‹ 首页

onecli-gateway

@nanocoai · 收录于 今天 · 上游提交 今天

OneCLI Gateway: transparent HTTPS proxy that injects stored credentials into outbound calls. You MUST use this skill when the user asks you to read emails, check calendar, access GitHub repos, create issues, check Stripe payments, or interact with ANY external service or API. Do NOT use browser extensions or OAuth CLI tools. Make HTTP requests directly; the gateway injects credentials automatically.

/ 下载安装
onecli-gateway.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add nanocoai/nanoclaw/onecli-gateway
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- nanocoai/nanoclaw/onecli-gateway
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify nanocoai/nanoclaw/onecli-gateway
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
GitHub stars
~787最小装载
~787含声明引用
~964文本包总量
镜像托管

怎么用

技能原文 SKILL.md作者撰写 · MIT · 082f5c7

OneCLI Gateway

Your outbound HTTPS traffic is transparently proxied through the OneCLI gateway, which injects stored credentials at the proxy boundary. You never see or handle credential values directly.

How to Access External Services

You have direct HTTP access to external APIs. OAuth apps (Gmail, GitHub, Google Calendar, Google Drive, etc.) and API key services are all available through the gateway. Just make the request directly; the gateway injects credentials if the app is connected. If not, it returns an error with a connect URL you can present to the user.

Making Requests

Call the real API URL. The gateway intercepts the request and injects credentials automatically.

curl -s "https://gmail.googleapis.com/gmail/v1/users/me/messages?maxResults=5"
curl -s "https://api.github.com/user/repos?per_page=10"
curl -s "https://api.stripe.com/v1/charges?limit=5"

Standard HTTP clients (curl, fetch, requests, axios, Go net/http, git) all honor the HTTPS_PROXY environment variable automatically. You do not need to set any auth headers.

Credential Stubs for MCP Servers

Some MCP servers need local credential files to start. Stubs for connected apps are pre-written automatically. Files containing "onecli-managed" values are managed by OneCLI — do NOT modify or delete them.

If an MCP server won't start due to missing credentials, create stubs before starting it. Use "onecli-managed" as the placeholder for all secret values, with file permissions 0600. See the guide at: https://www.onecli.sh/docs/guides/credential-stubs/general-app

When a Request Fails

If you get a 401, 403, or a gateway error (e.g., app_not_connected):

Step 1 — Show the user a connect link. Use the connect_url from the error response:

To connect [service], open this link: [connect_url from the error response]

If there is no connect_url in the error, tell the user to open the OneCLI dashboard and connect the service there.

Step 2 — Retry after the user connects. Let the user know you will retry once they have connected. When they confirm, retry the original request. If the retry still fails, ask if they need help with the setup.

Rules
  • Never say "I don't have access to X" without first making the HTTP request through the proxy.
  • Never use browser extensions, gcloud, or manual auth flows. The gateway handles credentials for you.
  • Never ask the user for API keys or tokens directly. Direct them to connect the service in the OneCLI dashboard.
  • Never suggest the user open Gmail/Calendar/GitHub in their browser when they ask you to read or interact with those services. You have API access. Use it.
  • If the gateway returns a policy error (403 with a JSON body), respect the block. Do not retry or circumvent it.
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。