首页龙虾技能列表 › Moss Platform Quick Auth — 技能工具

Moss Platform Quick Auth — 技能工具

v0.1.1

[自动翻译] B-only Quick Auth for Moss platform. Use only api-login / api-register (no email code flow).

0· 231·1 当前·1 累计
by @helloeveryworlds·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/18
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
The skill's instructions, inputs, and outputs are consistent with a simple 'quick auth' helper for the Moss platform and do not request unrelated privileges or credentials.
评估建议
This skill appears coherent for performing 'quick' API login/register flows against a Moss-studio host. Before installing or using it, ensure the host you supply is legitimate and reachable over TLS (you will be sending an email address and receiving tokens). Because the returned fields include access_token, refresh_token, api_key and a one-time temp_password, treat outputs as sensitive: keep the default masked display, only reveal full tokens when you explicitly request it, and store the temp_p...
详细分析 ▾
用途与能力
The name/description (quick API login/register) matches the SKILL.md: it only needs a host and email and calls two specific endpoints (api-login, api-register). No unrelated binaries, env vars, or config paths are requested.
指令范围
Instructions are narrowly scoped to POSTing JSON to the provided host's /studio-api/v1/auth/quick endpoints and handling three error codes. They do handle and return sensitive fields (access_token, refresh_token, api_key, temp_password). The doc explicitly recommends default desensitization and immediate saving of temp_password; otherwise the runtime steps do not reference unrelated files, env vars, or external endpoints.
安装机制
No install spec or code files — instruction-only skill. No downloads or execution of third-party code are specified.
凭证需求
Requires only 'host' and 'email' as inputs. No environment variables, system credentials, or config paths are requested. The sensitive tokens returned are a property of the remote API and are reasonably within scope for an auth helper.
持久化与权限
always is false and the skill is user-invocable; it does not request elevated or persistent platform privileges. Autonomous invocation is allowed by default on the platform but not specifically escalated by this skill.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv0.1.12026/3/15

Publish quick auth skill only; no changes to other skills

● 无害

安装命令 点击复制

官方npx clawhub@latest install moss-platform-quick-auth
镜像加速npx clawhub@latest install moss-platform-quick-auth --registry https://cn.clawhub-mirror.com

技能文档

仅使用 方案 B(无验证码)

  • POST /studio-api/v1/auth/quick/api-login
  • POST /studio-api/v1/auth/quick/api-register

禁止使用:

  • send-code
  • login
  • register

Base URL

https:///studio-api/v1/auth/quick/*

Required Inputs

  • host(例如 studio.mosi.cn
  • email

Flow (B-only)

1) 先尝试 api-login

curl -sS -X POST "https:///studio-api/v1/auth/quick/api-login" \
  -H 'Content-Type: application/json' \
  --data '{"email":""}'

2) 若返回 USER_NOT_EXIST,则 api-register

curl -sS -X POST "https:///studio-api/v1/auth/quick/api-register" \
  -H 'Content-Type: application/json' \
  --data '{"email":""}'

Success Fields

  • user_id
  • access_token
  • refresh_token
  • expires_in
  • api_key
  • temp_password(仅注册返回,一次性)

Output Contract

返回给用户:

  • 使用了哪个 endpoint
  • 结果状态(login success / register success / error code)
  • user_id
  • expires_in
  • 凭据(按需脱敏展示)

Error Handling

  • USER_NOT_EXIST → api-login 切换到 api-register
  • EMAIL_EXISTS → api-register 切回 api-login
  • ACCOUNT_BANNED → 终止并提示

Security

  • 默认脱敏展示凭据,除非用户明确要原文。
  • 明确提示 temp_password 仅返回一次,必须立即保存。
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务