How do I install kernel-auth?

Run `npx skills add https://github.com/kernel/skills --skill kernel-auth` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does kernel-auth support?

kernel-auth works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is kernel-auth free to use?

Yes. kernel-auth is free to install and use. It is available from the open explainx.ai skill registry published by kernel.

Where can I read ratings and reviews for kernel-auth?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Productivity

kernel-auth▌

kernel/skills · updated Apr 8, 2026

$npx skills add https://github.com/kernel/skills --skill kernel-auth

summary

Setup and manage Kernel managed authentication connections for any website with safety checks and reauthentication support.

skill.md

Kernel Auth Skill

Setup and manage Kernel managed authentication connections for any website with safety checks and reauthentication support.

Quick Start

kernel-auth setup gmail

Then visit the URL printed to complete login.

Works for any website — See Using Custom Domains for any other site.

Usage

kernel-auth setup <service> [--profile-name <name>]

Built-in Services

gmail → gmail.com
github → github.com
outlook → outlook.com

Using Custom Domains

For any other website, use the --domain flag:

kernel-auth setup --domain amazon.com --profile-name amazon-main
kernel-auth setup --domain linkedin.com
kernel-auth setup --domain example.com --profile-name custom-site

Examples

kernel-auth setup gmail
kernel-auth setup github --profile-name github-work
kernel-auth setup outlook

Authentication Flow

Create auth connection — Sets up a managed auth profile (domain + profile name)
Initiate login session — Generates a hosted login URL
You visit URL — Complete the login flow on your device/browser
Login state stored in profile — Kernel saves your authenticated session
Use authenticated browser — Create browser sessions with that profile, automatically logged in

Key Concepts

Auth Connections

Each connection ties a service domain to a profile name
Connections can be reused for multiple browser sessions
Status: AUTHENTICATED (user completed login, state stored) or NEEDS_AUTH (never logged in or login session expired)

Login Sessions

Login sessions (the hosted URL) expire after a generous timeframe as cleanup
If you don't complete login within that window, the session is deleted
The connection itself stays — just initiate a new login session

Check connection status:

kernel auth connections list  # Check status
kernel auth connections get <id>  # Get connection details

If a connection shows NEEDS_AUTH:

kernel-auth setup <service>  # Re-initiate login session with fresh URL

Why Manual URL Visit?

Login sessions are time-bound — If you don't visit within the window, they expire (cleanup)
Prevent auto-opening — Avoid Telegram/email clients accidentally consuming the link
Control is yours — You visit the URL when you're ready

Checking Status

# List all auth connections
kernel auth connections list -o json

# Check specific connection
kernel auth connections get <connection-id> -o json | jq '.status'

Using Authenticated Browsers

Once auth is connected, create browser sessions with that profile:

# Create browser with Gmail auth already loaded
kernel browser create --profile-name gmail-main --stealth -o json

# Browser will be logged into Gmail automatically

Important Notes

⚠️ Profile Deletion = Cascade Delete

Deleting a Kernel profile deletes ALL connections attached to it:

kernel profile delete gmail-main  # Deletes ALL gmail-main connections

Use sparingly. Better to refresh auth than delete and recreate.

🔗 Telegram & Link Previews

If you send auth URLs via Telegram, disable link previews in settings:

Settings → Privacy & Security → Link Preview → Never show

Otherwise Telegram auto-opens the URL and consumes the code.

🌐 Network Requirements

Kernel auth requires:

Outbound HTTPS to Kernel's managed auth service
Browser with JavaScript enabled
Cookie/session storage support

Scripts

setup — Create connection, generate login URL, display instructions
No background watchers — You control when/if you visit the URL

Troubleshooting

"Code already used"

The auth code was consumed. This happens if:

You visited the URL twice
Telegram/email client auto-opened it
Someone else completed the login first

Solution: Run kernel-auth setup <service> again to get a fresh code.

"Code expired"

Codes expire after ~40 minutes. Re-run setup to generate a new one.

"Connection not found"

The connection may have been deleted. Run setup again to create it.

Auth Status is NEEDS_AUTH

You didn't complete the login within the session window, or you need to re-authenticate. Re-initiate login:

kernel-auth setup gmail

Integration with OpenClaw

The auth skill integrates with OpenClaw cron jobs:

Cron job checks auth status before running
If AUTHENTICATED, proceeds with browser automation
If not, sends message requesting reauthentication
User confirms, system re-runs auth flow

Example from GMAIL_DAILY_WORKFLOW.md:

# Daily cron checks this before scraping
AUTH_STATUS=$(kernel auth connections list -o json | jq -r ".[] | select(.domain == \"gmail.com\") | .status")
if [ "$AUTH_STATUS" != "AUTHENTICATED" ]; then
  echo "Reauthentication needed"
  exit 1
fi

Advanced

Programmatic Auth Check

# Get auth status
kernel auth connections list -o json | jq '.[] | {id, status, domain}'

# Delete and recreate
kernel profile delete gmail-main --yes
kernel-auth setup gmail

Multiple Accounts

Create separate profiles for each account:

kernel-auth setup gmail --profile-name gmail-personal
kernel-auth setup gmail --profile-name gmail-work

Then use the appropriate profile when creating browsers:

kernel browser create --profile-name gmail-work --stealth

general reviews

Ratings

4.5★★★★★10 reviews

★★★★★Shikha Mishra· Oct 10, 2024
kernel-auth is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Piyush G· Sep 9, 2024
Keeps context tight: kernel-auth is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Chaitanya Patil· Aug 8, 2024
Registry listing for kernel-auth matched our evaluation — installs cleanly and behaves as described in the markdown.
★★★★★Sakshi Patil· Jul 7, 2024
kernel-auth reduced setup friction for our internal harness; good balance of opinion and flexibility.
★★★★★Ganesh Mohane· Jun 6, 2024
I recommend kernel-auth for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
★★★★★Oshnikdeep· May 5, 2024
Useful defaults in kernel-auth — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Dhruvi Jain· Apr 4, 2024
kernel-auth has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Rahul Santra· Mar 3, 2024
Solid pick for teams standardizing on skills: kernel-auth is focused, and the summary matches what you get after install.
★★★★★Pratham Ware· Feb 2, 2024
We added kernel-auth from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Yash Thakker· Jan 1, 2024
kernel-auth fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.