← Back to Skills Marketplace
xinyuwang

sev-attestation

by xinyuwang · GitHub ↗ · v1.0.2
cross-platform ✓ Security Clean
1823
Downloads
1
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install sev-attestation
Description
Perform AMD SEV-SNP remote attestation to cryptographically verify VM identity and integrity. Use when proving a VM is running in a genuine AMD SEV-SNP confidential computing environment, verifying VM integrity before trusting it with secrets, checking SEV-SNP availability, generating attestation reports, validating AMD certificate chains (ARK/ASK/VCEK), or debugging attestation failures.
Usage Guidance
This skill appears to do exactly what it says: local SEV‑SNP attestation using /dev/sev-guest, snpguest or OpenSSL, and AMD's KDS. Before running it: 1) review the scripts (they are included) and confirm you are comfortable running them as root; 2) expect the fetch step to send chip identifiers and TCB fields to AMD's KDS (this is required to obtain the VCEK and may reveal hardware identifiers); 3) installing snpguest via cargo will pull code from crates.io—inspect that package if you have supply-chain concerns; 4) run in a trusted environment (attestation involves hardware identifiers and privileged device access) and, if using cloud VMs, check provider policies. If you want stricter assurance, run the manual OpenSSL verification path included so you can audit each step and avoid installing extra tooling.
Capability Analysis
Type: OpenClaw Skill Name: sev-attestation Version: 1.0.2 The skill bundle is designed to perform AMD SEV-SNP remote attestation, which inherently requires privileged access to `/dev/sev-guest` and network communication with AMD's Key Distribution Service (`kdsintf.amd.com`). All scripts and documentation (including `SKILL.md` and `README.md`) clearly state these requirements and their purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation to hide intent, or prompt injection attempts against the agent. The use of `sudo` and interaction with privileged kernel devices are necessary for the stated functionality and are transparently documented in `SKILL.md` and `references/error-codes.md`.
Capability Assessment
Purpose & Capability
Name/description match the included scripts: detection, report generation (via /dev/sev-guest), fetching AMD certificates from KDS, chain verification, and report signature verification. Required operations (accessing /dev/sev-guest, using snpguest, openssl, curl, xxd/python3) are appropriate for SEV‑SNP attestation and nothing in the files asks for unrelated cloud credentials or services.
Instruction Scope
SKILL.md and the scripts constrain actions to the attestation workflow: checking device/module, invoking snpguest or using OpenSSL to validate signatures, fetching certificates from AMD's KDS, and writing results to a local output directory. The instructions do not attempt to read unrelated user files or environment variables beyond optional debug/proxy settings. They do, however, parse and send chip-specific identifiers when fetching VCEK (expected for this task).
Install Mechanism
This is instruction-only (no automated install spec). The README/SKILL.md recommend installing snpguest via cargo and using common system tools (openssl, curl). Those recommendations are expected for the workflow; there are no opaque downloads from untrusted servers in the skill bundle itself. Installing snpguest will pull code from crates.io (standard practice) — review that package if you have supply-chain concerns.
Credentials
The skill declares no required environment variables or external credentials. It requires root or membership in the sev group to access /dev/sev-guest (legitimate for generating reports) and network access to AMD's KDS (kdsintf.amd.com) to fetch VCEK/ARK/ASK. The scripts do not request unrelated secrets or long lists of credentials.
Persistence & Privilege
The skill does not request persistent installation or force inclusion (always:false). It performs on-demand local operations and writes output to the specified output directory only. It does require elevated privileges to access the kernel device, which is appropriate for the stated purpose but means the user must run scripts as root or with proper device permissions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sev-attestation
  3. After installation, invoke the skill by name or use /sev-attestation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
sev-attestation 1.0.2 - No user-facing or internal changes; version bump only. - All documentation, code, and workflow remain unchanged.
v1.0.1
Version 1.0.1 of sev-attestation - No file changes detected; documentation and functionality remain unchanged.
v1.0.0
Initial release of sev-attestation. - Provides scripts for performing AMD SEV-SNP remote attestation to verify VM identity and integrity. - Supports checking SEV-SNP availability, generating attestation reports, and fetching/validating AMD certificate chains (ARK/ASK/VCEK). - Includes workflow diagrams, usage instructions, and individual scripts for each attestation step. - Requires the snpguest Rust CLI, openssl, and curl.
Metadata
Slug sev-attestation
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is sev-attestation?

Perform AMD SEV-SNP remote attestation to cryptographically verify VM identity and integrity. Use when proving a VM is running in a genuine AMD SEV-SNP confidential computing environment, verifying VM integrity before trusting it with secrets, checking SEV-SNP availability, generating attestation reports, validating AMD certificate chains (ARK/ASK/VCEK), or debugging attestation failures. It is an AI Agent Skill for Claude Code / OpenClaw, with 1823 downloads so far.

How do I install sev-attestation?

Run "/install sev-attestation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is sev-attestation free?

Yes, sev-attestation is completely free (open-source). You can download, install and use it at no cost.

Which platforms does sev-attestation support?

sev-attestation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created sev-attestation?

It is built and maintained by xinyuwang (@xinyuwang); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments