Niftyagents

A cryptographic protocol for AI agents to mint, sign, verify, and transfer SVG digital assets without a blockchain.

This skill appears to implement what it says: a non-blockchain SVG signing/transfer protocol. Before installing or running code: 1) Review/limit where you run the included server (it's a local verification endpoint; don't expose it to untrusted networks). 2) Treat secretKey material carefully — the simulation writes Base64 secret keys to vault.json; for production use, replace that with an encrypted vault or OS-managed key store. 3) If you plan to npm install and run tests, audit the package.json dependencies (tweetnacl, svgo, express are expected) and run tests in an isolated environment. 4) The SKILL.md contains full source and embedded base64 manifests (the pre-scan flagged this); that's expected here but review any Base64 content before using in sensitive contexts. If you want higher assurance, ask the author for a reproducible build, or run the test suite inside an isolated container and inspect vault.json handling.

Type: OpenClaw Skill Name: nifty-agents-protocol Version: 1.0.3 The bundle implements the Nifty Agent SVG Protocol (NASP), a cryptographic system for signing and verifying SVG assets using Ed25519 signatures and SHA-256 hashing. The implementation in `index.ts` includes proactive security measures such as a `safeJsonParse` function to mitigate Prototype Pollution attacks. Key management in `simulation/vault.ts` follows best practices by setting restrictive file permissions (0o600). The documentation and instructions in `SKILL.md` are strictly aligned with the stated purpose of asset provenance and lack any indicators of prompt injection, data exfiltration, or unauthorized execution.