← 返回 Skills 市场

Anydef Enc

Name: Anydef Enc
Author: anydefai

作者 anydefai · GitHub ↗ · v2.1.1 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install anydef-enc

功能描述

Local-Only Agent Data Encryption. High-security MK->KEK->DEK hierarchy for local agent data.

使用说明 (SKILL.md)

anydef-enc: Local Security Toolkit

This skill provides mandatory encryption for OpenClaw agents. It operates in Local Manual Mode, meaning no external network requests are made, and encryption keys are derived from a user passphrase.

Key Hierarchy

Master Key (MK): Derived from your passphrase using PBKDF2 (100,000 iterations).
- Persistence: A unique "Salt" is stored in your environment. As long as you remember your passphrase, the same Master Key will be generated across reboots.
Key Encryption Key (KEK): Generated randomly and encrypted by your MK. Stored in window.storage.
Data Encryption Keys (DEKs): Scoped keys (e.g., memory, assets) encrypted by the KEK and stored in window.storage.

Security Disclosure

Zero Network: This skill does NOT perform any external network requests. All crypto operations happen via standard Web APIs in your browser.
No Cleartext Keys: Keys are never stored in cleartext. They are always "wrapped" (encrypted) by a higher-level key.
Passphrase Obligation: You must provide your passphrase to "unlock" the vault after هر reboot or session expiry. If you forget your passphrase, existing encrypted data is lost forever.

Selective Encryption

Configure which scopes to protect in your settings:

history: Conversation logs.
memory: Agent's semantic memory.
assets: All uploaded files.

Usage

import { EncryptionService } from './encryption-service.js';

// Unlock once per session
await EncryptionService.unlock('your-passphrase');

// Use throughout the session
const secretData = await EncryptionService.encrypt('memory', 'Sensitive intelligence...');

安全使用建议

This appears to be an internally consistent local encryption toolkit, but check these before installing: - Confirm what window.storage maps to in your OpenClaw environment: is it per-agent local-only storage or can it be read by other agents or synced to cloud backups? If it's shared/synced, the "zero network" and privacy claims are weakened. - Note the irreversible nature: if you lose the passphrase you will permanently lose access to encrypted data. Plan passphrase management/backups accordingly. - Verify the storage key naming and isolation policy on the platform so the skill cannot unintentionally access unrelated keys/data. - If you plan to store sensitive API keys in this vault, ensure you understand how those encrypted blobs are backed up or exported by the platform. - The docs/text have a small inconsistency about where Salt is stored—confirm documentation vs implementation alignment. If uncertain, have a reviewer with knowledge of your agent host confirm window.storage behavior and that no background sync or telemetry will leak vault data.

功能分析

Type: OpenClaw Skill Name: anydef-enc Version: 2.1.1 The anydef-enc skill is a legitimate local encryption toolkit that implements a standard cryptographic hierarchy (MK->KEK->DEK) using the Web Crypto API (AES-GCM and PBKDF2). The code in encryption-service.js and migration-helper.js is well-structured, lacks any network-reaching calls, and strictly adheres to the stated purpose of providing zero-knowledge local data protection. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found.

能力标签

crypto

能力评估

ℹ Purpose & Capability

The name/description (local agent data encryption using MK->KEK->DEK) matches the included code and docs. Minor inconsistency: SKILL.md at one point says the Salt is stored "in your environment," but the implementation stores the Salt in window.storage. This is plausibly a documentation mismatch rather than malicious behavior, but you should confirm what "environment" means in your deployment.

ℹ Instruction Scope

Runtime instructions are narrowly scoped: derive MK from passphrase, manage KEK/DEKs, encrypt/decrypt scoped data. The code only reads/writes named keys in window.storage (prefixed with enc-...), and it does not perform network calls. Note: this relies on the platform's window.storage being a local, agent-scoped store — if that storage is global/shared or synced off-device, the "zero network" guarantee is weakened.

✓ Install Mechanism

No install spec or remote downloads; the skill is instruction/code-only and does not pull external artifacts at runtime. That keeps the install risk low.

ℹ Credentials

The skill requests no environment variables or credentials and doesn't attempt to access external secrets. It does include support for encrypting 'api-keys' in its storage model, which is reasonable for a local vault. Confirm that storing encrypted API keys in window.storage meets your threat model and that the storage is isolated and not backed up or synced to external services.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It persistently stores Salt, wrapped KEK, and wrapped DEKs in window.storage (expected for a vault). It does not modify other skills' configs or request system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install anydef-enc
安装完成后，直接呼叫该 Skill 的名称或使用 /anydef-enc 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.1.1

- Added a README.md file to enhance project documentation. - Updated metadata.json to reflect current skill details. - No changes to core functionality or APIs.

v2.1.0

anydef-enc v2.1.0 - New local-only encryption toolkit with clear separation of Master Key (passphrase-derived), KEK, and scope-based DEKs. - AES encryption and all crypto operations are handled via browser-native Web APIs, guaranteeing zero network access. - Storage key structure and naming conventions updated for simplicity. - Configuration for which agent scopes to encrypt (e.g., `memory`, `assets`, `history`). - Added `encryption-service.js` as the new central encryption API module. - Internal documentation streamlined and refocused for easier integration and security transparency.

v1.0.4

openclaw-encryption 1.0.4 - Introduces a browser-native encryption package for protecting critical Agent data, leveraging `window.crypto.subtle` and `window.storage` only. - Implements a three-layer key hierarchy (Master Password → KEK → DEKs) for strong, per-agent, and scope-based data encryption. - Enables AES-256-GCM encryption for files, in-memory data, sessions, and tool results, with individual key management for each scope. - Adds support for key rotation, audit logging, multiple master key sources (manual, AWS KMS, GCP KMS, 1Password), and backward compatibility for plaintext data. - Fully enforces local-only computation with no network requests, suitable for secure browser-based artifact environments.

元数据

Slug anydef-enc

版本 2.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Anydef Enc 是什么？

Local-Only Agent Data Encryption. High-security MK->KEK->DEK hierarchy for local agent data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 91 次。

如何安装 Anydef Enc？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install anydef-enc」即可一键安装，无需额外配置。

Anydef Enc 是免费的吗？

是的，Anydef Enc 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Anydef Enc 支持哪些平台？

Anydef Enc 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Anydef Enc？

由 anydefai（@anydefai）开发并维护，当前版本 v2.1.1。