← 返回 Skills 市场
Agent Comm Skill
作者
404-UNKNOW
· GitHub ↗
· v0.1.0
266
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install agent-comm-skill
功能描述
Enables DID registration, cryptographic signing, verification, Relay connection, and end-to-end encryption for secure AI agent communication.
使用说明 (SKILL.md)
Agent Communication Skill (PassDeck)
This skill provides the security and networking foundation for AI Agent swarms. It handles DID (Decentralized Identity) registration, cryptographically secure signing using Ed25519, and E2EE (End-to-End Encryption) for sensitive data.
🚀 Key Actions
agent.register
- Description: Registers a new local agent identity or restores an existing one. Returns the agent's unique DID.
- Parameters:
{ alias?: string } - Output:
{ localId: string, did: string, publicKey: hex }
message.sign
- Description: Signs a payload using the agent's private key. Ensures data integrity and non-repudiation.
- Parameters:
{ localId: string, payload: any } - Output:
{ signature: hex }
message.verify
- Description: Verifies a signed message against a public key. Used to detect data tampering or unauthorized updates.
- Parameters:
{ publicKeyHex: string, payload: any, signatureHex: string } - Output:
{ verified: boolean }
network.connect
- Description: Establishes an authorized connection to a Relay server. Implements a DID challenge-response handshake.
- Parameters:
{ sessionId: string, localId: string, did: string, onUpdate: function } - Output:
{ success: true }
secret.encrypt / secret.decrypt
- Description: High-level E2EE functions for managing secure credentials within the collaborative pool.
- Parameters:
{ payload/ciphertext: any, sessionKey: string } - Output:
{ ciphertext/decrypted: any }
安全使用建议
This skill appears to implement what it claims, but review these points before installing:
- Key storage: the vault stores privateKey and publicKey as hex in data/keystore/<localId>.keys.json (mode 0o600). Make sure the skill will run in a directory where those files are appropriately protected and that you accept local disk storage of secret material. Consider running in an isolated container or using a hardware-backed keystore if available.
- Relay endpoints: the code will connect to any relayUrl you provide (default ws://localhost:3001). Only connect to relays you trust; verify the relay server address before invoking network.connect to avoid connecting to untrusted hosts.
- Packaging/build: plugin.json points to dist/index.js but the bundle provides source files (index.js/index.ts) and no dist/. The platform will need to install npm deps and possibly build. Verify the exact install/build steps and dependency integrity (npm registry, lockfile) before running.
- Dependencies: verify and audit dependencies (libsodium-wrappers, ws, uuid and transitive deps). The bundle contains a package-lock.json — use it to validate package integrity or vendor the dependencies if you require stricter supply-chain controls.
- Small oddities: an included dependency 'loro' appears in package.json but is unused in the code; this is likely harmless but worth confirming there are no hidden/unused modules that might be introduced later.
If you need higher assurance, run the skill in an isolated environment, inspect the keystore files after registration, and perform a network capture while exercising network.connect to confirm it only talks to intended relays.
功能分析
Type: OpenClaw Skill
Name: agent-comm-skill
Version: 0.1.0
The skill bundle provides legitimate cryptographic and networking primitives for AI agent communication, including DID registration, Ed25519 signing, and E2EE using libsodium. The implementation in index.ts and scripts/vault.js aligns perfectly with the stated purpose in SKILL.md, utilizing standard libraries (libsodium-wrappers, ws, loro) for secure identity management and message passing. No evidence of data exfiltration, malicious execution, or prompt injection was found; sensitive keys are stored locally with appropriate file permissions (0o600).
能力评估
Purpose & Capability
The skill name/description (agent comm, DID, signing, E2EE, relay) matches the code and SKILL.md actions. The implementation (index.js/ts + scripts/vault.js) implements identity generation, signing, verifying, symmetric encryption, and a WebSocket relay handshake. Small mismatches: plugin.json entry points to dist/index.js but no dist/ directory is provided in the bundle, and package.json lists a dependency ('loro') that is not used in the source — these are packaging issues but do not contradict the stated purpose.
Instruction Scope
SKILL.md exports a narrow set of actions (agent.register, message.sign/verify, network.connect/broadcast, secret.encrypt/decrypt) and the runtime code implements those. The code only reads/writes a local keystore path (process.cwd()/data/keystore) and connects to a relay URL provided by the caller (defaulting to ws://localhost:3001). There are no instructions to read unrelated system files or environment variables, nor to transmit data to hardcoded remote endpoints.
Install Mechanism
The repository contains source and a package.json with npm dependencies (libsodium-wrappers, ws, uuid). There is no explicit install spec in the skill metadata — the platform will need to install dependencies or run a build to use the skill. This is not inherently malicious but requires the platform to run npm install / build steps; verify dependency integrity and the build process before running.
Credentials
No environment variables or external credentials are requested (proportional). However, the vault module writes private keys to disk under data/keystore in the current working directory and stores privateKey in hex in a JSON file with file mode 0o600. Storing private keys on disk is expected for this use case but is sensitive — confirm where the working directory is and who can access those files on your system.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It stores its own keystore files under a local path and keeps in-memory WebSocket connections; it does not modify other skills or global agent configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agent-comm-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/agent-comm-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of Agent Communication Skill (PassDeck):
- Provides secure identity registration (DID) and management for agents.
- Supports Ed25519 cryptographic signing and message verification.
- Enables E2EE (End-to-End Encryption) with easy encryption/decryption functions.
- Includes secure relay network connection via DID challenge-response handshake.
- Exposes core actions: agent registration, message signing/verifying, network connect, secret encryption/decryption.
元数据
常见问题
Agent Comm Skill 是什么?
Enables DID registration, cryptographic signing, verification, Relay connection, and end-to-end encryption for secure AI agent communication. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 266 次。
如何安装 Agent Comm Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-comm-skill」即可一键安装,无需额外配置。
Agent Comm Skill 是免费的吗?
是的,Agent Comm Skill 完全免费(开源免费),可自由下载、安装和使用。
Agent Comm Skill 支持哪些平台?
Agent Comm Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Agent Comm Skill?
由 404-UNKNOW(@404-unknow)开发并维护,当前版本 v0.1.0。
推荐 Skills