← 返回 Skills 市场
61
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install aip-agent-guard
功能描述
Verify skill authorship, enforce capability manifests, and audit tool usage to secure and control your OpenClaw skills with identity and access management.
使用说明 (SKILL.md)
AIP Security Guard
Verify skill authors, enforce capability manifests, and audit tool calls. Adds identity and access control to your OpenClaw setup.
Setup
npm install -g aip-openclaw
Commands
- "verify skill [name]" -- check signature and manifest of an installed skill
- "show audit log" -- display recent tool call audit trail
- "security status" -- show which skills are signed, unsigned, or blocked
- "trust author [key]" -- add an author to your local trust list
How It Works
AIP Security Guard uses the Agent Identity Protocol (AIP) to verify skill authors via Ed25519 signatures and enforce capability manifests that declare what each skill is allowed to do.
Each skill can optionally include:
.aip-signature-- signed envelope proving the skill hasn't been tampered withaip-manifest.toml-- declaration of allowed MCP tools, network access, file access, shell, budget
The guard runs outside OpenClaw's trust boundary. All decisions are logged to an audit trail.
Links
安全使用建议
This skill is instruction-only and tells you to run 'npm install -g aip-openclaw' to get the enforcement tool. That action will download and run code from the npm registry with global privileges and could execute arbitrary scripts. Before installing or following these instructions: 1) Inspect the npm package source (use the provided GitHub link) and review its package.json and any postinstall scripts. 2) Verify the package author and releases (check npm owner/maintainer, commit history, and signed releases if available). 3) Prefer installing in an isolated environment (container, VM) or a non-global location (avoid -g) and do a local code audit. 4) Request the publisher to provide an install spec in the registry (with a pinned version and checksum) or include the needed code in the skill package. 5) If you cannot audit the package, do not run the global install on production hosts. These steps will reduce risk and help validate whether the tool is trustworthy.
功能分析
Type: OpenClaw Skill
Name: aip-agent-guard
Version: 0.1.0
The bundle contains metadata and documentation for 'AIP Security Guard', a tool designed to verify skill signatures and audit tool calls. The SKILL.md file provides instructions for the agent to perform security-related tasks (verification, auditing, and trust management) that align with the stated purpose. No executable code, suspicious network calls, or malicious prompt injections were found in the provided files (_meta.json, SKILL.md).
能力评估
Purpose & Capability
The stated purpose (verify skill authorship, enforce manifests, audit tool calls) aligns with the instructions (calls out an 'aip-openclaw' tool). However the registry contains no install spec or packaged code while the SKILL.md expects an external npm package to be installed, which is an inconsistency: if the skill needs that tool it should declare it in metadata or include code.
Instruction Scope
The SKILL.md instructs the agent/user to run 'npm install -g aip-openclaw' and then perform local actions (verify signatures, modify a local trust list, show/append to audit logs). Those instructions imply reading/writing local files and executing third-party code; the skill does not limit or give integrity checks for that external code and does not describe exactly which files or paths are used for trust/audit state.
Install Mechanism
No install spec is present in the registry, yet the instructions ask for a global npm install. Installing an arbitrary npm package globally can execute arbitrary code (postinstall scripts). The SKILL.md provides no package checksum, release URL, or pinned version; relying on the npm registry without verification is a moderate-to-high risk.
Credentials
The skill requests no environment variables, credentials, or privileged config paths in its metadata. The SKILL.md also does not ask for unrelated secrets. That said, the installed npm package would likely need filesystem access to manage trust lists and audit logs—reasonable for its purpose but not explicitly scoped.
Persistence & Privilege
always is false and model invocation is allowed (normal). The documented behavior (maintaining a local trust list and audit trail) implies persistent local state, which is consistent with the skill's goals, but the SKILL.md asks the user to install a global binary which increases system-wide impact.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install aip-agent-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/aip-agent-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: skill signing, capability manifests, runtime enforcement for OpenClaw
元数据
常见问题
AIP Agent Guard 是什么?
Verify skill authorship, enforce capability manifests, and audit tool usage to secure and control your OpenClaw skills with identity and access management. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 61 次。
如何安装 AIP Agent Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install aip-agent-guard」即可一键安装,无需额外配置。
AIP Agent Guard 是免费的吗?
是的,AIP Agent Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
AIP Agent Guard 支持哪些平台?
AIP Agent Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AIP Agent Guard?
由 sunilp(@sunilp)开发并维护,当前版本 v0.1.0。
推荐 Skills