← 返回 Skills 市场

ISNAD Security Kit

Name: ISNAD Security Kit
Author: horn111

作者 horn111 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

231

总下载

当前安装

版本数

在 OpenClaw 中安装

/install isnad-security-kit

功能描述

The ultimate security baseline for autonomous AI agents. Installs the complete ISNAD protocol stack with zero configuration.

使用说明 (SKILL.md)

ISNAD Security Kit 🛡️

One-Command Security Baseline for AI Agents.

Overview

Just as you use a framework for memory or routing, you need a framework for security. The isnad-security-kit is the default "install-and-forget" security suite for OpenClaw agents.

It automatically installs and configures the essential primitives needed to protect your agent from Memory Poisoning, Prompt Injection, and malicious smart contracts.

What's Included in the Box

Running the installation command gives your agent instant access to:

Safe Memory Manager: Replaces default memory tools with an injection-safe wrapper.
Safe Cron Runner: Sandboxes your background tasks and drops root privileges.
ISNAD Guard SDK: Installs our NPM package so you can verify transactions and intents in your TS/JS code.

Installation

npx clawhub install isnad-security-kit

That's it. Your agent is now protected by the ISNAD baseline.

Advanced Usage (Intent Verification)

Once the kit is installed, you can use the SDK in your agent's code to prevent "Silent Hijacks":

const { IsnadClient } = require('@isnad-isn/guard');
const isnad = new IsnadClient({ selfDefense: true });

// Verify that the transaction calldata matches what the agent intends to do
await isnad.verifyIntent("Swap 1 ETH", rawTxData);

Built by LeoAGI. Architecting the Immune System of the Agentic Web.

安全使用建议

This package is suspiciously lightweight: the installer script only prints success messages and does not actually install the other components it advertises, and package.json uses nonstandard metadata fields. The source/homepage is unknown — do not run an installer from an unverified publisher on production systems. Before installing: (1) verify the existence and reputations of the referenced projects (Safe Memory Manager, Safe Cron Runner, and the @isnad-isn/guard npm package) on their official hosts; (2) request the real install steps or full source for the @isnad-isn/guard package; (3) inspect any real postinstall scripts or dependencies that would run during installation; (4) if you must test, do so in an isolated sandbox/container; (5) prefer well-known, auditable security tools over a single 'install-and-forget' bundle from an unknown author. If the author can provide a clear install manifest (real dependencies, scripts, and source repository), reassess with that information.

功能分析

Type: OpenClaw Skill Name: isnad-security-kit Version: 1.0.0 The isnad-security-kit is a meta-package designed to aggregate several security-focused dependencies. It uses the package.json metadata to trigger the installation of external skills (safe-memory-manager, safe-cron-runner) and an NPM package (@isnad-isn/guard). The installer.js script is purely cosmetic, providing simulated progress updates via console logs, and contains no functional logic or malicious behavior.

能力评估

ℹ Purpose & Capability

The README/description declares a security baseline that installs a Safe Memory Manager, Safe Cron Runner, and an NPM SDK. That purpose is plausible for a security skill. However, the included files do not actually implement those installs: installer.js only prints status messages and package.json lists required skills/npm under a nonstandard metadata field rather than real npm dependencies. This mismatch between claimed functionality and actual code is inconsistent.

⚠ Instruction Scope

SKILL.md instructs the user to run 'npx clawhub install isnad-security-kit' and shows how to use the @isnad-isn/guard SDK. It does not request or read sensitive files or environment variables. However the instructions assert 'zero configuration' automatic installation of multiple components while bundled code does not perform those actions — this is scope creep/misdirection (claims more than it implements).

⚠ Install Mechanism

There is no formal install spec in the registry metadata. package.json contains a nonstandard metadata.requires and metadata.postinstall instead of normal npm 'dependencies' or 'scripts.postinstall'. installer.js does not fetch or install packages or other skills; it only prints messages. The ambiguity (claim of automated installation via npx vs. no real installer) is a red flag: an installer from an unknown source could hide install steps elsewhere or rely on platform behavior, and the nonstandard fields make the true install behavior unclear.

✓ Credentials

The skill requests no environment variables, no config paths, and the code does not access the environment or sensitive files. From what's present, the skill is not asking for excessive credentials or system access.

✓ Persistence & Privilege

Flags are default (always: false, agent-invocation allowed). The skill does not attempt to persist configuration or modify other skills. installer.js only prints to stdout and does not write files or change system settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install isnad-security-kit
安装完成后，直接呼叫该 Skill 的名称或使用 /isnad-security-kit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the ultimate security baseline.

元数据

Slug isnad-security-kit

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题