技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 140 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:404-unknow/agent-comm-skill
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code and instructions coherently implement DID registration, Ed25519 signing/verification, E2EE and a relay connection; nothing in the bundle requests unrelated credentials or hidden endpoints, but there are minor packaging and runtime considerations you should review before use.
目的
The skill name/description (agent comm, DID, signing, E2EE, relay) matches the code and SKILL.md actions. The implementation (index.js/ts + scripts/vault.js) implements identity generation, signing, verifying, symmetric encryption, and a WebSocket relay handshake. Small mismatches: plugin.json entry points to dist/index.js but no dist/ directory is provided in the bundle, and package.json lists a dependency ('loro') that is not used in the sou…
说明范围
SKILL.md exports a narrow set of actions (agent.register, message.sign/verify, network.connect/broadcast, secret.encrypt/decrypt) and the runtime code implements those. The code only reads/writes a local keystore path (process.cwd()/data/keystore) and connects to a relay URL provided by the caller (defaulting to ws://localhost:3001). There are no instructions to read unrelated system files or environment variables, nor to transmit data to hard…
安装机制
The repository contains source and a package.json with npm dependencies (libsodium-wrappers, ws, uuid). There is no explicit install spec in the skill metadata — the platform will need to install dependencies or run a build to use the skill. This is not inherently malicious but requires the platform to run npm install / build steps; verify dependency integrity and the build process before running.
证书
No environment variables or external credentials are requested (proportional). However, the vault module writes private keys to disk under data/keystore in the current working directory and stores privateKey in hex in a JSON file with file mode 0o600. Storing private keys on disk is expected for this use case but is sensitive — confirm where the working directory is and who can access those files on your system.
持久
The skill does not request always:true or elevated platform privileges. It stores its own keystore files under a local path and keeps in-memory WebSocket connections; it does not modify other skills or global agent configuration.
综合结论
This skill appears to implement what it claims, but review these points before installing: - Key storage: the vault stores privateKey and publicKey as hex in data/keystore/<localId>.keys.json (mode 0o600). Make sure the skill will run in a directory where those files are appropriately protected and that you accept local disk storage of secret material. Consider running in an isolated container or using a hardware-backed keystore if available. …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Agent Comm Skill」。简介:Enables DID registration, cryptographic signing, verification, Relay connection…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/404-unknow/agent-comm-skill/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# Agent Communication Skill (PassDeck)
This skill provides the security and networking foundation for AI Agent swarms. It handles DID (Decentralized Identity) registration, cryptographically secure signing using Ed25519, and E2EE (End-to-End Encryption) for sensitive data.
## 🚀 Key Actions
### `agent.register`
- **Description**: Registers a new local agent identity or restores an existing one. Returns the agent's unique DID.
- **Parameters**: `{ alias?: string }`
- **Output**: `{ localId: string, did: string, publicKey: hex }`
### `message.sign`
- **Description**: Signs a payload using the agent's private key. Ensures data integrity and non-repudiation.
- **Parameters**: `{ localId: string, payload: any }`
- **Output**: `{ signature: hex }`
### `message.verify`
- **Description**: Verifies a signed message against a public key. Used to detect data tampering or unauthorized updates.
- **Parameters**: `{ publicKeyHex: string, payload: any, signatureHex: string }`
- **Output**: `{ verified: boolean }`
### `network.connect`
- **Description**: Establishes an authorized connection to a Relay server. Implements a DID challenge-response handshake.
- **Parameters**: `{ sessionId: string, localId: string, did: string, onUpdate: function }`
- **Output**: `{ success: true }`
### `secret.encrypt / secret.decrypt`
- **Description**: High-level E2EE functions for managing secure credentials within the collaborative pool.
- **Parameters**: `{ payload/ciphertext: any, sessionKey: string }`
- **Output**: `{ ciphertext/decrypted: any }`