🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Zyt credentials guard

by @zuoyuting214

Guide users to configure local Chanjing credentials safely via local commands only, and validate local token status when needed.

Versionv0.5.0
Downloads422
TERMINAL
clawhub install zyt-credentials-guard

πŸ“– About This Skill


name: chanjing-credentials-guard description: Guide users to configure local Chanjing credentials safely via local commands only, and validate local token status when needed. metadata: openclaw: requires: env: - CHANJING_CONFIG_DIR homepage: https://open-api.chanjing.cc

Chanjing Credentials Guard

When to Run

1. When user asks to configure/get Chanjing keys (AK/SK): use this skill to guide local setup. 2. When credentials are missing/invalid before a Chanjing API call: use this skill to recover local config.

This skill is a local credential guide, not a runtime dependency for other skills. It does not require bundled helper scripts to be present.

Execution Flow

1. Check if local AK/SK exists
   └─ No  β†’ Open login page URL in browser β†’ Ask user to configure local file
   └─ Yes β†’ Continue

2. Check if local Token exists and is not expired └─ No β†’ Call API to request/refresh Token β†’ Save to local file └─ Yes β†’ Continue

3. Prompt user to continue target action

Credential Storage

AK/SK and Token are read from the same local config file.

  • Path: ~/.chanjing/credentials.json (overridable by env CHANJING_CONFIG_DIR)
  • Format:
  • {
      "app_id": "Your Access Key",
      "secret_key": "Your Secret Key",
      "access_token": "Optional, auto-generated",
      "expire_in": 1721289220
    }
    

    expire_in is a Unix timestamp. Token is valid for about 24 hours; refresh 5 minutes before expiry.

    When AK/SK Is Missing

    When local app_id or secret_key is missing:

    1. Open login page: open https://www.chanjing.cc/openapi/login in the default browser. 2. Require local setup after the user obtains keys: - User updates local credentials.json file. 3. Do not request secrets in chat: - Never ask user to paste AK/SK in conversation. - Never echo or store AK/SK in chat summaries. 4. After setting: - Ask user to run status check and then proceed to target action.

    Manual update example:

    {
      "app_id": "",
      "secret_key": ""
    }
    

    Guide When User Wants to Generate Keys

    When the user clearly wants to generate chanjing keys, get keys, or configure AK/SK, follow this flow:

    Step 1: Check if already configured

    Check if local AK/SK already exists (read ~/.chanjing/credentials.json for non-empty app_id and secret_key).

    Step 2: Branch on result

  • If already configured: ask whether user wants to overwrite local config.
  • - If yes, run guide steps. - If no, stop.

  • If not configured: Run the β€œGuide steps” below directly.
  • Guide steps (when not configured or user confirmed re-apply)

    1. Open https://www.chanjing.cc/openapi/login in browser. 2. Explain the page flow clearly: - New users are registered automatically and the current page will display App ID and Secret Key with copy buttons. - Existing users may be redirected to the console; tell them to open the left-side API ε―†ι’₯ page to view or reset keys. 3. Ask user to configure local file ~/.chanjing/credentials.json (or $CHANJING_CONFIG_DIR/credentials.json) with app_id and secret_key. 4. Secret handling rule: - Do not ask user to paste AK/SK in chat. - If user shares secret in chat anyway, remind them to rotate keys and continue with local-command-only flow. 5. After setting: - Re-open the local file to confirm non-empty app_id and secret_key. - Then proceed to target Chanjing action.

    Token API (see chanjing-openapi.yaml)

    POST https://open-api.chanjing.cc/open/v1/access_token
    Content-Type: application/json
    

    Request body:

    {
      "app_id": "{{app_id}}",
      "secret_key": "{{secret_key}}"
    }
    

    Response (success code: 0):

    {
      "code": 0,
      "msg": "success",
      "data": {
        "access_token": "xxx",
        "expire_in": 1721289220
      }
    }
    

  • expire_in: Unix timestamp for token expiry
  • If code !== 0, AK/SK is invalid or the request failed
  • Validation Logic

    1. AK/SK: Read from config (path/format above); ensure app_id and secret_key are non-empty. 2. Token: Ensure access_token exists and expire_in > current_time + 300 (refresh 5 minutes early). 3. Token refresh: Call the API above and write returned access_token and expire_in back to the file.

    Security Boundary

  • This skill only handles local credential guidance.
  • It does not require install hooks or elevated/system-wide privileges.
  • It should not automatically execute unrelated skills.
  • It should not accept AK/SK via chat content.
  • Packaging Note

  • This skill can work as a documentation-only guide.
  • If a package variant includes helper scripts, they are optional convenience utilities, not required for core behavior.
  • With Other Skills

  • Other Chanjing skills may use the same local config path/format, but should keep their own runtime auth logic.
  • Guard can be used as an optional setup helper when users explicitly ask for credential guidance.
  • Reference

  • reference.md: API and storage format details
  • chanjing-openapi.yaml: /access_token, dto.OpenAccessTokenReq, dto.OpenAccessTokenResp