← 返回 Skills 市场

AIP Security Guard

Name: AIP Security Guard
Author: sunilp

作者 sunilp · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install aip-security-guard

功能描述

Verify skill authorship, enforce declared permissions, and audit tool usage to secure OpenClaw environments using Agent Identity Protocol.

使用说明 (SKILL.md)

AIP Security Guard

Verify skill authors, enforce capability manifests, and audit tool calls. Adds identity and access control to your OpenClaw setup.

Setup

npm install -g aip-openclaw

Commands

"verify skill [name]" -- check signature and manifest of an installed skill
"show audit log" -- display recent tool call audit trail
"security status" -- show which skills are signed, unsigned, or blocked
"trust author [key]" -- add an author to your local trust list

How It Works

AIP Security Guard uses the Agent Identity Protocol (AIP) to verify skill authors via Ed25519 signatures and enforce capability manifests that declare what each skill is allowed to do.

Each skill can optionally include:

.aip-signature -- signed envelope proving the skill hasn't been tampered with
aip-manifest.toml -- declaration of allowed MCP tools, network access, file access, shell, budget

The guard runs outside OpenClaw's trust boundary. All decisions are logged to an audit trail.

Links

安全使用建议

Before installing or using this skill: (1) treat the `npm install -g aip-openclaw` step as installing arbitrary code — review the npm package and its source repo (the GitHub link) and prefer pinned releases or integrity hashes; (2) confirm what filesystem paths the tool will read/write (skill directories, trust lists, audit logs) and whether that level of access is acceptable; (3) prefer running the tool in a sandbox or container rather than as a global install; (4) ask the author/registry maintainer to add an explicit install spec, required binaries (npm/node), and declared permissions in the metadata so you can evaluate least-privilege requirements; (5) if you cannot validate the package provenance and contents, decline installation or test it in an isolated environment.

功能分析

Type: OpenClaw Skill Name: aip-security-guard Version: 0.1.0 The skill is classified as suspicious due to deceptive documentation and high-risk installation instructions in SKILL.md. It references a fake Arxiv paper (ID 2603.24775, implying a 2026 publication date) and directs the agent to install a global NPM package (aip-openclaw) from an unverified source. The use of a future-dated academic reference and the promotion of unverified external software to 'secure' the system are classic indicators of social engineering or a potential supply chain attack, although no explicitly malicious code is present in the provided files.

能力评估

ℹ Purpose & Capability

The declared purpose — verifying skill signatures and enforcing manifests — matches the SKILL.md description. However, the skill's metadata lists no install, binaries, or required env vars, while the runtime instructions explicitly require installing an external tool (npm package) to perform that work. The install instruction logically belongs to the purpose but is not reflected in the registry metadata.

⚠ Instruction Scope

SKILL.md instructs the user/agent to run `npm install -g aip-openclaw` and to manage a local trust list and audit logs. This implies filesystem write/read access, ability to run shell commands, and network access to npm/GitHub — none of which are declared. The instructions do not limit or specify exact files/paths to be read/written, nor do they provide safety checks for the external package.

⚠ Install Mechanism

There is no install spec in the registry entry but SKILL.md tells users to install a global npm package. Installing a global npm package downloads and executes third-party code (moderate-to-high risk) and the SKILL.md does not pin versions, provide integrity hashes, or justify why a privileged/global install is necessary.

⚠ Credentials

The skill declares no required env vars or config paths, yet its functionality (verifying installed skills, maintaining a trust list, logging audits) necessarily requires filesystem access and likely network access for key lookups. The lack of declared privileges/requirements is disproportionate to the described runtime behavior.

ℹ Persistence & Privilege

The skill is not always-enabled and does not request persistent platform privileges in the registry metadata (good). It can be invoked autonomously (default), which increases blast radius if the installed npm package is malicious — but autonomous invocation alone is not unusual and is not enough to mark it malicious.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install aip-security-guard
安装完成后，直接呼叫该 Skill 的名称或使用 /aip-security-guard 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release: skill signing, capability manifests, runtime enforcement for OpenClaw

元数据

Slug aip-security-guard

版本 0.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题