Scan Report
0 /100
headless-oauth
Authorize any OAuth CLI on a headless server where the agent and the user are on separate machines
Pure documentation/instructional skill with no executable code. Teaches agents how to guide users through OAuth flows on headless servers using standard CLI patterns.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in skill |
| Network | NONE | NONE | — | No direct network calls; user handles browser on their machine |
| Shell | NONE | NONE | — | No shell execution in skill; references CLI tool flags only |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | User handles browser on local machine; not agent |
| Database | NONE | NONE | — | No database access |
7 findings
Medium External URL 外部 URL
https://openclaw.ai README.md:3 Medium External URL 外部 URL
https://img.shields.io/badge/clawhub-headless--oauth-blue README.md:5 Medium External URL 外部 URL
https://clawhub.ai/skills/headless-oauth README.md:5 Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT--0-green.svg README.md:6 Medium External URL 外部 URL
https://opensource.org/licenses/MIT-0 README.md:6 Medium External URL 外部 URL
https://img.shields.io/badge/OpenClaw-compatible-purple README.md:7 Medium External URL 外部 URL
https://igorivanter.com README.md:96 File Tree
2 files · 9.1 KB · 255 lines Markdown 2f · 255L
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ No executable code present - purely instructional documentation
✓ Clear explanation of the server/user machine split for OAuth flows
✓ Mentions keyring security best practices (don't persist credentials)
✓ Documents legitimate CLI tools (gh, gcloud, gog) with proper flags
✓ curl usage is declared and necessary for the callback relay pattern
✓ No credential exfiltration or harvesting mechanisms
✓ No obfuscated code or hidden functionality