Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub Β· Finance & Trading
Otp Challenger
Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - deploy commands, financial operations, data access, admin operations, and change control.
skill openclawclawhub Free
Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - deploy commands, financial operations, data access, admin operations, and change control.
β¬ 0 downloads β
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- INSTALLATION.md, README.md, SKILL.md, check-status.sh, config-template.yaml, docs/implementation-plans/2025-01-31-yubikey-support/phase_01.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.6
Provenance
- Publisher
- ryancnelson
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
OTP Identity Challenge Skill
Challenge users for fresh two-factor authentication before sensitive actions.
When to Use
Require OTP verification before: Deploy commands (kubectl apply, terraform apply) Financial operations (transfers, payment approvals) Data access (PII exports, customer data) Admin operations (user modifications, permission changes)
verify.sh
Verify a user's OTP code and record verification state. ./verify.sh <user_id> <code> Parameters: user_id - Identifier for the user (e.g., email, username) code - Either 6-digit TOTP or 44-character YubiKey OTP Exit codes: 0 - Verification successful 1 - Invalid code or rate limited 2 - Configuration error (missing secret, invalid format) Output on success: β OTP verified for <user_id> (valid for 24 hours) β YubiKey verified for <user_id> (valid for 24 hours) Output on failure: β Invalid OTP code β Too many attempts. Try again in X minutes. β Invalid code format. Expected 6-digit TOTP or 44-character YubiKey OTP.
check-status.sh
Check if a user's verification is still valid. ./check-status.sh <user_id> Exit codes: 0 - User has valid (non-expired) verification 1 - User not verified or verification expired Output: β Valid for 23 more hours β οΈ Expired 2 hours ago β Never verified
generate-secret.sh
Generate a new TOTP secret with QR code (requires qrencode to be installed). ./generate-secret.sh <account_name>
Usage Pattern
#!/bin/bash source ../otp/verify.sh if ! verify_otp "$USER_ID" "$OTP_CODE"; then echo "π This action requires OTP verification" exit 1 fi # Proceed with sensitive action
Configuration
Required for TOTP: OTP_SECRET - Base32 TOTP secret Required for YubiKey: YUBIKEY_CLIENT_ID - Yubico API client ID YUBIKEY_SECRET_KEY - Yubico API secret key (base64) Optional: OTP_INTERVAL_HOURS - Verification expiry (default: 24) OTP_MAX_FAILURES - Failed attempts before rate limiting (default: 3) OTP_STATE_FILE - State file path (default: memory/otp-state.json) Configuration can be set via environment variables or in ~/.openclaw/config.yaml: security: otp: secret: "BASE32_SECRET" yubikey: clientId: "12345" secretKey: "base64secret"
Code Format Detection
The script auto-detects code type: 6 digits (123456) β TOTP validation 44 ModHex characters (cccccc...) β YubiKey validation ModHex alphabet: cbdefghijklnrtuv
State File
Verification state stored in memory/otp-state.json. Contains only timestamps, no secrets.
Human Documentation
See README.md for: Installation instructions Setup guides (TOTP and YubiKey) Security considerations Troubleshooting Examples
Category context
Trading, swaps, payments, treasury, liquidity, and crypto-financial operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
4 Docs1 Scripts1 Config
- SKILL.md
- docs/implementation-plans/2025-01-31-yubikey-support/phase_01.md
- INSTALLATION.md
- README.md
- check-status.sh
- config-template.yaml