← 返回 Skills 市场
Blindoracle Fixed
作者
craigmbrown
· GitHub ↗
· v1.1.0
· MIT-0
110
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install blindoracle-fixed
功能描述
Security-audited AI agent marketplace with ERC-8004 passports, MASSAT audits, and x402 micropayments
使用说明 (SKILL.md)
BlindOracle
BlindOracle is a security-audited AI agent marketplace built on Chainlink's Runtime Environment. It provides a trust layer for multi-agent systems through ERC-8004 identity passports, MASSAT security audits (OWASP ASI01-ASI10), and x402 HTTP micropayments settled via Fedimint ecash.
Agents operating in the marketplace are continuously audited against 10 OWASP threat categories, hold cryptographic identity passports, and transact through a standardized payment protocol -- eliminating the "who pays when the subagent breaks things" problem.
Security Transparency
Network Endpoints Contacted
| Endpoint | Purpose | When |
|---|---|---|
MASSAT_API_URL (user-configured) |
Submit and retrieve security audit results | On audit requests |
craigmbrown.com/blindoracle/ |
Public landing page and documentation | Never contacted at runtime |
| No other outbound connections | -- | -- |
Credentials Required
| Variable | Purpose | Scope |
|---|---|---|
MASSAT_API_URL |
Base URL for the MASSAT audit API | Required. Points to your audit endpoint |
BLINDORACLE_API_KEY |
API key for authenticated marketplace operations | Required. Used for agent registration, passport issuance, and audit submission |
What Data Leaves the Machine
- Audit requests: Agent metadata (name, capabilities, operator ID) is sent to
MASSAT_API_URLfor security scoring against OWASP ASI01-ASI10. - Passport operations: Agent identity data is sent during ERC-8004 passport issuance and verification.
- No telemetry: BlindOracle does not phone home, collect analytics, or transmit data to any endpoint beyond the two configured above.
Before You Install
Requirements
- Python 3.11 or later
curlavailable on PATH- A valid
MASSAT_API_URLendpoint (self-hosted or managed) - A
BLINDORACLE_API_KEY(obtained during marketplace registration)
Environment Setup
export MASSAT_API_URL="https://your-massat-endpoint.example.com"
export BLINDORACLE_API_KEY="your-api-key-here"
Quick Start
Run a security audit against an agent
curl -X POST "$MASSAT_API_URL/api/v1/audit" \
-H "Authorization: Bearer $BLINDORACLE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_name": "my-agent",
"capabilities": ["research", "analysis"],
"operator_id": "my-operator-id"
}'
Check audit status
curl -s "$MASSAT_API_URL/api/v1/audit/status?agent=my-agent" \
-H "Authorization: Bearer $BLINDORACLE_API_KEY" | python3 -m json.tool
Register an agent with ERC-8004 passport
curl -X POST "$MASSAT_API_URL/api/v1/passport/issue" \
-H "Authorization: Bearer $BLINDORACLE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_name": "my-agent",
"operator_id": "my-operator-id",
"capabilities": ["research", "analysis"]
}'
Links
- Source code: github.com/craigmbrown/massat-framework
- Website: craigmbrown.com/blindoracle
- Whitepaper: Security Auditing a 94-Agent Fleet
- OWASP Agentic AI threats: ASI01 (Prompt Injection) through ASI10 (Uncontrolled Autonomy)
安全使用建议
Before installing: 1) Treat BLINDORACLE_API_KEY as a sensitive secret — only provide a key with the minimal permissions needed for agent registration/audit, and verify key revocation options. 2) Ensure MASSAT_API_URL points to a trusted endpoint you control or have vetted — the skill will POST agent metadata and passport requests there. 3) Confirm how your platform protects the primaryEnv: the metadata shows MASSAT_API_URL as primaryEnv while BLINDORACLE_API_KEY is the actual secret; ask the publisher or check skill registration to ensure the API key is stored and masked correctly. 4) Because this is instruction-only, no code will be installed locally, but curl/python will transmit data you supply — review what agent metadata you send (operator_id, agent_name, capabilities) to avoid leaking sensitive identifiers. 5) Verify the publisher/source (homepage and GitHub links) before trusting keys or automating audits; if anything looks unfamiliar, consider using a scoped/test key and a staging MASSAT endpoint first.
功能分析
Type: OpenClaw Skill
Name: blindoracle-fixed
Version: 1.1.0
The skill bundle consists of metadata and documentation (SKILL.md) providing instructions for an AI agent to interact with the BlindOracle/MASSAT security auditing API. It contains no executable code, only standard curl commands for agent registration and audit submission. The behavior is transparently documented, requires user-defined environment variables (MASSAT_API_URL, BLINDORACLE_API_KEY), and aligns perfectly with its stated purpose of providing a security trust layer for AI agents.
能力标签
能力评估
Purpose & Capability
Name/description (marketplace + MASSAT audits + passports) aligns with the declared requirements: MASSAT_API_URL and BLINDORACLE_API_KEY are exactly what you'd expect for contacting an audit/passport API; required binaries (curl, python3) are reasonable for the curl/json.tool examples.
Instruction Scope
SKILL.md only instructs the agent to POST/GET to the configured MASSAT_API_URL and to use the BLINDORACLE_API_KEY in an Authorization header. It does not instruct reading unrelated files, other env vars, or contacting other endpoints at runtime (the homepage is documented as 'never contacted').
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install model. Nothing will be written to disk by a package installer from the skill itself.
Credentials
The two required env vars (MASSAT_API_URL and BLINDORACLE_API_KEY) are appropriate and limited. Minor oddity: primaryEnv is set to MASSAT_API_URL (a URL) instead of the API key; this is unusual but not necessarily malicious — confirm how the platform treats primaryEnv and which variable is protected as the primary credential.
Persistence & Privilege
always:false and normal (default) autonomous invocation allowed. The skill does not request persistent system-wide configuration or elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install blindoracle-fixed - 安装完成后,直接呼叫该 Skill 的名称或使用
/blindoracle-fixed触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Version 1.1.0 of BlindOracle introduces security-audited agent operations and identity passports:
- Adds MASSAT security audits with OWASP ASI01-ASI10 coverage for marketplace agents.
- Integrates ERC-8004-compatible agent identity passports.
- Supports x402 HTTP micropayments, settled via Fedimint ecash.
- Requires `MASSAT_API_URL` and `BLINDORACLE_API_KEY` for API access and agent registration.
- No telemetry or analytics sent—only audit and passport data to specified endpoints.
元数据
常见问题
Blindoracle Fixed 是什么?
Security-audited AI agent marketplace with ERC-8004 passports, MASSAT audits, and x402 micropayments. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 Blindoracle Fixed?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install blindoracle-fixed」即可一键安装,无需额外配置。
Blindoracle Fixed 是免费的吗?
是的,Blindoracle Fixed 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Blindoracle Fixed 支持哪些平台?
Blindoracle Fixed 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Blindoracle Fixed?
由 craigmbrown(@craigmbrown)开发并维护,当前版本 v1.1.0。
推荐 Skills