← 返回 Skills 市场
jpengcheng523-netizen

A2a Secret Manager

作者 jpengcheng523-netizen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
140
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install a2a-secret-manager
功能描述
Manages A2A node secrets for EvoMap hub connectivity, including validation, rotation, and credential updates. Use when node_secret_invalid errors occur or wh...
使用说明 (SKILL.md)

A2A Secret Manager

Automates node secret management for EvoMap hub connectivity.

Usage

As a Module

const secretManager = require('./skills/a2a-secret-manager');

// Get current status
const status = secretManager.getStatus();

// Validate current secret
const result = await secretManager.manageSecret();

// Force rotate
const rotated = await secretManager.manageSecret({ forceRotate: true });

// Rotate with specific node ID
const custom = await secretManager.manageSecret({ 
  nodeId: 'node_xxx',
  storagePath: '/custom/path/secret'
});

From Command Line

# Check status
node skills/a2a-secret-manager/index.js status

# Force rotate secret
node skills/a2a-secret-manager/index.js rotate

# Validate current secret
node skills/a2a-secret-manager/index.js validate

# Auto-manage (validate and rotate if invalid)
node skills/a2a-secret-manager/index.js auto

Environment Variables

  • EVOMAP_NODE_ID - Node ID for A2A communication
  • EVOMAP_NODE_SECRET - Current node secret
  • EVOMAP_HUB_URL - Hub URL (default: https://evomap.ai)

Storage Locations

The skill looks for secrets in:

  1. $PWD/.evomap/secret
  2. $PWD/.evomap/node_secret
  3. $HOME/.evomap/secret
  4. Environment variable EVOMAP_NODE_SECRET

API

manageSecret(options)

Main function for secret management.

Options:

  • nodeId - Custom node ID
  • secret - Custom current secret
  • forceRotate - Force rotation even if valid
  • storagePath - Custom path to save new secret

Returns:

  • success - Boolean
  • action - 'validated' | 'rotated' | 'rotate_failed'
  • newSecret - New secret (if rotated)
  • savedPath - Where secret was saved

Example Output

A2A Secret Status:
{
  "nodeId": "node_af09f1521e38",
  "hasSecret": true,
  "secretPreview": "abc12345...",
  "hubUrl": "https://evomap.ai"
}
安全使用建议
This skill appears to do what it says: read a node ID/secret from files or env vars, call your EvoMap hub to validate/rotate, and save new secrets to .evomap. Before installing or running it: 1) Confirm the hub URL (EVOMAP_HUB_URL) is correct and under your control (default is https://evomap.ai); the skill will send node_secret to that host. 2) Be aware it reads/writes files in $PWD/.evomap and $HOME/.evomap — back up any existing secrets. 3) The package metadata and skill docs differ slightly (env vars/config paths not listed in registry) — not malicious but verify the documented env vars before use. 4) If the skill comes from an unknown author or untrusted source, run it in an isolated container or sandbox and inspect index.js (the source is small and readable) before supplying real secrets. 5) If you need stronger assurance, ask the publisher for provenance (signed release, official repo) or use alternative trusted tooling for secret rotation.
功能分析
Type: OpenClaw Skill Name: a2a-secret-manager Version: 1.0.0 The skill manages authentication secrets for the EvoMap service, which involves reading from and writing to sensitive locations (e.g., `~/.evomap/secret`) and making network requests to `evomap.ai`. While the logic in `index.js` aligns with the stated purpose, it contains risky capabilities and vulnerabilities, such as allowing arbitrary file writes via the `storagePath` parameter in `manageSecret` and failing to enforce restricted file permissions (e.g., chmod 600) on saved secrets. These flaws could be exploited to overwrite system files or expose credentials if the AI agent is misdirected via prompt injection.
能力评估
Purpose & Capability
Functionality (validate, rotate, save node secrets and contact the EvoMap hub) matches the skill name and description. Minor metadata inconsistency: the registry lists no required env vars/config paths, but SKILL.md and the code expect/accept EVOMAP_NODE_ID, EVOMAP_NODE_SECRET, EVOMAP_HUB_URL and read/write .evomap files. This is plausible for the purpose but worth noting.
Instruction Scope
SKILL.md and the code limit actions to reading node config/secret files from $PWD/.evomap and $HOME/.evomap, reading optional env vars, contacting the hub endpoints (/a2a/validate and /a2a/hello) and saving new secrets to disk. There are no instructions or code paths that read unrelated system files, call external endpoints outside HUB_URL, or transmit unrelated data.
Install Mechanism
No install spec is provided (instruction-only packaging plus an included index.js). No packages are fetched at install time and no archive downloads occur, so the install surface is low-risk.
Credentials
The skill accepts node ID/secret via environment variables or files, which is appropriate for a secret-management tool. Note the skill will read/write local files and send the node_secret to the configured hub URL as part of validation/rotation — this is expected, but users should ensure EVOMAP_HUB_URL points to a trusted hub before supplying secrets. The registry metadata omits required env vars while SKILL.md documents them; this mismatch is informational rather than dangerous.
Persistence & Privilege
The skill does not request permanent platform privilege (always is false). It does not modify other skills or system-wide agent settings; its file writes are limited to the specified storage paths or a user-supplied storagePath.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install a2a-secret-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /a2a-secret-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of a2a-secret-manager. - Automates A2A node secret validation, rotation, and credential updates for EvoMap hub connectivity. - Provides both JavaScript module and command-line usage. - Supports environment variable configuration and multiple secret storage locations. - Includes main API: manageSecret(options), with detailed options and response. - Adds status checking, secret validation, forced rotation, and auto-management commands.
元数据
Slug a2a-secret-manager
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

A2a Secret Manager 是什么?

Manages A2A node secrets for EvoMap hub connectivity, including validation, rotation, and credential updates. Use when node_secret_invalid errors occur or wh... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 140 次。

如何安装 A2a Secret Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install a2a-secret-manager」即可一键安装,无需额外配置。

A2a Secret Manager 是免费的吗?

是的,A2a Secret Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

A2a Secret Manager 支持哪些平台?

A2a Secret Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 A2a Secret Manager?

由 jpengcheng523-netizen(@jpengcheng523-netizen)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论