Description

Installs and configures the Agentic SPM plugin for OpenClaw using a secp256k1 keypair to authenticate with the Guardian AI API and Chromia blockchain.

README (SKILL.md)

Agentic SPM Plugin — Installation Guide

Name: AGENT SPM SKILL
Author: ketiyohanneschromaway

Prerequisites

Before you install, make sure you have:

Node.js v18 or later installed (node --version to check)
OpenClaw CLI installed and accessible in your terminal
A terminal with access to your home directory

The plugin uses a secp256k1 keypair to authenticate your client with the Guardian AI API. You'll generate this in Step 1.

Step 1: Generate a secp256k1 Keypair

Skip this step if you already have a keypair saved at ~/.config/ai-guardian/guard-client-key.

Your keypair is a private/public key pair used to sign requests to the Chromia blockchain. Think of the private key as your password — keep it secret.

Run this command in your terminal — it generates the keypair and saves it to the right place automatically:

node -e "
const crypto = require('crypto');
const fs = require('fs');
const os = require('os');
const path = require('path');

const privkey = crypto.randomBytes(32).toString('hex');
const ec = crypto.createECDH('secp256k1');
ec.setPrivateKey(privkey, 'hex');
const pubkey = ec.getPublicKey('hex', 'compressed');

const content = [
  '#Keypair generated using secp256k1',
  '#' + new Date().toString(),
  'privkey=' + privkey,
  'pubkey=' + pubkey,
].join('\
') + '\
';

const dir = path.join(os.homedir(), '.config', 'ai-guardian');
fs.mkdirSync(dir, { recursive: true });
fs.writeFileSync(path.join(dir, 'guard-client-key'), content, { mode: 0o600 });

process.stdout.write('pubkey=' + pubkey + '\
');
"

Important: The private key is written to ~/.config/ai-guardian/guard-client-key and is never printed.

Step 2: Install the Plugin

Run the following command to install the Agentic SPM via the OpenClaw CLI:

openclaw plugins install @chrguard/ai-guardian-plugin

This command downloads the plugin from npm and places it in ~/.openclaw/extensions/ai-guardian-plugin. The openclaw.json file will be partially updated automatically, but you still need to configure it manually as described in Step 3.

Step 3: Configure openclaw.json

Open your openclaw.json file — typically located at ~/.openclaw/openclaw.json. Apply each of the following sub-steps:

3.1 Enable plugins

Make sure the top-level plugins block is enabled:

"plugins": {
    "enabled": true,
    ...
}

Note: This unlocks the entire plugin system inside the gateway.

3.2 Add to the allow list

In plugins.allow, add "ai-guardian-plugin" to the array:

"allow": [
    "...",
    "ai-guardian-plugin"
]

Security: This explicitly permits the Guardian plugin to run.

3.3 Register the load path

Find the installPath from where you installed it, and add it to plugins.load.paths:

"load": {
    "paths": [
        "...",
        "/Users/\x3Cyour-username>/.openclaw/extensions/ai-guardian-plugin"
    ]
}

Important: The path must match your system exactly — replace \x3Cyour-username> with your actual macOS username.

3.4 Add the plugin entry

Under plugins.entries, add the full Guardian configuration block:

"entries": {
    "ai-guardian-plugin": {
        "enabled": true,
        "config": {
            "enabled": true,
            "enforceDecision": true,
            "chromiaBrid": "5D007915E9DE53AA29784820E8F41CE65A4436703E23B8AF49B83C7FB4FDB048",
            "chromiaNodes": [
                "https://node6.testnet.chromia.com:7740",
                "https://node7.testnet.chromia.com:7740",
                "https://node8.testnet.chromia.com:7740"
            ],
            "chromiaJudgeOperation": "judge_action",
            "chromiaStatusQuery": "get_judgment_status",
            "chromiaFtAuth": false,
            "chromiaTxAwait": true,
            "timeoutMs": 15000,
            "chromiaTxTimeoutMs": 25000,
            "chromiaQueryTimeoutMs": 8000,
            "chromiaPollTimeoutMs": 30000,
            "chromiaPollIntervalMs": 1000,
            "chromiaSecretPath": "~/.config/ai-guardian/guard-client-key"
        }
    }
}

Note: chromiaSecretPath uses ~ to expand to your home directory, pointing to the keypair generated in Step 1.

Step 4: Restart the Gateway

Once all changes are saved, restart the OpenClaw gateway to load the new plugin configuration:

openclaw gateway restart

Success: You should see a terminal confirmation that the gateway has restarted and the plugin is active.

Summary

After completing all steps, your setup should reflect the following:

Field	Expected Value
`plugins.enabled`	`true`
`plugins.allow`	includes `"ai-guardian-plugin"`
`plugins.load.paths`	includes the `installPath`
`plugins.entries`	contains `ai-guardian-plugin`
`chromiaSecretPath`	`~/.config/ai-guardian/guard-client-key`
`enforceDecision`	`true` (blockchain actively blocks)

Usage Guidance

The guide does what it says (creates a secp256k1 key, installs an npm plugin, edits openclaw.json), but you should not proceed blindly. Before installing: (1) verify the npm package (@chrguard/ai-guardian-plugin) — check its publisher, version, README, and source repository; prefer an official homepage or signed release. (2) Inspect the plugin code (or install in an isolated/test environment) before enabling it in your production gateway. (3) Understand that enabling plugins and adding the plugin to 'allow' grants it persistent execution; consider testing in a sandboxed instance first. (4) Protect the generated private key: generate it on a machine you control, ensure file permissions are correct, consider hardware-backed key storage if available, and keep backups and rotation plans. (5) Note the registry metadata omits the config path but the instructions use ~/.config/ai-guardian/guard-client-key — this mismatch is why you should confirm intent and provenance. If you can't verify the npm package or review the plugin code, avoid granting it gateway-wide permissions.

Capability Analysis

Type: OpenClaw Skill Name: agent-spm-setup-skill Version: 1.0.0 The skill bundle provides a legitimate installation guide for the Agentic SPM plugin, including a Node.js script in skill.md to generate a local secp256k1 keypair for blockchain authentication. The script follows security best practices by setting restricted file permissions (0600) on the generated key and does not exfiltrate sensitive data. All configuration steps and commands are consistent with the stated purpose of setting up a security-focused plugin for the OpenClaw gateway.

Capability Assessment

ℹ Purpose & Capability

The skill's name/description (install & configure Agentic SPM plugin with a secp256k1 keypair) aligns with the runtime steps: it generates a local keypair, installs an OpenClaw plugin, and edits openclaw.json. However registry metadata declared no required config paths or secrets, yet the instructions write and later reference a private key at ~/.config/ai-guardian/guard-client-key (a minor metadata inconsistency). The instructions also assume presence of Node.js and the OpenClaw CLI, which is reasonable for this workflow.

⚠ Instruction Scope

SKILL.md tells the user to generate a private key file in the user's home (~/.config/ai-guardian/guard-client-key), install a plugin from npm, and modify the global gateway configuration to enable plugins, add the plugin to the allow list, and add a load path. Writing a private key and modifying the global openclaw.json (which 'unlocks the entire plugin system') are high-impact actions. The instructions do not ask for unrelated files or environment variables, but they do require persistent modification of gateway config and placement of a secret on disk — both are within the stated purpose but have elevated security implications that are not called out or mitigated (no integrity checks, no verification of plugin source).

ℹ Install Mechanism

There is no install spec in the registry, but the SKILL.md instructs using 'openclaw plugins install @chrguard/ai-guardian-plugin' which will pull a package from npm. Using npm is common, but the skill provides no package homepage, version, or publisher information. Because the plugin code will be downloaded and run by the gateway, you should verify the package (publisher, version, and source) before installing; the instruction to install from npm is expected but not risk-free.

⚠ Credentials

The skill declares no required env vars or config paths in registry metadata, yet its instructions create and reference a sensitive private key file under ~/.config/ai-guardian/guard-client-key and instruct adding that path to plugin config. Requesting no environment variables is consistent, but the omission of the config path in metadata is an inconsistency. Storing a private key on disk is necessary for the described use, but it's sensitive: the plugin will be able to read/use that key once installed. There is no guidance for key backup, rotation, or verification of who/what will use the key.

⚠ Persistence & Privilege

The skill does not set always:true, but it instructs you to enable the OpenClaw plugin system, add the plugin to allow list, add its load path, and restart the gateway — actions that grant a third-party plugin persistent, autonomous execution inside your gateway. That is consistent with installing a plugin, but it increases blast radius: a malicious or vulnerable plugin could act continuously. The instructions do not include any safeguards (e.g., sandboxing, least-privilege settings, or verifying plugin behavior).

Version History

v1.0.0

- Overhauled documentation: replaced identity/personality guidelines with a step-by-step plugin installation and configuration guide. - Removed five identity-focused files (SKILL.md, adaptation.md, boundaries.md, templates.md, voice.md). - Added a single installation guide (skill.md) detailing prerequisites, keypair generation, plugin installation, JSON configuration, and gateway restart. - Documentation now centers on technical setup—no longer covers agent identity or personality design.

Metadata

Slug agent-spm-setup-skill

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is AGENT SPM SKILL?

Installs and configures the Agentic SPM plugin for OpenClaw using a secp256k1 keypair to authenticate with the Guardian AI API and Chromia blockchain. It is an AI Agent Skill for Claude Code / OpenClaw, with 247 downloads so far.

How do I install AGENT SPM SKILL?

Run "/install agent-spm-setup-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AGENT SPM SKILL free?

Yes, AGENT SPM SKILL is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AGENT SPM SKILL support?

AGENT SPM SKILL is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AGENT SPM SKILL?

It is built and maintained by ketiyohanneschromaway (@ketiyohanneschromaway); the current version is v1.0.0.

More Skills

AGENT SPM SKILL