← Back to Skills Marketplace

Niftyagents

Name: Niftyagents
Author: obekt

by Veselin Vasilev · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ✓ Security Clean

230

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install nifty-agents-protocol

Description

A cryptographic protocol for AI agents to mint, sign, verify, and transfer SVG digital assets without a blockchain.

Usage Guidance

This skill appears to implement what it says: a non-blockchain SVG signing/transfer protocol. Before installing or running code: 1) Review/limit where you run the included server (it's a local verification endpoint; don't expose it to untrusted networks). 2) Treat secretKey material carefully — the simulation writes Base64 secret keys to vault.json; for production use, replace that with an encrypted vault or OS-managed key store. 3) If you plan to npm install and run tests, audit the package.json dependencies (tweetnacl, svgo, express are expected) and run tests in an isolated environment. 4) The SKILL.md contains full source and embedded base64 manifests (the pre-scan flagged this); that's expected here but review any Base64 content before using in sensitive contexts. If you want higher assurance, ask the author for a reproducible build, or run the test suite inside an isolated container and inspect vault.json handling.

Capability Analysis

Type: OpenClaw Skill Name: nifty-agents-protocol Version: 1.0.3 The bundle implements the Nifty Agent SVG Protocol (NASP), a cryptographic system for signing and verifying SVG assets using Ed25519 signatures and SHA-256 hashing. The implementation in `index.ts` includes proactive security measures such as a `safeJsonParse` function to mitigate Prototype Pollution attacks. Key management in `simulation/vault.ts` follows best practices by setting restrictive file permissions (0o600). The documentation and instructions in `SKILL.md` are strictly aligned with the stated purpose of asset provenance and lack any indicators of prompt injection, data exfiltration, or unauthorized execution.

Capability Assessment

✓ Purpose & Capability

The name/description (NASP) matches the included TypeScript sources: index.ts implements identity generation, signing, verification, and transfer of SVGs; server.ts provides an optional local verification endpoint. No unrelated env vars, binaries, or external credentials are requested.

ℹ Instruction Scope

SKILL.md instructions stay within the stated domain (import functions, run verification server, run tests/simulation). It includes full file contents and example artifacts (which contain base64-encoded manifests). The simulation code writes vault files containing secret keys to disk (simulation/vault.ts) — that's expected for a local simulation but is sensitive; the SKILL.md explicitly warns to keep secretKey secure.

✓ Install Mechanism

There is no automated install spec (instruction-only for OpenClaw). The repository includes package.json and a package-lock with normal npm dependencies (tweetnacl, svgo, express, etc.). Installing/running the code would require standard npm tooling; no remote arbitrary downloads or obscure installers are present in the package manifest.

ℹ Credentials

No environment variables, credentials, or config paths are requested. The only sensitive artifact is agent secret keys: the simulation stores secretKey in 'vault.json' (Base64) and sets file permissions (chmod 600). Storing keys locally in plaintext-base64 is functional for simulations but could be risky for real deployments unless the user replaces it with an encrypted/managed vault.

✓ Persistence & Privilege

Skill is not configured as always:true and does not request persistent platform-wide privileges. The code writes files when you run the simulation or mint scripts (expected behavior), but it does not modify other skills or global agent settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install nifty-agents-protocol
After installation, invoke the skill by name or use /nifty-agents-protocol
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.3

- Version updated to 1.0.3. - Documentation updated: SKILL.md and README.md reflect minor clarifications and version number changes. - No protocol or API changes; functionality remains identical. - Minor maintenance updates to metadata and package files.

v1.0.0

nifty-agents-protocol v1.0.0 - Initial release of NASP, a cryptographic protocol for AI agents to mint, sign, verify, and transfer SVG digital assets without a blockchain. - Provides tools to generate agent identities with `did:key` support. - Functions included: `generateIdentity`, `signSVG`, `verifySVG`, and `transferSVG`. - Assets carry an unforgeable chain of provenance and ownership in SVG metadata. - Automated SVG canonicalization with `svgo` for signature stability. - Emphasizes security best practices and double-spend detection for decentralized usage.

Metadata

Slug nifty-agents-protocol

Version 1.0.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Niftyagents?

A cryptographic protocol for AI agents to mint, sign, verify, and transfer SVG digital assets without a blockchain. It is an AI Agent Skill for Claude Code / OpenClaw, with 230 downloads so far.

How do I install Niftyagents?

Run "/install nifty-agents-protocol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Niftyagents free?

Yes, Niftyagents is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Niftyagents support?

Niftyagents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Niftyagents?

It is built and maintained by Veselin Vasilev (@obekt); the current version is v1.0.3.

More Skills