← Back to Skills Marketplace

S2 Hardware Onboarding Gateway (S2 硬件入户网关)

Name: S2 Hardware Onboarding Gateway (S2 硬件入户网关)
Author: spacesq

by MilesXiang · GitHub ↗ · v2.0.0 · MIT-0

cross-platform ✓ Security Clean

180

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install s2-hardware-onboarding-gateway

Description

The official S2 firmware guide. Features absolute Zero-Exfiltration Data Topography, User-in-the-loop authorization, and local-only 3FA.

Usage Guidance

This skill is documentation/whitepaper for an onboarding protocol and is internally consistent, but exercise caution before deploying: 1) Verify the official portal (https://space2.world/developer) and the publisher — the package metadata lists an unknown source. 2) The promise of 'absolute zero-exfiltration' is an implementation property, not something this document can enforce; audit any host code that performs the local TLS handshake and the asynchronous reputation queries to ensure only hashed attributes are sent. 3) If you plan to implement or run these steps on a live host, review cryptographic choices (hash algorithms, salt/nonce usage, TLS certificate validation) and confirm the API endpoints and rate limits for reputation checks. 4) Monitor network traffic during onboarding to confirm no unexpected outbound data (especially MAC, Gene Code, or IP) leaves the LAN. 5) If you require higher assurance, request provenance (who published this, third-party audit reports) before trusting the protocol in production.

Capability Analysis

Type: OpenClaw Skill Name: s2-hardware-onboarding-gateway Version: 2.0.0 The bundle is a technical specification and developer guide for the S2 Hardware Identity Onboarding protocol (v2.0.0). It outlines a framework for local hardware discovery and cloud-based reputation auditing using anonymized hashes sent to api.space2.world. The included Python snippets are illustrative pseudo-code for firmware implementation rather than executable host scripts, and the documentation emphasizes security features such as 'User-in-the-loop' authorization and 'Zero-Exfiltration' data topography. No malicious intent, hidden backdoors, or harmful prompt injections were found.

Capability Assessment

✓ Purpose & Capability

Name/description (S2 hardware onboarding, zero-exfiltration) match the content: a protocol/whitepaper and code snippets for UDP heartbeats and local TLS submission. The skill requests no env vars, binaries, or installs — consistent for a documentation-style developer guide.

ℹ Instruction Scope

SKILL.md contains network behavior guidance (UDP broadcasts, local TLS handshake, and host-initiated reputation queries to api.space2.world). That scope is appropriate for a firmware/onboarding guide, but it instructs the host to scan the LAN, collect MAC/Gene Code locally, and to contact external registries for reputation checks — all of which are operationally significant and require the deployment environment to enforce the claimed 'local-only' constraints. The doc repeatedly asserts 'absolute zero-exfiltration' but the whitepaper also requires asynchronous queries to S2 Mainnet; the guarantee depends on correct host implementation.

✓ Install Mechanism

No install spec and no code files to run (instruction-only). This minimizes installation risk — nothing is downloaded or written by the skill itself.

✓ Credentials

The skill declares no required environment variables, binaries, or config paths. It expects network access and local access to device identifiers for onboarding, which is proportional to the stated purpose. No unrelated credentials or elevated secrets are requested.

✓ Persistence & Privilege

always is false; skill is user-invocable and allows normal autonomous invocation. It does not request persistent presence or modify other skills or system-wide settings in its metadata or instructions.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install s2-hardware-onboarding-gateway
After installation, invoke the skill by name or use /s2-hardware-onboarding-gateway
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.0

**Major update focused on absolute local data privacy and exfiltration prevention** - Enforces strict data flow separation: broadcast, local edge handshake, and siloed cloud audit phases. - All device identifiers and credentials are now restricted to on-premises network boundaries; cloud receives only irreversible vendor hashes. - Clarifies there is zero capability for device identity or gene code exfiltration at any phase. - Updated code samples to demonstrate local-only authentication and strict segregation. - Documentation and description have been revised to emphasize local-only 3FA and absolute zero-exfiltration guarantees.

v1.9.0

Version 1.9.0 (Ultimate Audit-Passed Final) — Major security and audit enhancements - Enforced cryptographic-grade random number generation (CSPRNG) for all ephemeral token creation. - Mandated broadcast rate limiting (≥15s) and exponential backoff on network congestion or repeated rejections. - Now requires strict TLS certificate validation to defend against MITM attacks. - Introduced transparent Whitebox Audit API; reputation checks are anonymized and user data is never sent to the cloud. - Added official quarantine and appeal process: flagged devices moved to isolated network, with vendor electronic appeal options.

v1.7.0

**Major update: User-in-the-loop onboarding and mandatory vendor transparency (6D-VTM).** - Enforces "User-in-the-loop" authorization—devices require explicit user consent before joining. - Adds compulsory 6D-VTM (Vendor Transparency Manifesto): devices must submit a real, 6-field transparency declaration at onboarding. - Updates description and feature highlights to reflect user authorization and 6D-VTM requirements. - Changes onboarding sequence: after zero-knowledge broadcast, main server requests TLS and transparency checks. - Removes mention of fully automated onboarding; clarifies user/process interaction and strict transparency enforcement. - Updates contact and homepage details for developer portal access.

v1.5.0

**Enterprise onboarding now requires developer portal registration instead of public GitHub PR.** - L2 code申请和确权流程已切换为S2官方企业级开发者门户，取消GitHub PR、邮件申报与人工审批。 - 描述、author和repository元信息更新，突出企业级标准和Space²官方归属。 - 精简部分安全机制表述，聚焦零知识广播规范与开放API。 - 明确Openclaw主机端校验逻辑建议查阅官方仓库，主文档不再内嵌校验代码。 - 文档语言整体更正式、权威，适配全球硬件企业开发者。

v1.3.1

- Replaced manual L2 registry email validation with a fully automated GitHub PR + DNS TXT challenge system for vendor address segment authorization. - No longer requires the collection or verification of business licenses or documents; domain DNS ownership now cryptographically proves brand legitimacy. - Added registry bot automation: challenge tokens are issued and validated automatically, and L2 registry PRs are merged upon DNS TXT confirmation. - Updated documentation in Step 1 to reflect new decentralized and privacy-focused onboarding flow. - All core firmware and security mechanisms remain unchanged.

v1.3.0

s2-hardware-onboarding-gateway v1.3.0 (Zero-Knowledge Privacy Patched) - Enhanced privacy: Heartbeat protocol now uses zero-knowledge ephemeral hash tokens; devices no longer broadcast persistent identifiers (MAC or S2-ID) in cleartext. - Added open-source corporate L2 vendor code registry with public GitHub PR and corporate validation process. - Updated onboarding instructions and heartbeat pseudocode to comply with anti-tracking requirements. - Authors and description updated to reflect joint development and privacy enhancements. - Legacy host-side verification logic reference retained for transparency.

v1.2.0

s2-hardware-onboarding-gateway 1.2.0 (Open-Source Core Patched) - Expanded documentation with in-depth open-source verification logic for host-side auditing. - Clarified the S2-ID generation format, 7-day alienation rebirth mechanism, heartbeat broadcast, and enhanced device authentication process. - Included Python pseudocode examples for both device firmware and host verification workflows. - Improved transparency and onboarding guidance for hardware developers.

Metadata

Slug s2-hardware-onboarding-gateway

Version 2.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 7

Frequently Asked Questions

What is S2 Hardware Onboarding Gateway (S2 硬件入户网关)?

The official S2 firmware guide. Features absolute Zero-Exfiltration Data Topography, User-in-the-loop authorization, and local-only 3FA. It is an AI Agent Skill for Claude Code / OpenClaw, with 180 downloads so far.

How do I install S2 Hardware Onboarding Gateway (S2 硬件入户网关)?

Run "/install s2-hardware-onboarding-gateway" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is S2 Hardware Onboarding Gateway (S2 硬件入户网关) free?

Yes, S2 Hardware Onboarding Gateway (S2 硬件入户网关) is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does S2 Hardware Onboarding Gateway (S2 硬件入户网关) support?

S2 Hardware Onboarding Gateway (S2 硬件入户网关) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created S2 Hardware Onboarding Gateway (S2 硬件入户网关)?

It is built and maintained by MilesXiang (@spacesq); the current version is v2.0.0.

More Skills