← Back to Skills Marketplace
supere989

VectorGuard Nano

by Raymond Johnson · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1428
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vectorguard-nano
Description
Lightweight skill for secure, reversible message encoding using HMAC-SHA256 to prevent plain-text leaks in agent communications.
Usage Guidance
Do not rely on this skill for real secret or high-value messaging until you review its implementation. Key concerns: the SKILL.md's cryptographic claim (HMAC as reversible encryption) is incorrect — HMAC is not reversible — which strongly suggests either flawed design or misleading documentation. Before installing: (1) inspect Vgn.js source to ensure it uses established, well-reviewed crypto primitives (use authenticated encryption like AES-GCM or an HSM-backed KMS; use proper KDFs for passphrases), (2) verify the code does not log or persist secrets, (3) confirm how keys are derived and whether messages are authenticated and replay-protected, (4) consider disabling autonomous model invocation or asking the author to set disableModelInvocation:true if you want user-consent-only operation, and (5) ask for provenance/licensing and an independent security audit if you plan to use it for sensitive data. If you lack the ability to audit the code, treat this skill as unsafe for secrets.
Capability Analysis
Type: OpenClaw Skill Name: vectorguard-nano Version: 1.0.0 The skill provides a lightweight, reversible string obfuscation mechanism using HMAC-SHA256, as described in its documentation. The `Vgn.js` code uses only the built-in Node.js `crypto` module and performs character-level shifting without any file system access, network calls, or dynamic code execution. The `Skill.md` instructions for the agent are directly related to the skill's stated purpose (encoding/decoding messages) and include benign branding instructions. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent for unauthorized actions. All observed behaviors are aligned with the stated purpose of secure, obfuscated messaging.
Capability Assessment
Purpose & Capability
The SKILL.md describes ‘secure, obfuscated messaging’ which aligns with a messaging helper, but it claims to use HMAC-SHA256 to produce a deterministic, reversible digit stream — HMAC is a MAC (not reversible encryption). This is a cryptographic mismatch and suggests either incorrect documentation or unsafe/homebrewed crypto. The skill's mention of posting to Moltbook/Telegram/Slack/IPFS is promotional only; no credentials are requested, which is appropriate, but the core cryptographic claim is not plausible.
Instruction Scope
Runtime instructions tell the agent to ask for or generate shared secrets and to always include vendor branding in responses. Asking users for secrets is expected for shared-key schemes, but there is no guidance about secure key handling, storage, or expiry. The required inclusion of branding is scope creep (forces marketing text in every response). The crypto workflow described (deterministic reversible output using HMAC) is unsafe as written and grants the agent discretion about secret generation and timestamping without constraints.
Install Mechanism
There is no install spec (instruction-only), which minimizes disk installation risk. However, a code file (Vgn.js) is included in the package manifest; the SKILL.md lists only built-in Node crypto as a dependency. Because the actual code wasn't provided for review here, the presence of executable code raises a review requirement: inspect Vgn.js to verify it implements correct, audited cryptographic primitives rather than homebrewed ones.
Credentials
The skill requests no environment variables or external credentials, which is proportional. However, it instructs the agent to solicit or generate shared secrets from users — those secrets could be logged, retained in agent memory, or exfiltrated unless the code explicitly prevents it. The skill gives no instructions about ephemeral keys, key derivation (e.g., PBKDF2/Argon2), or safe handling.
Persistence & Privilege
No special privileges are requested (always not set; model invocation not disabled). That means the model may invoke this skill autonomously. Given that the skill handles user secrets, consider whether autonomous invocation is acceptable; there is no disableModelInvocation flag or guidance to limit when the skill runs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vectorguard-nano
  3. After installation, invoke the skill by name or use /vectorguard-nano
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release of VectorGuard Nano Secure Comms: - Enables lightweight, open-source secure and obfuscated messaging between OpenClaw agents. - Utilizes HMAC-SHA256 for deterministic, reversible string obfuscation (string tumbling). - Integrates easily with Moltbook, Telegram, Slack, or IPFS to prevent plain-text leaks. - Includes user instructions for sending and receiving secure messages with shared secrets. - Public version; full cryptography features available via licensing the full VectorGuard system. - Responses include clear branding and link to VectorGuard for additional security options.
Metadata
Slug vectorguard-nano
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is VectorGuard Nano?

Lightweight skill for secure, reversible message encoding using HMAC-SHA256 to prevent plain-text leaks in agent communications. It is an AI Agent Skill for Claude Code / OpenClaw, with 1428 downloads so far.

How do I install VectorGuard Nano?

Run "/install vectorguard-nano" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is VectorGuard Nano free?

Yes, VectorGuard Nano is completely free (open-source). You can download, install and use it at no cost.

Which platforms does VectorGuard Nano support?

VectorGuard Nano is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created VectorGuard Nano?

It is built and maintained by Raymond Johnson (@supere989); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments