konecty/konecty-session
skills/konecty-session/SKILL.md
Opens a Konecty session via OTP login (request OTP, then verify OTP) and persists the access token in .env or ~/.konecty/credentials for use by other skills. Use when the user wants to log in to Konecty with OTP, store credentials, set up KONECTY_TOKEN, or establish a session so other Konecty skills can call the API. Only works when the namespace has OTP enabled (email or WhatsApp).
development
Updated May 1, 2026
$ install --global
skillsauthnpx skillsauth add konecty/skills konecty-sessionInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 1, 2026, 9:46 AM311.7s3 files scanned
SKILL.md
- name:
- konecty-session
- description:
- Opens a Konecty session via OTP login (request OTP, then verify OTP) and persists the access token in .env or ~/.konecty/credentials for use by other skills. Use when the user wants to log in to Konecty with OTP, store credentials, set up KONECTY_TOKEN, or establish a session so other Konecty skills can call the API. Only works when the namespace has OTP enabled (email or WhatsApp).
Konecty Session (OTP login)
Opens an authenticated session with Konecty using OTP (one-time password) and persists the token so other skills and scripts can use it. Login is allowed only when the namespace has OTP configured (email and/or WhatsApp); if OTP is not enabled, this skill cannot be used to obtain a session.
When to use this skill
- User wants to "log in to Konecty", "open a Konecty session", "save Konecty credentials", or "set up Konecty for other skills" and the namespace uses OTP.
- User needs
KONECTY_TOKENfor automation or other skills and is willing to complete OTP (receive code, then paste it).
Two-phase flow
- Request OTP — Agent calls the API to send a one-time code to the user's email or phone. User receives the code (email or WhatsApp, according to namespace config).
- Receive OTP and obtain token — User informs the agent of the 6-digit code. Agent calls the verify API, receives the session token (
authId), and persists it. Consider token validity (session expiration); when the token expires, the user must run this flow again.
Workflow
1. Check if OTP is available
- Call
GET {host}/api/auth/login-options. Response:{ passwordEnabled, emailOtpEnabled, whatsAppOtpEnabled }. - If neither
emailOtpEnablednorwhatsAppOtpEnabledis true, inform the user: "This Konecty namespace does not have OTP login enabled. This skill cannot open a session here." Do not proceed with request-otp. - If at least one OTP method is true, continue. Gather host (e.g.
KONECTY_URL) and either email or phone number (E.164, e.g.+5511999999999) for the user who will receive the code.
2. Request OTP (first moment)
- API:
POST {host}/api/auth/request-otp
Body (JSON):{ "email": "[email protected]" }or{ "phoneNumber": "+5511999999999" }(exactly one). - On success, the server sends the code to the user's email or WhatsApp. Tell the user: "A verification code was sent to your email/phone. When you receive the 6-digit code, paste it here."
- You can use the bundled script:
python scripts/login.py request-otp --host <url> --email <email>
orpython scripts/login.py request-otp --host <url> --phone <E164>
(see scripts/login.py).
3. Receive OTP and persist token (second moment)
- When the user provides the 6-digit OTP code, call the verify API and then persist the token.
- API:
POST {host}/api/auth/verify-otp
Body (JSON):{ "email": "[email protected]", "otpCode": "123456" }or{ "phoneNumber": "+5511999999999", "otpCode": "123456" }.
Response:{ success, authId, user }— same shape as password login; useauthIdas the session token. - Run the script to verify and write credentials:
python scripts/login.py verify-otp --host <url> --email <email> --otp <code>
or--phone <E164> --otp <code>.
The script writes ~/.konecty/.env and ~/.konecty/credentials; it does not store the OTP code, only the resulting token. - Token validity: The session token has a validity period defined by the namespace (e.g. session expiration). Other skills should use
KONECTY_TOKENuntil it expires; when the API returns 401 or session errors, the user must run this OTP flow again to obtain a new token.
4. Where credentials are stored (shared for all skills)
- ~/.konecty/.env:
KONECTY_URL=<host>,KONECTY_TOKEN=<authId>, optionallyKONECTY_USER_ID=<user._id>. Stored in the same directory as credentials so all Konecty skills can load it (e.g. source or load from~/.konecty/.env). - ~/.konecty/credentials: ini format for Node
@konecty/sdkand CLI; section[default]or[<host>]withhost,userId,authId.
Other skills should read KONECTY_URL and KONECTY_TOKEN from the environment (after loading ~/.konecty/.env when needed) and handle expired tokens (e.g. ask the user to run konecty-session again).
Security and validity
- Do not commit
~/.konecty/.envor~/.konecty/credentials; add~/.konecty/to.gitignoreif storing repo-specific paths. - Store only the session token (
authId), never the OTP code or password. - OTP codes are short-lived and single-use; after verify-otp the code is consumed.
- Session tokens expire; document or remind the user to re-run this flow when the token is no longer valid.
Reference
- APIs (login-options, request-otp, verify-otp) and token validity: reference.md
- Script usage:
python scripts/login.py --help,python scripts/login.py request-otp --help,python scripts/login.py verify-otp --help.
Related Skills
konecty/template-skill
data-ai
VerifiedTrustedCommunity
Replace with description of the skill and when the agent should use it.
SKILL.mdUpdated May 1, 2026
konecty/konecty-upload
tools
VerifiedTrustedCommunity
Upload, list, and delete files in Konecty document fields via the file API. Use this skill whenever the user wants to attach a file to a Konecty record, upload a photo/image to a contact or product, add a PDF or document to an opportunity, send a curriculum to a candidate, manage gallery images for a development or promotion, or attach any binary file to any Konecty module field. Also triggers when the user says 'upload', 'anexar', 'enviar arquivo', 'adicionar imagem', 'attach file', or refers to file-type fields in any document. Automatically reads field constraints (accepted extensions, max size, max file count) from metadata before uploading to catch errors early. Requires an active konecty-session (KONECTY_URL and KONECTY_TOKEN in ~/.konecty/.env or ~/.konecty/credentials).
SKILL.mdUpdated May 1, 2026
konecty/konecty-update
documentation
VerifiedTrustedCommunity
Updates records in any Konecty module via PUT /rest/data/:document. Enforces the mandatory pre-update fetch workflow: always fetch the current record first to obtain its _updatedAt (optimistic locking guard), then PUT with ids=[{_id, _updatedAt}] and data={changed fields}. Use when the user wants to update, edit, change, or modify any record in Konecty. Requires an active konecty-session. Use konecty-modules to discover field names and types before updating.
SKILL.mdUpdated May 1, 2026
konecty/konecty-modules
tools
VerifiedTrustedCommunity
Lists Konecty modules the current session has read access to, and retrieves fields and types for a specific module. Use when the user asks what modules or documents are available in Konecty, wants to know the fields/types of a module, needs to find the internal name of a module (e.g. "contatos", "clientes", "Oportunidade"), or wants to understand what data is accessible. Requires an active session from the konecty-session skill (KONECTY_URL and KONECTY_TOKEN in ~/.konecty/.env).
SKILL.mdUpdated May 1, 2026