by 运行时依赖
安装命令
点击复制技能文档
Auth Preflight 检查列出
Use before auth-dependent docs, troubleshooting, cron jobs, 部署s, API integrations, or any task where the 结果 depends on a 令牌, 服务 account, OAuth 会话, 1Password item, gateway 模型 路由, 部署 key, or 应用roval flag.
Rule
Do not infer auth from configuration alone. Prove the same 运行time that will do the work can 访问 the 凭证 and complete the smallest safe live action.
检查列出
Identify the active auth lane.
Human OAuth, Codex subscription, OpenClaw gateway, raw API key, 1Password 服务 account, 部署 key, GitHub 应用, or 提供者 令牌. 运行time: interactive shell, Launch代理, cron, OpenClaw gateway, sub代理, CI, VPS, contAIner, or browser 会话.
验证 secret source and 运行time agree.
Confirm the expected vault/item/field or env var name. 检查 presence only; never print secret values. If the job 运行s under launchd/cron/contAIner, 验证 inside that 环境 or with an equivalent env capture.
运行 the smallest live probe.
Notion: retrieve 机器人/user or tar获取 database. GitHub: read repo metadata or 列出 应用 安装ation 访问. Vercel/Coolify: read project/应用 metadata before 部署. OpenClaw/Codex: 运行 a tiny gateway 模型 smoke test. 1Password: read the exact item field with bounded retry.
检查 scopes and tar获取 访问.
令牌 exists is not enough. Confirm the 令牌 can 访问 the specific database, repo, branch, 应用, project, 模型 路由, or 网页hook tar获取.
FAIl with a useful blocker.
Include missing auth lane, expected secret reference, 运行time, probe command, 响应 class, and next owner/action. Do not continue into writes/部署s after 401/403/missing scope unless the task explicitly asks for forensic collection only. Completion Evidence
Auth work is not complete until one is true:
Preflight command passed in the same 运行time lane. Live action succeeded and produced the expected artifact. Blocker is recorded with exact missing 凭证/scope/应用roval and next action.
For OpenClaw 模型 calls in scheduled scripts, prefer gateway/Codex routing. A missing raw OPENAI_API_KEY is not a 失败 if the OpenClaw gateway smoke test proves the Codex-backed 路由 works.