volcengine-agent-identity_skill

This skill helps you manage identity, login, credentials, env bindings, and risk approvals for tool calls.
  • Python

2.5k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill volcengine-agent-identity

  • _meta.json482 B
  • SKILL.md14.6 KB

Overview

This skill manages agent identity: UserPool OIDC login, TIP workload tokens, credential hosting (OAuth2 or API keys), environment-variable bindings for tools, and risk diagnosis/approval for high-risk tool calls. Use it to check who is logged in, start or refresh login, add credentials, bind credentials to env vars, and evaluate or approve risky commands and tool operations. It activates when a user requests identity status, login, credential operations, env bindings, or risk checks.

How this skill works

The skill calls dedicated identity tools to perform actions: brief checks (whoami), full status, start OIDC login, list or fetch credentials, set/unset env bindings, run risk checks, and surface TIP tokens. For adding credentials, it ensures the user is logged in, discovers available providers, and initiates the appropriate flow (OAuth or API key). Risk detection uses rule-based patterns and optional LLM re-evaluation; high-risk tool calls are blocked until explicit user approval.

When to use it

  • Check current identity or session/TIP status (whoami / status).
  • Start or refresh login via OIDC when you need to authenticate.
  • Add or configure credentials for a provider (OAuth2 or API key).
  • Bind a stored credential to an environment variable for tools.
  • Diagnose whether a shell command or tool call is risky before execution.
  • Approve or reject user-facing high-risk tool calls when prompted.

Best practices

  • Always run identity_whoami or identity_status before fetching credentials to ensure an active session.
  • Use identity_list_credentials to discover provider names before calling identity_fetch.
  • Prefer binding credentials to well-named env vars (e.g., OPENAI_API_KEY) for predictable tool injection.
  • Run identity_risk_check for destructive commands (rm, curl|bash, write to sensitive paths) before executing.
  • Let the user approve high-risk calls; the agent must never self-approve via identity_approve_tool.

Example use cases

  • User asks 'who am I' → call identity_whoami and report login and TIP expiry.
  • Add Google access for tools → ensure login, list providers, then identity_fetch provider=google and identity_set_binding to GOOGLE_ACCESS_TOKEN.
  • Evaluate a shell command 'rm -rf /tmp/*' → call identity_risk_check and present risk level and recommendation.
  • List stored credentials and bindings before running an external API call.
  • Respond to a blocked high-risk exec by presenting the approval_id and instructing the user to run /identity approve <id>.

FAQ

Yes. The skill checks login first and will initiate identity_login if no active session is found.

Can the agent approve its own high-risk actions?

No. High-risk approvals require an explicit user action; the agent must not call identity_approve_tool to self-approve.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational