SkillHub

max-auth

v2.1.0

Security authentication gate for OpenClaw sensitive actions. Deploys a local Node.js auth server with biometric passkeys (WebAuthn/Touch ID/Face ID) and master password. Exposes a dashboard via Tailscale HTTPS. Use when: (1) setting up authentication for sensitive agent actions, (2) checking if user...

Sourced from ClawHub, Authored by Felipe Matos

Installation

Please help me install the skill `max-auth` from SkillHub official store. npx skills add felipematos/max-auth

Max Auth

Biometric + password authentication server for OpenClaw. Runs at http://127.0.0.1:8456, exposed via Tailscale at https://<hostname>/auth.

Quick Setup

mkdir -p ~/.max-auth
cp <skill>/assets/auth-server.js ~/.max-auth/
cp <skill>/assets/package.json ~/.max-auth/
cd ~/.max-auth && npm install
node auth-server.js set-password 'your_password'

Install as systemd service + Tailscale serve — see references/api.md for full instructions.

Checking Auth Before Sensitive Actions

# Shell
STATUS=$(curl -s http://127.0.0.1:8456/status)
HAS_SESSION=$(echo $STATUS | python3 -c "import sys,json; print(json.load(sys.stdin)['hasSession'])")
[ "$HAS_SESSION" = "True" ] || { echo "⚠️ Auth required: https://<hostname>/auth"; exit 1; }

Sensitive actions requiring auth: delete files, install packages, system config changes, sending messages/emails to third parties, external API mutations.

Safe without auth: read, search, list, web_fetch, memory_search.

When auth is missing, refuse the action and tell the user: "⚠️ Autenticação necessária. Acesse https://<hostname>/auth."

References

  • Full API + setup: references/api.md
  • Agent integration patterns: references/integration.md