← 返回 Skills 市场
OmniWire
作者
VoidChecksum
· GitHub ↗
· v3.5.0
· MIT-0
143
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install omniwire
功能描述
Infrastructure layer for AI agent swarms — 88 MCP tools for mesh control, A2A protocol, OmniMesh VPN, CyberSync, web scraping, firewall management, browser a...
安全使用建议
Do not let the agent automatically run the 'npm install -g' command or supply private SSH keys without review. Before installing: (1) inspect the omniwire npm package contents or the GitHub source and release signatures; (2) prefer installing manually under your control instead of letting the agent exec installation; (3) do not reuse personal SSH keys — create limited, purpose-built deploy keys on each target host and reference those; (4) confirm which native tools (aria2c, netcat, lz4) are required and install them deliberately; (5) verify how CyberSync/Postgres credentials are provided and where network ports will be exposed; (6) consider running the tool inside an isolated environment (VM/container) first and remove ~/.omniwire and any keys if you uninstall. If you want, share the npm package tarball or the GitHub release contents and I can point out specific lines that need special attention.
功能分析
Type: OpenClaw Skill
Name: omniwire
Version: 3.5.0
The 'omniwire' skill provides an exceptionally broad and high-risk feature set, including remote SSH execution across a mesh, VPN management, and browser automation. Most concerning are the 'CyberSync' tools, which specifically target and sync sensitive configuration and memory files from other AI agents (e.g., Claude Code, OpenClaw), and tools for extracting browser cookies (`omniwire_cookies`) and managing TOTP codes (`omniwire_2fa`). While these capabilities are framed as infrastructure management, the concentration of access to credentials, secrets, and remote systems across multiple nodes creates a massive attack surface and potential for abuse.
能力评估
Purpose & Capability
Name/description (mesh control, SSH-based management) aligns with requiring node and ssh. However, the skill's examples and setup expect access to users' private SSH identity files (~/.ssh/*), file-transfer tools (netcat, aria2c, lz4), and a PostgreSQL CyberSync backend — none of which are declared in metadata (no env creds, no extra required binaries). Asking for SSH identityFile entries implies the skill will read private keys, which is a sensitive capability that should be explicitly declared and justified.
Instruction Scope
SKILL.md explicitly tells the agent to run 'npm install -g omniwire@latest' via exec and to collect server details including SSH key filenames; it then instructs operations that read/write files across nodes, open local HTTP/WebSocket ports, and use transfers (SFTP, netcat, aria2c). The instructions do not clearly limit what the agent may read on disk (private keys) or transmit, and they assert 'No data leaves your network' while exposing REST/SSE/WebSocket transports — a possible contradiction and scope creep.
Install Mechanism
Install is via npm package 'omniwire@latest' (global install), which is a moderate-risk mechanism: packages come from the public registry and will drop executables on the host. The SKILL.md uses a live 'latest' install via agent exec (autonomous install). Additional native tools referenced (aria2c, netcat, lz4) are not included in the declared install spec, creating potential for implicit installs or runtime failures.
Credentials
No environment variables or primary credentials are declared, but the skill requires access to sensitive local artifacts (SSH private keys in ~/.ssh, an encrypted secret.key in ~/.omniwire, and a CyberSync Postgres host). The absence of declared DB credentials or other env setup is inconsistent with the runtime requirements; asking the user to point to private key files is a high-privilege request that should be explicitly called out and minimized (e.g., use dedicated deploy keys).
Persistence & Privilege
The skill creates persistent state (~/.omniwire), stores encrypted secrets and a mesh config, and exposes local network endpoints (REST/SSE/WebSocket). It does not set always:true, but autonomous invocation combined with stored credentials and SSH control increases blast radius — consider this high-impact persistence even if it's not flagged as always-enabled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install omniwire - 安装完成后,直接呼叫该 Skill 的名称或使用
/omniwire触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.5.0
Full OpenClaw + PaperClip integration. 88 MCP tools (was 30). Agent setup instructions. OmniMesh VPN, A2A, CyberSync, scraping, firewall, CDP browser, 2FA, COC sync.
v2.1.0
Initial release: 30 MCP tools, SSH2 mesh control, encrypted config sync, 1Password secrets, self-update. All architectures (x64, ARM, Apple Silicon).
元数据
常见问题
OmniWire 是什么?
Infrastructure layer for AI agent swarms — 88 MCP tools for mesh control, A2A protocol, OmniMesh VPN, CyberSync, web scraping, firewall management, browser a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 143 次。
如何安装 OmniWire?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install omniwire」即可一键安装,无需额外配置。
OmniWire 是免费的吗?
是的,OmniWire 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OmniWire 支持哪些平台?
OmniWire 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OmniWire?
由 VoidChecksum(@voidchecksum)开发并维护,当前版本 v3.5.0。
推荐 Skills