首页龙虾技能列表 › Auto Login Assistant — 自动登录助手

Auto Login Assistant — 自动登录助手

v0.1.0

自动登录助手工具。

0· 281·0 当前·0 累计
by @ddmmddmm·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/13
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
high confidence
The skill's code, instructions, and required inputs align with its stated purpose of guided sign-in assistance; it asks the user to explicitly provide credentials or point to a specific env/file and does not request unrelated secrets or install arbitrary software.
评估建议
This skill is coherent with its purpose, but exercise caution before using it: 1) Only provide credentials or point to a file/env var when you explicitly intend the agent to use that account—do not point it at system/global credential stores (e.g., ~/.aws/credentials). 2) read_credentials.py reads and outputs normalized JSON to stdout, so any supplied password or token will be visible to the agent and may end up in logs—avoid using high-value credentials during initial testing. 3) There is no bu...
详细分析 ▾
用途与能力
The name/description match the included scripts and SKILL.md. The two bundled scripts (read_credentials.py and extract_verification_code.py) clearly support normalizing user-provided credentials and extracting OTPs from text. No unrelated binaries, network endpoints, or cloud credentials are required.
指令范围
The runtime instructions are conservative: they require explicit user consent before reading a file or env var and forbid bypassing anti-abuse controls. However, the skill does allow the agent to be pointed at a local file path or an environment variable name — if the user gives a path or env var that contains broad secrets (e.g., ~/.aws/credentials) those secrets would be read. Also, SKILL.md discusses reading mailboxes but no mailbox-reading implementation is bundled; mailbox access would depend on the surrounding agent/browser tooling, not these scripts.
安装机制
There is no install spec and the skill is instruction-first with small helper scripts included. Nothing is downloaded at install time and no archives or external installers are referenced.
凭证需求
The skill declares no required environment variables and requests no credentials by default. It supports using a user-specified env var or file containing a JSON blob; that is proportionate for a login helper. Warning: asking the agent to point at an env var or file gives it access to whatever that variable/file contains, so users should avoid pointing it at unrelated secrets.
持久化与权限
The skill is not always-enabled. agents/openai.yaml sets allow_implicit_invocation to false, reducing implicit invocation. The skill does not modify other skill configs or request persistent system-wide privileges.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/3/8

Initial release: safe login-wall detection, credential normalization, and manual-first OTP handling.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install auto-login-assistant
镜像加速npx clawhub@latest install auto-login-assistant --registry https://cn.clawhub-mirror.com

技能文档

Overview

Use this skill when the agent is navigating a website and progress is blocked by a login screen, expired session, or verification-code challenge. The skill provides a conservative workflow for sign-in assistance: detect the login wall, collect user-approved credentials, fill the form, and handle one-time codes with clear consent boundaries.

This skill is intentionally not a bypass tool. It should never attempt to break captchas, defeat anti-bot systems, or infer secrets the user did not explicitly provide.

当...时 到 使用

Trigger this skill when any of the following are true:

  • page redirects 到 登录, 签名-在...中, 或 会话-已过期 screen.
  • 用户 asks agent 到 签名 在...中 到 website, mailbox, SaaS product, 或 管理员 console.
  • workflow such 作为 reading email, sending mail, checking dashboards, 或 accessing settings blocked 由 authentication.
  • 用户 wants agent 到 help retrieve 或 place verification code 之后 它们 approve flow.

Do not use this skill for:

  • Captcha solving, QR 登录 bypass, hardware 键 prompts, payment approval, 或 biometric confirmation
  • Guessing usernames, passwords, security questions, 或 备份 codes
  • Reading email 或 messages unless 用户 explicitly authorizes 对于 current task

Workflow

1. Confirm 登录 Barrier

First verify that the page is actually asking for authentication. Look for signals such as:

  • URL patterns 点赞 登录, signin, auth, 会话-已过期, 验证
  • 密码 fields, OTP fields, 或 email/username inputs
  • Buttons 或 headings such 作为 "签名 在...中", "Log 在...中", "Continue 带有 email", "Enter code"

If the page is ambiguous, say so and ask the user whether you should treat it as a login flow before entering any credentials.

2. Choose Credential Source

Credential priority order:

  • Credentials 用户 provides 在...中 current conversation
  • local file path 用户 explicitly points 到
  • Environment variables 用户 explicitly names

Never scan the filesystem broadly for secrets. Never assume a saved credential source without user direction.

If the user gives a file path or env var name, use scripts/read_credentials.py to normalize it into a consistent structure.

Supported normalized fields:

  • site
  • login_url
  • username
  • email
  • phone
  • 密码
  • otp_email
  • otp_mode
  • notes

See references/config-example.md for examples.

3. Fill 登录 表单 Conservatively

Use the website's visible login flow rather than forcing a direct post.

Preferred field mapping order:

  • 用户 identifier: email, username, 账户, phone
  • Secret: 密码
  • Verification: otp, code, verification code, security code

Before submitting:

  • Confirm target site 带有 用户 如果 multiple accounts could apply
  • Mask secrets 在...中 explanation
  • Avoid clicking "remember device" 或 equivalent unless 用户 explicitly asks

4. Handle Verification Codes

Default behavior: ask the user to provide the verification code manually.

Only enter the email-reading branch if the user explicitly authorizes it for the current task and provides the mailbox access path. When allowed:

  • 读取 仅 minimum mailbox content needed 到 locate latest relevant code
  • Extract likely codes 带有 scripts/extract_verification_code.py
  • Present candidate briefly 如果 confidence low
  • 如果 multiple codes plausible, ask 之前 submitting

If email access fails or is unavailable, fall back to asking the user to paste the code.

5. 验证 成功

After submit, confirm login success using page evidence:

  • 用户 avatar, 账户 菜单, inbox, dashboard, 或 "签名 out" control
  • Removal 的 登录 prompt
  • Successful 导航 到 requested feature

If the flow fails, stop after a small number of attempts and explain the blocker clearly. Do not loop forever on retries.

Safety Rules

  • Treat credentials 作为 ephemeral unless 用户 explicitly asks 对于 reusable local 配置.
  • 做 不 store credentials 在...中 skill folder.
  • 做 不 broaden permissions, 更改 MFA settings, 或 approve trusted-device prompts 没有 explicit 用户 权限.
  • Refuse flows amount 到 bypassing authentication 或 anti-abuse protections.
  • 如果 website requests captcha, QR scan, physical 令牌, 或 passkey confirmation, hand control back 到 用户.

Suggested Interaction Pattern

Use short, direct prompts like these:

  • " page appears 到 require 登录. 做 您 want me 到 签名 在...中 带有 credentials 您 provide 现在, 或 local 配置 您 specify?"
  • "I found 密码 字段 和 email 字段. Please provide 账户 对于 site, 或 point me 到 配置 path."
  • " site asking 对于 verification code. 如果 您 want, paste code 这里. I 可以 仅 读取 email 对于 如果 您 explicitly 授权 mailbox 对于 task."

Resources

references/配置-示例.md

Load this when the user wants a reusable local credential format or wants to see supported fields.

scripts/read_credentials.py

Run this to normalize credentials from a JSON file or environment variables into a consistent schema.

scripts/extract_verification_code.py

Run this to extract likely one-time codes from email text or copied verification messages after the user authorizes that step.

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务