Claude Connect

v1.1.0

Connect Claude to Clawdbot instantly and keep it connected 24/7. Run after setup to link your subscription, then auto-refreshes tokens forever.

⭐ 12· 5.4k·30 current·31 all-time

by@tunaissacoding·duplicate of @tunaissacoding/claude-oauth-refresher-final

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tunaissacoding/claude-connect.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Claude Connect" (tunaissacoding/claude-connect) from ClawHub.
Skill page: https://clawhub.ai/tunaissacoding/claude-connect
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install claude-connect

ClawHub CLI

Package manager switcher

npx clawhub@latest install claude-connect

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description promise (connect Claude to Clawdbot and auto-refresh tokens) aligns with the actual scripts: they read Keychain entries, call the OAuth endpoint, update ~/.clawdbot/agents/.../auth-profiles.json, and install a launchd job. Minor inconsistency: many docs/scripts refer to a 'claude-oauth-refresher' name while the registry entry is 'claude-connect', and README.md declares the repo deprecated — this naming/ageing mismatch is confusing but plausibly explained by a rename or deprecation notice.

Instruction Scope

Runtime instructions and shipped scripts explicitly read macOS Keychain credentials, parse ~/.clawdbot/clawdbot.json, may call clawdbot CLI (e.g., message search) to auto-detect notification targets, write to auth-profiles.json, update Keychain, and restart the gateway. Those actions are consistent with the stated feature set, but they are high-privilege and touch sensitive local data (tokens, chat IDs, messaging history via CLI). The auto-detection step that runs clawdbot message search may access local messages/metadata; confirm you are comfortable with those reads and any CLI output parsing before running.

ℹ

Install Mechanism

There is no external install spec (no network download); installation is via the included install.sh script (shipped in the skill). That reduces supply-chain risk from remote downloads but means you must inspect the shipped scripts before execution. The package writes a launchd plist into ~/Library/LaunchAgents and creates config/log files under $HOME — expected for this use but persistent.

Credentials

The registry lists no env vars (correct), but the skill needs access to macOS Keychain and to read/write Clawdbot configuration files. Those accesses are proportionate to the goal (refreshing tokens), but they are sensitive: the scripts will read refresh/access tokens and will write OAuth credentials into Clawdbot's auth-profiles.json and Keychain. The skill does not request unrelated credentials, but you should verify Keychain identifiers used and ensure no unexpected network endpoints are contacted beyond auth.anthropic.com and local Clawdbot CLI.

Persistence & Privilege

The installer creates a launchd job that runs every 2 hours to refresh tokens — persistent background presence is intentional for the feature. always:false (normal), but persistent auto-refresh combined with Keychain access increases blast radius if the code were malicious or later modified. The SKILL.md includes uninstall steps and a verify/validate script, which is good; still review the launchd plist and scripts before enabling.

What to consider before installing

This package appears to implement exactly what it says (reading Keychain, refreshing Claude OAuth, writing Clawdbot auth profiles, and installing a launchd refresher), but it is persistent and touches sensitive local tokens and messaging config. Before installing: 1) Inspect refresh-token.sh, install.sh, and the launchd plist for any unexpected network endpoints or commands; confirm the only external OAuth calls are to auth.anthropic.com (or other expected endpoints). 2) Back up ~/.clawdbot/agents/.../auth-profiles.json and your Keychain entries. 3) If you don't need it: README notes Clawdbot may already handle this natively — consider using the native feature instead. 4) If you proceed, run install.sh interactively and verify validate-update.sh / verify-setup.sh outputs; after installation, check ~/Library/LaunchAgents for the plist and inspect its contents. 5) If you are uncomfortable granting ongoing Keychain/config write access, do not install. If you want higher assurance, run the scripts in a controlled/test account or review them with a security-savvy colleague.

Like a lobster shell, security has layers — review code before you run it.

latestvk975tadega61c91qg39e94eh057zz0qz

5.4kdownloads

12stars

12versions

Updated 3h ago

v1.1.0

MIT-0

claude-connect

Connect your Claude subscription to Clawdbot in one step.

Automatically:

✅ Reads Claude OAuth tokens from Keychain
✅ Writes them to Clawdbot in proper OAuth format
✅ Auto-refreshes every 2 hours (before expiry)
✅ Notifies you on success/failure
✅ Works with clawdbot onboard (fixes OAuth auth-profiles bug)

Quick Start

1. Install the skill:

clawdhub install claude-connect
cd ~/clawd/skills/claude-connect

2. Ensure Claude CLI is logged in:

claude auth
# Follow the browser login flow

3. Run installer:

./install.sh

That's it! Tokens will refresh automatically every 2 hours.

What It Does

Fixes `clawdbot onboard` OAuth Bug

When you run clawdbot onboard --auth-choice claude-cli, it sometimes doesn't properly write OAuth tokens to auth-profiles.json.

This skill:

Reads OAuth tokens from macOS Keychain (where Claude CLI stores them)

Writes them to ~/.clawdbot/agents/main/agent/auth-profiles.json in proper OAuth format:

{
  "profiles": {
    "anthropic:claude-cli": {
      "type": "oauth",
      "provider": "anthropic",
      "access": "sk-ant-...",
      "refresh": "sk-ant-ort...",
      "expires": 1234567890
    }
  }
}

Sets up auto-refresh (runs every 2 hours via launchd)
Keeps your connection alive 24/7

Installation

Automatic (Recommended)

cd ~/clawd/skills/claude-connect
./install.sh

The installer will:

✅ Verify Claude CLI is set up
✅ Create config file
✅ Set up auto-refresh job (launchd)
✅ Run first refresh to test

Manual

Copy example config:

cp claude-oauth-refresh-config.example.json claude-oauth-refresh-config.json

Edit config (optional):
```
nano claude-oauth-refresh-config.json
```
Test refresh:
```
./refresh-token.sh --force
```

Install launchd job (optional - for auto-refresh):

cp com.clawdbot.claude-oauth-refresher.plist ~/Library/LaunchAgents/
launchctl load ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist

Configuration

Edit claude-oauth-refresh-config.json:

{
  "refresh_buffer_minutes": 30,
  "log_file": "~/clawd/logs/claude-oauth-refresh.log",
  "notifications": {
    "on_success": true,
    "on_failure": true
  },
  "notification_target": "YOUR_CHAT_ID"
}

Options:

refresh_buffer_minutes: Refresh when token has this many minutes left (default: 30)
log_file: Where to log refresh activity
notifications.on_success: Notify on successful refresh (default: true)
notifications.on_failure: Notify on failure (default: true)
notification_target: Your Telegram chat ID (or leave empty to disable)

Usage

Manual Refresh

# Refresh now (even if not expired)
./refresh-token.sh --force

# Refresh only if needed
./refresh-token.sh

Check Status

# View recent logs
tail ~/clawd/logs/claude-oauth-refresh.log

# Check auth profile
cat ~/.clawdbot/agents/main/agent/auth-profiles.json | jq '.profiles."anthropic:claude-cli"'

# Check Clawdbot status
clawdbot models status

Disable Notifications

Ask Clawdbot:

Disable Claude refresh success notifications

Or edit config:

{
  "notifications": {
    "on_success": false,
    "on_failure": true
  }
}

How It Works

Refresh Process

Read from Keychain: Gets OAuth tokens from Claude Code-credentials
Check Expiry: Only refreshes if < 30 minutes left (or --force)
Call OAuth API: Gets new access + refresh tokens
Update auth-profiles.json: Writes proper OAuth format
Update Keychain: Syncs new tokens back
Restart Gateway: Picks up new tokens
Notify: Sends success/failure message (optional)

Auto-Refresh (launchd)

Runs every 2 hours via ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist

Controls:

# Stop auto-refresh
launchctl unload ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist

# Start auto-refresh
launchctl load ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist

# Check if running
launchctl list | grep claude

Troubleshooting

OAuth not working after onboard

Symptom: clawdbot onboard --auth-choice claude-cli completes but Clawdbot can't use tokens

Fix:

cd ~/clawd/skills/claude-connect
./refresh-token.sh --force

This will write tokens in proper OAuth format.

Tokens keep expiring

Symptom: Auth keeps failing after 8 hours

Fix: Ensure launchd job is running:

launchctl load ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist
launchctl list | grep claude

No tokens in Keychain

Symptom: No 'Claude Code-credentials' entries found

Fix: Log in with Claude CLI:

claude auth
# Follow browser flow

Then run refresh again:

./refresh-token.sh --force

Uninstall

cd ~/clawd/skills/claude-connect
./uninstall.sh

Or manually:

# Stop auto-refresh
launchctl unload ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist
rm ~/Library/LaunchAgents/com.clawdbot.claude-oauth-refresher.plist

# Remove skill
rm -rf ~/clawd/skills/claude-connect

Upgrade

If you previously installed an older version:

cd ~/clawd/skills/claude-connect
./validate-update.sh  # Check what changed
clawdhub update claude-connect  # Update to latest
./install.sh  # Re-run installer if needed

Comments

Loading comments...