← 返回 Skills 市场
dgershman

Corveil

作者 Danny Gershman · GitHub ↗ · v1.0.5-20260325 · MIT-0
cross-platform ⚠ suspicious
114
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install corveil
功能描述
Corveil is an organizational intelligence platform that captures AI activity (coding sessions, meetings, chats), produces insights and recommendations, and b...
使用说明 (SKILL.md)

Corveil Dev

Corveil is an organizational intelligence platform. It captures AI activity from coding sessions, meetings, and chatbots — then produces insights, recommendations, user profiles, and knowledge graphs. Under the hood it acts as a zero-trust AI gateway: proxying LLM requests with authentication, spend tracking, guardrails, and plugin support.

This skill starts Corveil in dev mode and connects OpenClaw or Claude Code to route AI requests through it locally. All requests are fully logged, tracked, and subject to guardrails as they flow through Corveil.

What You'll Need

  • Corveil binary — installed via GitHub Releases or the install script (see below)
  • An upstream provider API key — OpenRouter (sk-or-v1-...) for multi-model access, or Anthropic (sk-ant-...) for direct Anthropic access. Use a dev/test key, not production credentials
  • OpenClaw (optional) — only needed for passthrough routing; Claude Code can connect directly

A Corveil dev API key (sk-citadel-...) is created automatically via the API in Step 2 below — no manual setup required.

When to Run

  • Setting up a local Corveil development environment
  • Testing Corveil passthrough or direct mode with Claude Code
  • Developing or testing Corveil plugins, guardrails, or spend tracking
  • Demoing Corveil locally

Workflow

1. Install Corveil

Option A: GitHub Releases (recommended)

Download a signed binary from GitHub Releases. Binaries are available for macOS, Linux, and Windows (ARM64 and AMD64). Verify the download with the published checksums.

# Example: macOS ARM64 (Apple Silicon)
curl -LO https://github.com/radiusmethod/corveil-releases/releases/latest/download/corveil-darwin-arm64
chmod +x corveil-darwin-arm64
mv corveil-darwin-arm64 /usr/local/bin/corveil
corveil --version  # verify the installed binary

Option B: Install script

# Inspect the script before running:
curl -sSL https://corveil.com/install.sh -o install.sh
less install.sh   # review contents
sh install.sh

2. Start Corveil and Create an API Key

# Start in dev mode with your provider key:
corveil --dev --openrouter-api-key sk-or-v1-...
# Or with Anthropic directly:
corveil --dev --anthropic-api-key sk-ant-...

Corveil starts on localhost:8000 (bound to localhost only — not exposed to the network) with:

  • Ephemeral SQLite database (zero config, local-only)
  • Dev login enabled (no SSO/JWT setup)
  • Dashboard at http://localhost:8000

Then create an API key via the API — no need to open the dashboard:

# Log in as the dev user (stores session cookie)
curl -s -c /tmp/corveil-cookies -X POST http://localhost:8000/auth/dev-login

# Create an API key and extract the plaintext key
CORVEIL_KEY=$(curl -s -b /tmp/corveil-cookies -X POST http://localhost:8000/api/keys \
  -H 'Content-Type: application/json' \
  -d '{"name":"dev-key"}' | jq -r '.key')

echo "Your Corveil API key: $CORVEIL_KEY"

3a. Connect OpenClaw (Passthrough Mode)

Passthrough routes your own Anthropic credentials through Corveil for tracking and guardrails, while your API key authenticates directly with Anthropic.

openclaw config set models.providers.anthropic '{
  "baseUrl": "http://localhost:8000",
  "api": "anthropic-messages",
  "headers": {
    "x-citadel-api-key": "'"$CORVEIL_KEY"'"
  },
  "models": [
    {
      "id": "claude-sonnet-4-6",
      "name": "Claude Sonnet 4.6",
      "reasoning": true,
      "input": ["text", "image"],
      "cost": { "input": 0, "output": 0, "cacheRead": 0, "cacheWrite": 0 },
      "contextWindow": 200000,
      "maxTokens": 16384
    }
  ]
}'

Costs are set to 0 because Corveil tracks spend on its side.

Your existing Anthropic API key (configured in OpenClaw) flows through to Anthropic. The x-citadel-api-key header authenticates with Corveil for logging, guardrails, and spend tracking.

3b. Connect Claude Code Directly (No OpenClaw)

Direct Mode

Corveil uses its own provider credentials to fulfill requests:

export ANTHROPIC_BASE_URL="http://localhost:8000"
export ANTHROPIC_API_KEY="$CORVEIL_KEY"

Or in .claude/settings.json:

{
  "env": {
    "ANTHROPIC_BASE_URL": "http://localhost:8000",
    "ANTHROPIC_API_KEY": "\x3Cyour-corveil-key>"
  }
}

Passthrough Mode

Your own Anthropic credentials flow through to Anthropic:

export ANTHROPIC_BASE_URL="http://localhost:8000"
export ANTHROPIC_CUSTOM_HEADERS="x-citadel-api-key: $CORVEIL_KEY"

Or in .claude/settings.json:

{
  "env": {
    "ANTHROPIC_BASE_URL": "http://localhost:8000",
    "ANTHROPIC_CUSTOM_HEADERS": "x-citadel-api-key: \x3Cyour-corveil-key>"
  }
}

4. Verify the Connection

# Check Corveil is running
curl http://localhost:8000/health

# Check recent logs
corveil logs --tail 5

Then send any request through Claude Code or OpenClaw. If it responds, requests are flowing through Corveil. Confirm in the dashboard at http://localhost:8000.

Security Notes

  • Localhost only: Dev mode binds to localhost:8000 — not exposed to the network. Only local processes can reach it.
  • Ephemeral database: Dev mode uses SQLite stored locally. API keys and logs exist only on your machine and are disposable.
  • Passthrough transparency: In passthrough mode, your provider API key flows through the local proxy and is forwarded directly to the upstream provider. Corveil does not store your provider credentials — they are only held in memory for the duration of the request.
  • Use dev/test keys: Use non-production API keys for your upstream provider (OpenRouter, Anthropic). Rotate them after testing if needed.
  • Install verification: Download from GitHub Releases with published checksums. Run corveil --version to verify.

Important Rules

Passthrough Requires the x-citadel-api-key Header

Only Claude Code (via ANTHROPIC_CUSTOM_HEADERS) and OpenClaw (via headers config) support custom headers for passthrough mode. Other tools (Cursor, aichat, Codex CLI) only support direct mode.

Costs Should Be Zero in OpenClaw Config

When routing through Corveil, set model costs to 0 in OpenClaw since Corveil handles spend tracking.

All Requests Are Logged

Every request flowing through Corveil is logged with full request/response capture, spend tracking, and guardrail enforcement — regardless of direct or passthrough mode.

Reference

安全使用建议
This skill appears to actually do what it says (run a local Corveil dev proxy), but take precautions: 1) Prefer downloading the signed binary from the referenced GitHub Releases and verify checksums/signatures rather than running remote install scripts; if you must inspect the install script first, open it and review its contents before executing. 2) Do NOT use production provider API keys — use a dev/test key as the doc recommends, because passthrough mode will cause Corveil to see/record request contents. 3) Because the SKILL.md contains unicode control characters (a prompt-injection signal), inspect the file and the installer for any hidden/injected content. 4) Run the binary in an isolated environment (local VM/container) if you are not able to fully validate the release. 5) If you need higher assurance, obtain the project sources/releases from a verified upstream (official GitHub repo) and verify signatures or build from source before installing.
功能分析
Type: OpenClaw Skill Name: corveil Version: 1.0.5-20260325 The skill installs a local proxy designed to intercept and log all AI activity by routing OpenClaw or Claude Code traffic through a binary downloaded from GitHub (radiusmethod/corveil-releases) or an install script (corveil.com/install.sh). It requires users to provide sensitive upstream API keys (Anthropic/OpenRouter) as command-line arguments and modifies tool configurations to redirect all LLM traffic to localhost:8000. While these actions align with the stated purpose of 'organizational intelligence,' the interception of all developer AI interactions and the use of risky installation patterns represent a significant security risk.
能力评估
Purpose & Capability
The skill's name and description (run Corveil in dev mode and route OpenClaw/Claude Code through it) match the runtime instructions: downloading/starting a local corveil binary and configuring local clients to point at http://localhost:8000.
Instruction Scope
Instructions include starting a local proxy that logs and tracks all AI requests (expected) and tell the user how to create local API keys. However the SKILL.md contained prompt-injection indicators (unicode control characters) in the file — this is unnecessary for the documented workflow and could be an attempt to manipulate LLM-based processing of the doc. The instructions also encourage exporting provider API keys that will be proxied (so Corveil will see request contents) — the doc warns to use dev/test keys, which you should heed.
Install Mechanism
There is no packaged install spec in the registry (instruction-only). The docs recommend downloads from GitHub Releases (reasonable) but also suggest an install script at https://corveil.com/install.sh; downloading/executing an arbitrary script from a project domain is higher risk. The doc does advise inspecting the script before running it, which is good practice.
Credentials
The instructions require an upstream provider API key (OpenRouter or Anthropic) which is coherent with a proxy that forwards requests. No unrelated credentials or config paths are requested. The guidance to use dev/test keys is appropriate and should be followed.
Persistence & Privilege
The skill is instruction-only, has no install spec and does not request persistent inclusion or modify other skills. Registry flags are default (not always:true). Running the described corveil binary may install itself to /usr/local/bin if you follow their example, which requires care, but that is typical installer behavior.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install corveil
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /corveil 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5-20260325
Updated SKILL.md documentation
v1.0.20260325
Updated SKILL.md documentation
元数据
Slug corveil
版本 1.0.5-20260325
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Corveil 是什么?

Corveil is an organizational intelligence platform that captures AI activity (coding sessions, meetings, chats), produces insights and recommendations, and b... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 114 次。

如何安装 Corveil?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install corveil」即可一键安装,无需额外配置。

Corveil 是免费的吗?

是的,Corveil 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Corveil 支持哪些平台?

Corveil 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Corveil?

由 Danny Gershman(@dgershman)开发并维护,当前版本 v1.0.5-20260325。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论