Does Scalekit store tokens locally?

No. Scalekit stores tokens in the cloud and the agent fetches fresh tokens on demand via get_token.

Which services are supported?

Any OAuth provider Scalekit supports, including Gmail, Google Calendar, Google Drive, Slack, Notion, Linear, GitHub, Salesforce, HubSpot, Zendesk, and 50+ more.

How does first-time authorization work?

When you call get_token for the first time, you’re prompted to authorize. The agent shows a link to authorize (e.g., Authorization needed for Gmail), you complete the flow, and Scalekit returns a fresh token for subsequent calls.

Scalekit-Agent-Auth

Scanned

@Avinash-Kamath

npx machina-cli add skill @Avinash-Kamath/scalekit-agent-auth --openclaw

Files (1)

SKILL.md

6.9 KB

Scalekit Auth - Secure Token Management

Centralized OAuth token management for AI agents. No local token storage, automatic refresh, multi-service support.

Why Use This?

Problem: OAuth tokens scattered across config files, no refresh logic, security risks.

Solution: Scalekit handles all token lifecycle:

✅ Secure cloud storage (never stored locally)
✅ Automatic token refresh
✅ Multi-service support (Gmail, Slack, Notion, GitHub, etc.)
✅ Always returns fresh, valid tokens

Installation

1. Install Skill

clawhub install scalekit-auth
cd skills/scalekit-auth
pip3 install -r requirements.txt

2. Get Scalekit Credentials

Sign up at scalekit.com
Go to Dashboard → Developers → Settings → API Credentials
Copy:
- Client ID
- Client Secret
- Environment URL

3. Configure Credentials

Create skills/scalekit-auth/.env:

SCALEKIT_CLIENT_ID=your_client_id_here
SCALEKIT_CLIENT_SECRET=your_client_secret_here
SCALEKIT_ENV_URL=https://your-env.scalekit.com

Or let the agent ask you on first use.

Setting Up a Service (e.g., Gmail)

Step 1: Create Connection in Scalekit Dashboard

Go to Scalekit Dashboard → Connections → Add Connection
Select provider (e.g., Gmail/Google)
Configure OAuth:
- Get Client ID/Secret from Google Cloud Console
- Set Redirect URI (provided by Scalekit)
Copy the connection_name (e.g., gmail_u3134a)

Step 2: Register with Agent

Tell the agent:

"Configure Gmail for Scalekit. Connection name is gmail_u3134a"

Agent stores it in connections.json:

{
  "gmail": {
    "connection_name": "gmail_u3134a",
    "identifier": "mess"
  }
}

Step 3: Authorize

First API call will prompt:

Authorization needed for Gmail.
Link: https://scalekit.com/auth/... (expires in 1 minute!)

Click link → authorize → done!

Usage

From Agent Skills

#!/usr/bin/env python3
import sys
sys.path.append('./skills/scalekit-auth')
from scalekit_helper import get_token

# Get fresh token for any service
access_token = get_token("gmail")

# Use it immediately
headers = {"Authorization": f"Bearer {access_token}"}
response = requests.get("https://gmail.googleapis.com/gmail/v1/users/me/messages", headers=headers)

From Shell Scripts

# Get token via CLI wrapper
TOKEN=$(python3 skills/scalekit-auth/get_token.py gmail)

# Use in API call
curl -H "Authorization: Bearer $TOKEN" \
  https://gmail.googleapis.com/gmail/v1/users/me/messages

Configuration Files

connections.json

Maps service names to Scalekit connection names:

{
  "gmail": {
    "connection_name": "gmail_u3134a",
    "identifier": "mess"
  },
  "slack": {
    "connection_name": "slack_x7y9z",
    "identifier": "mess"
  }
}

Note: identifier is auto-set to agent's name (from IDENTITY.md).

.env

Scalekit API credentials (never commit to git!):

SCALEKIT_CLIENT_ID=sk_live_...
SCALEKIT_CLIENT_SECRET=...
SCALEKIT_ENV_URL=https://...

Supported Services

Any OAuth provider Scalekit supports:

Gmail, Google Calendar, Google Drive
Slack, Notion, Linear, GitHub
Salesforce, HubSpot, Zendesk
50+ more

Check Scalekit Connectors for full list.

Authorization Flow

1. Agent calls get_token("gmail")
2. Check if connection configured → if NO, ask user
3. Check if authorized (status == ACTIVE)
4. If NOT authorized:
   - Generate auth link (expires 1 min)
   - Send to user via Telegram/chat
   - Wait for authorization
5. Return fresh access_token
6. Scalekit auto-refreshes in background

Error Handling

Connection not configured:

Error: gmail not configured. Please:
1. Create connection in Scalekit dashboard
2. Provide connection_name

Authorization expired:

Authorization needed: [link]
(Link expires in 1 minute - click now!)

Scalekit credentials missing:

Scalekit not configured. Please provide:
- SCALEKIT_CLIENT_ID
- SCALEKIT_CLIENT_SECRET
- SCALEKIT_ENV_URL

Security Best Practices

Never log tokens - use [REDACTED] in logs
Add .env to .gitignore - never commit credentials
Rotate credentials if exposed
Use separate Scalekit accounts for dev/prod
Auth links expire in 1 min - act fast!

Troubleshooting

"Module not found" error:

cd skills/scalekit-auth
pip3 install -r requirements.txt

Token returns 401:

Authorization may have expired
Agent will prompt for re-authorization

Connection not found:

Check connections.json exists
Verify connection_name from Scalekit dashboard

Example: Gmail Integration

# In your skill's script
from scalekit_helper import get_token
import requests

def fetch_unread_emails():
    token = get_token("gmail")
    
    headers = {"Authorization": f"Bearer {token}"}
    url = "https://gmail.googleapis.com/gmail/v1/users/me/messages"
    params = {"q": "is:unread", "maxResults": 5}
    
    response = requests.get(url, headers=headers, params=params)
    return response.json()

Publishing Skills with Scalekit Auth

If your skill uses scalekit-auth:

Document in SKILL.md:

## Prerequisites
- Install scalekit-auth skill
- Configure [SERVICE] connection in Scalekit

Import in scripts:

sys.path.append('./skills/scalekit-auth')
from scalekit_helper import get_token

Handle errors gracefully - guide users to configure connections

API Reference

get_token(service_name: str) → str

Returns fresh OAuth access token for the service.

Parameters:

service_name: Service identifier (e.g., "gmail", "slack")

Returns:

access_token: Fresh OAuth bearer token

Raises:

ConfigurationError: Service not configured or Scalekit creds missing
AuthorizationError: User needs to authorize (sends link to user)

Example:

token = get_token("gmail")
print(f"Token: {token[:10]}...")  # Never log full token!

Roadmap

Multi-user support (multiple identifiers per service)
Token caching (reduce API calls)
CLI tool (scalekit-auth config gmail gmail_u3134a)
Auto-detect service from API URL
Batch token retrieval

Contributing

Found a bug? Have a feature request? Open an issue on ClawHub!

Remember: Tokens are secrets. Handle with care. 🔐

Source

git clone https://clawhub.ai/Avinash-Kamath/scalekit-agent-authView on GitHub

Overview

Scalekit Auth centralizes OAuth token management for AI agents. It never stores tokens locally, automatically refreshes them, and supports multiple services like Gmail, Slack, GitHub, and Notion. This ensures tokens are always fresh and securely managed across integrations.

How This Skill Works

Tokens are stored and refreshed in Scalekit's cloud, never on the local agent. You configure credentials in a .env file and connect services via the Scalekit Dashboard. On first use, the agent prompts for authorization; subsequent calls use get_token to fetch a fresh access token for the requested service.

When to Use It

You need centralized, secure token management across multiple OAuth providers (Gmail, Slack, GitHub, Notion, etc.).
You require automatic token refresh so tokens never expire during API calls.
You want tokens retrieved fresh on every use without storing them locally.
You are setting up new services through the Scalekit Dashboard and want seamless integration.
You want a single integration that supports 50+ OAuth providers and scales with your needs.

Quick Start

Step 1: Install the skill and dependencies: clawhub install scalekit-auth; cd skills/scalekit-auth; pip3 install -r requirements.txt
Step 2: Configure credentials in skills/scalekit-auth/.env with SCALEKIT_CLIENT_ID, SCALEKIT_CLIENT_SECRET, and SCALEKIT_ENV_URL
Step 3: Register a service in Scalekit Dashboard, then use get_token("service") in your code or CLI to fetch a fresh token

Best Practices

Never store tokens or full credentials in local config files; rely on Scalekit's cloud storage for tokens.
Place client credentials (Client ID, Client Secret) in environment variables and avoid committing .env files.
Use get_token(service) for API calls to ensure you always have a fresh token.
Regularly verify and re-authorize connections via the Scalekit Dashboard when prompted.
Keep connections.json mappings up to date and confirm the correct connection_name for each service.

Example Use Cases

Fetch a fresh Gmail access token to read and send emails from an AI agent.
Post messages to Slack using a fresh token on each automation run.
Access GitHub data (repos, issues) with a valid token for API interactions.
Authorize and query Notion pages securely through Scalekit integration.
Refresh tokens for Google Calendar and Drive using a single centralized workflow.

Frequently Asked Questions

Add this skill to your agents