Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - d
Real data. Real impact.
Emerging
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Challenge users for fresh two-factor authentication before sensitive actions.
Require OTP verification before:
kubectl applyterraform applyVerify a user's OTP code and record verification state.
./verify.sh <user_id> <code>
Parameters:
user_idcodeExit codes:
012Output on success:
✅ OTP verified for <user_id> (valid for 24 hours) ✅ YubiKey verified for <user_id> (valid for 24 hours)
Output on failure:
❌ Invalid OTP code ❌ Too many attempts. Try again in X minutes. ❌ Invalid code format. Expected 6-digit TOTP or 44-character YubiKey OTP.
Check if a user's verification is still valid.
./check-status.sh <user_id>
Exit codes:
01Output:
✅ Valid for 23 more hours ⚠️ Expired 2 hours ago ❌ Never verified
Generate a new TOTP secret with QR code (requires
qrencode./generate-secret.sh <account_name>
#!/bin/bash source ../otp/verify.shif ! verify_otp "$USER_ID" "$OTP_CODE"; then echo "🔒 This action requires OTP verification" exit 1 fi
Proceed with sensitive action
Required for TOTP:
OTP_SECRETRequired for YubiKey:
YUBIKEY_CLIENT_IDYUBIKEY_SECRET_KEYOptional:
OTP_INTERVAL_HOURSOTP_MAX_FAILURESOTP_STATE_FILEmemory/otp-state.jsonConfiguration can be set via environment variables or in
~/.openclaw/config.yamlsecurity: otp: secret: "BASE32_SECRET" yubikey: clientId: "12345" secretKey: "base64secret"
The script auto-detects code type:
123456cccccc...ModHex alphabet:
cbdefghijklnrtuvVerification state stored in
memory/otp-state.jsonSee README.md for:
No automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.