Ainative Auth Guide
v1.0.0Implement authentication for AINative APIs. Use when (1) Choosing between API key and JWT auth, (2) Registering/logging in users, (3) Refreshing tokens, (4)...
⭐ 0· 107·1 current·1 all-time
byToby Morning@urbantech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (implementing API key, JWT, OAuth2 flows) matches the SKILL.md content: example requests, endpoints, Next.js middleware usage and token flows are exactly what an auth guide would show. No unrelated services or credentials are demanded by the skill metadata.
Instruction Scope
The instructions are limited to demonstrating HTTP calls to api.ainative.studio, OAuth callback flows, token refresh/logout, and a Next.js middleware snippet. They do not instruct reading arbitrary local files or exfiltrating data to unexpected endpoints. References to repository paths and npx/SDK usage are documentation pointers, not directives to access unrelated system state.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it doesn't write or execute code on the host. That represents the lowest install risk.
Credentials
The skill metadata declares no required env vars or credentials, which is reasonable for a guide. The SKILL.md examples, however, reference process.env.AINATIVE_API_KEY and placeholder API keys (ak_your_key). This is an expected example usage pattern but is not reflected in requires.env; users should be aware the guide presumes you will provide your own keys when implementing the examples.
Persistence & Privilege
always is false and there is no install or code that would persist or modify other skills or global agent settings. The skill does not request permanent presence or elevated platform privileges.
Assessment
This is a documentation-only skill that looks coherent for implementing AINative authentication. Before using it: (1) confirm api.ainative.studio is the expected service and that you trust the SDKs referenced (e.g., @ainative/next-sdk); (2) never paste real API keys or long-lived secrets into public or untrusted places—use environment variables and least-privilege keys; (3) the SKILL.md shows examples referencing process.env.AINATIVE_API_KEY but the skill metadata doesn't require any env vars—this is just an example, not an automatic credential access; (4) if you plan to install the referenced SDKs or run any npx commands, review those packages' sources and release provenance; and (5) if additional code files or an install script appear later (the skill currently has none), re-evaluate because that would change the risk profile.Like a lobster shell, security has layers — review code before you run it.
latestvk9799gjzj2nf3g1znmcfnwgm4h83ge36
License
MIT-0
Free to use, modify, and redistribute. No attribution required.