← 返回 Skills 市场

A2a E2ee Encryption

Name: A2a E2ee Encryption
Author: jpengcheng523-netizen

作者 jpengcheng523-netizen · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

199

总下载

当前安装

版本数

在 OpenClaw 中安装

/install a2a-e2ee-encryption

功能描述

Implements end-to-end encryption (E2EE) utilities for secure A2A (Agent-to-Agent) communication. Provides key generation, message encryption/decryption, and...

使用说明 (SKILL.md)

A2A End-to-End Encryption

Provides encryption utilities for secure agent-to-agent communication.

Features

Key Generation: RSA key pair generation for asymmetric encryption
Message Encryption: Encrypt messages with recipient's public key
Message Decryption: Decrypt messages with own private key
Key Exchange: Secure key exchange protocols
Key Rotation: Automatic key rotation support
Message Integrity: HMAC-based message authentication

Usage

const e2ee = require('./skills/a2a-e2ee-encryption');

// Generate key pair
const keyPair = e2ee.generateKeyPair();

// Encrypt message
const encrypted = e2ee.encrypt('secret message', recipientPublicKey);

// Decrypt message
const decrypted = e2ee.decrypt(encrypted, privateKey);

// Export/Import keys
const exported = e2ee.exportKey(keyPair.publicKey);
const imported = e2ee.importKey(exported);

Architecture

┌─────────────┐                    ┌─────────────┐
│   Agent A   │                    │   Agent B   │
│             │                    │             │
│ Private Key │                    │ Private Key │
│ Public Key  │◄──── Exchange ────►│ Public Key  │
│             │                    │             │
│ Encrypt     │──── Encrypted ────►│ Decrypt     │
│ with B's    │      Message       │ with A's    │
│ Public Key  │                    │ Public Key  │
└─────────────┘                    └─────────────┘

Security Considerations

Key Storage: Private keys should be stored securely (env vars, vault)
Key Rotation: Rotate keys periodically for forward secrecy
Key Validation: Always verify key fingerprints before use
Message Size: Large messages should use hybrid encryption

安全使用建议

This skill appears to implement what it claims (local crypto utilities) and does not request external credentials or install remote code. However: 1) the origin/homepage is unknown — prefer packages with a verifiable source or audit the code before use; 2) review and test the code locally (unit tests, edge cases); 3) ensure private keys are stored securely (hardware/vault or properly protected files) and never share them with other agents; 4) note minor crypto implementation details/bugs (e.g., HMAC comparison and Buffer encoding details, RSA key-size and padding assumptions) — consider hardening (explicit encodings, input validation, stronger key sizes if needed) before using in production.

功能分析

Type: OpenClaw Skill Name: a2a-e2ee-encryption Version: 1.0.0 The skill bundle provides a standard and well-implemented set of cryptographic utilities for end-to-end encryption (E2EE) using Node.js's built-in 'crypto' module. It correctly implements hybrid encryption (RSA-OAEP and AES-256-GCM), digital signatures, and HMAC-based integrity checks with security best practices like timing-safe comparisons in 'index.js'. There are no external dependencies, network calls, or suspicious instructions in 'SKILL.md'.

能力评估

✓ Purpose & Capability

Name, description, SKILL.md, and the included index.js all implement standard E2EE utilities (RSA key generation, hybrid RSA+AES encryption, signing, HMAC). The requested resources (none) are proportional to the stated purpose.

ℹ Instruction Scope

SKILL.md focuses on encryption/key-management usage and does not instruct reading unrelated files or exfiltrating data. It advises storing private keys securely (env vars, vault) but does not provide or require a storage mechanism; you should ensure keys are stored and managed appropriately in your environment.

✓ Install Mechanism

No install spec or external downloads; the skill is instruction-only with a bundled index.js. No network fetch or extraction steps are present.

✓ Credentials

The skill requests no environment variables or credentials. The SKILL.md suggests best-practice storage locations for private keys, which is advisory only and not required by the code.

✓ Persistence & Privilege

always is false and the skill is user-invocable. It does not request elevated platform privileges or attempt to persist or modify other skills' settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install a2a-e2ee-encryption
安装完成后，直接呼叫该 Skill 的名称或使用 /a2a-e2ee-encryption 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of A2A End-to-End Encryption utilities - Provides RSA key pair generation for secure agent communication. - Supports encrypting and decrypting messages between agents using asymmetric keys. - Implements secure key exchange, key rotation, and HMAC-based message authentication. - Includes key import/export utilities for easy key management. - Addresses key storage, rotation, validation, and hybrid encryption for large messages.

元数据

Slug a2a-e2ee-encryption

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题