oauth-disguiseConfigure Anthropic OAuth tokens (sk-ant-oat01-*) to work as API keys in OpenClaw via environment variable injection, enabling Claude Pro/Team API access.
Install via ClawdBot CLI:
clawdbot install jiafar/oauth-disguiseGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
${ANTHROPICCalls external URL not in known-safe list
https://your-proxy.com/Uses known external API (expected, informational)
api.anthropic.comAI Analysis
This skill provides legitimate configuration guidance for using Anthropic OAuth tokens with the official API and does not contain hidden malicious instructions. The only external URLs referenced are the official Anthropic API (expected) and a user-configured proxy (clearly documented as optional fallback), with no evidence of credential harvesting or data exfiltration.
Usage Guide
Loading usage data… refresh in a few seconds.
Scored Apr 19, 2026
Audited Apr 17, 2026 · audit v1.0
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
gws CLI: Shared patterns for authentication, global flags, and output formatting.
Set up Gmail API access via gog CLI with manual OAuth flow. Use when setting up Gmail integration, renewing expired OAuth tokens, or troubleshooting Gmail authentication on headless servers.
Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically
Self-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js. Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits, Expo crashes, additionalFields bugs.
Build secure authentication with sessions, JWT, OAuth, passwordless, MFA, and SSO for web and mobile apps.