Clarify OpenClaw HMAC agent credentials

This commit is contained in:
BigBodyCobain
2026-05-30 13:52:01 -06:00
parent a16f22ed34
commit f03ebbba11
5 changed files with 74 additions and 5 deletions
+5 -2
View File
@@ -129,13 +129,16 @@ const OnboardingModal = React.memo(function OnboardingModal({
const agentSnippet = [
`SHADOWBROKER_URL=${agentEndpoint}`,
agentSecret ? `SHADOWBROKER_KEY=${agentSecret}` : 'SHADOWBROKER_KEY=<generate in ShadowBroker>',
agentSecret ? `SHADOWBROKER_HMAC_SECRET=${agentSecret}` : 'SHADOWBROKER_HMAC_SECRET=<generate in ShadowBroker>',
`SHADOWBROKER_ACCESS=${agentTier}`,
'',
'# FIRST: load available tools',
`GET ${agentEndpoint}/api/ai/tools`,
'',
'# Auth: HMAC-SHA256 signed requests.',
'# Auth: SHADOWBROKER_HMAC_SECRET is not a raw API key.',
'# Sign every direct request with X-SB-Timestamp, X-SB-Nonce, and X-SB-Signature.',
'# Signature input: METHOD|path|timestamp|nonce|sha256(body).',
'# Do not send the secret as X-Admin-Key, Authorization, or a query parameter.',
'# Restricted = read-only telemetry. Full = can write when asked.',
].join('\n');
const remoteAgentNeedsTor = agentMode === 'remote' && !torAddress;