https://clawhub.ai/krishnakumarmahadevan-cmd/toolweb-mirrory-mvp
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install toolweb-mirrory-mvp

ClawHub CLI

Package manager switcher

npx clawhub@latest install toolweb-mirrory-mvp
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description claim a token generation/validation API for WordPress proxies and desktop apps; the SKILL.md and openapi.json provide matching endpoints (/generate-token, /validate-token, /health) and expected request fields (wp_user_id, proxy_secret, token, machine_id). Nothing requested by the skill (no env vars, no installs) is disproportionate to that purpose.
Instruction Scope
SKILL.md only documents API usage, parameters, responses, pricing, and example requests. It does not instruct the agent to read local files, environment secrets, or unrelated system state, nor does it direct data to unexpected endpoints beyond the documented external API URLs. The proxy_secret is passed as a request field (expected for this API) rather than being requested as an agent-level credential.
Install Mechanism
There is no install spec and no code files to write to disk (instruction-only). This minimizes install-time risk; nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. The API protocol uses a proxy_secret supplied in requests (an API-level secret) — that is reasonable for this purpose, but users should ensure such secrets are handled securely when integrating (not stored in plain agent prompts or logs).
Persistence & Privilege
always is false and there is no requested persistent presence or modifications to agent/system configuration. The skill can be invoked by the model (normal), but it does not request elevated privileges or autonomous persistence beyond standard invocation.
Assessment
This skill is an API spec (no code) and appears coherent with its described function. Before installing or using it: 1) Verify the provider and endpoints (toolweb.in links) and confirm you trust the service owner because no homepage/source code is included. 2) Ensure any proxy_secret or tokens are transmitted only to the documented HTTPS endpoints and are stored/rotated securely by your integration (avoid embedding secrets in agent prompts or logs). 3) Review pricing and rate limits for your expected volume. 4) If you allow the agent to call this skill autonomously, apply usage limits or monitoring so token creation/validation cannot be abused. 5) Consider testing in a staging environment before production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fk4vgp6zamwqz9xgg4wsyyh84apgg
91downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

Mirrory API is a secure token management service designed to handle authentication workflows between WordPress proxy systems and desktop applications. It provides robust token generation tied to WordPress user accounts and validates session tokens on application startup, ensuring secure and seamless user experiences across integrated platforms.

The API operates on a coin-based system where WordPress proxies deduct 200 coins before requesting token generation. This integration model allows for metered access control and usage tracking across enterprise deployments. Desktop applications leverage the validation endpoint to verify token authenticity and machine binding on each session initialization.

Ideal users include WordPress administrators managing multi-platform authentication, desktop application developers requiring secure session management, and enterprises implementing token-based access control across distributed systems.

Usage

Generate Token

A WordPress proxy generates a token after deducting 200 coins from a user account:

Request:

{
  "wp_user_id": 12345,
  "proxy_secret": "your-proxy-secret-key-here"
}

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 86400,
  "user_id": 12345
}

Validate Token

A desktop application validates a token on startup to verify the session is active:

Request:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "machine_id": "desktop-machine-uuid-1234567890"
}

Response:

{
  "valid": true,
  "user_id": 12345,
  "machine_id": "desktop-machine-uuid-1234567890",
  "expires_at": "2024-12-31T23:59:59Z"
}

Endpoints

POST /mirrory/generate-token

Generates a new authentication token for a WordPress user after coin deduction by the proxy.

  • Method: POST
  • Path: /mirrory/generate-token

Parameters:

NameTypeRequiredDescription
wp_user_idintegerYesThe WordPress user ID requesting the token
proxy_secretstringYesSecret key from the WordPress proxy for authentication

Response:

  • Status: 200 (Success) / 422 (Validation Error)
  • Content-Type: application/json
  • Schema: Token object with expiration details

POST /mirrory/validate-token

Validates an existing token and confirms it is bound to the specified machine, typically called by desktop applications on startup.

  • Method: POST
  • Path: /mirrory/validate-token

Parameters:

NameTypeRequiredDescription
tokenstringYesThe JWT token to validate
machine_idstringYesUnique identifier of the requesting machine

Response:

  • Status: 200 (Success) / 422 (Validation Error)
  • Content-Type: application/json
  • Schema: Validation result with user ID, machine binding, and expiration timestamp

GET /mirrory/health

Health check endpoint to verify API service availability.

  • Method: GET
  • Path: /mirrory/health

Response:

  • Status: 200
  • Content-Type: application/json
  • Schema: Health status object

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...