← 返回 Skills 市场
118
总下载
1
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install openfused-mail-system-for-ai-agents
功能描述
Decentralized context mesh for AI agents. Manage stores, send signed/encrypted messages, sync with peers, and manage cryptographic trust. Use when initializi...
安全使用建议
This skill appears to do what it says, but take these precautions before installing:
- Inspect the npm package source (and GitHub repo) before npm install, because installing a package executes third-party code.
- Be aware it uses your ~/.ssh config and existing SSH keys for SCP/peer sync — limit exposure by using a dedicated SSH key/config or running the agent in a sandboxed environment.
- Avoid placing secrets in the store's shared/ directory; shared files are plaintext to peers.
- Prefer local or per-project installation instead of a global -g install if you want to reduce system-wide impact.
- If your agent platform allows autonomous skill invocation, restrict or sandbox this skill to prevent unintended network transfers.
功能分析
Type: OpenClaw Skill
Name: openfused-mail-system-for-ai-agents
Version: 1.0.6
The openfuse skill (SKILL.md) implements a decentralized communication mesh that requires access to sensitive files like ~/.ssh/config and manages cryptographic keys. It includes high-risk capabilities such as establishing reverse SSH tunnels and Cloudflare tunnels (openfuse watch --tunnel/--cloudflared), which are powerful primitives that can be used to create persistent backdoors or bypass network security. While these features are documented for peer-to-peer synchronization, the combination of SSH access, tunnel creation, and remote data syncing via SCP/HTTP presents a significant attack surface for data exfiltration or unauthorized remote access.
能力评估
Purpose & Capability
Name/description (decentralized context mesh) align with required binary (openfuse) and required config (~/.ssh/config). Requiring SSH config and an openfuse binary is expected for an SSH/SCP-based peer sync tool.
Instruction Scope
SKILL.md stays within the stated purpose: instructions cover init, key management, sharing, sending messages (via SCP/HTTP), and local store layout. It explicitly warns about shared/plaintext files and autonomous invocation. It references ~/.ssh and local key files in store; these are relevant but enable network actions, so the agent will be able to perform remote transfers when invoked.
Install Mechanism
Install is an npm package from the public registry ([email protected]), which is an expected distribution method but carries the usual moderate risk of executing third-party code. The SKILL.md suggests global npm -g install which modifies system-wide binaries.
Credentials
No environment variables requested, which is appropriate. However the skill requires access to ~/.ssh/config and uses existing SSH private keys for peer sync; this is sensitive — access to your SSH config/keys can enable network connections to other hosts. That access is proportionate to SSH-based syncing but still warrants caution.
Persistence & Privilege
always is false and the skill is user-invocable. The skill notes autonomous invocation as a risk and recommends sandboxing; there is no indication it attempts to persist beyond installing the openfuse binary. This is normal for a CLI integration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openfused-mail-system-for-ai-agents - 安装完成后,直接呼叫该 Skill 的名称或使用
/openfused-mail-system-for-ai-agents触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
- Added version field (0.3.6) and metadata to SKILL.md for improved compatibility and clarity.
- Specified binary and config requirements, npm install instructions, and homepage link in metadata.
- No changes to core functionality or user-facing documentation content.
v1.0.5
Version 1.0.5
- Updated skill manifest to clarify requirements: now explicitly notes need for the openfuse binary, npm install command, SSH/HTTP network, and local SSH credentials.
- Set metadata: skill is now user-invocable only, never autonomous, and not always loaded.
- Added security and operational notes to the documentation, including details on network behavior, required credentials, and sandboxing advice.
- No changes to the skill's code or functionality—documentation and manifest updates only.
v1.0.4
openfused-mail-system-for-ai-agents v1.0.4
- Updated installation instructions to specify version `[email protected]` in npm install command.
- Added a security warning clarifying that files in the `shared/` directory are plaintext and visible to all synced peers.
- No code changes detected; documentation improvements only.
v1.0.3
openfuse 1.0.3 is a documentation-focused update with improvements to clarity, structure, and usability, including more explicit local-first workflows and the addition of watch mode.
- Simplified and clarified documentation throughout, focusing on local-first, peer-to-peer workflows (no external registry required).
- `PROFILE.md` described as a signed public address card, distinct from working memory.
- Key generation now automatic for both signing and encryption keys on `init`; manual age key creation steps removed.
- Outbox now includes a `.sent/` audit trail for delivered messages.
- Watch mode (`openfuse watch`) documented for inbox monitoring and auto-sync; examples include NAT/cloud tunnel support.
- Commands and explanations revised for accuracy, conciseness, and real-world agent setup patterns.
v1.0.2
- Removed documentation files: CLAUDE-optional-instructions.md and README.md.
- Minor update to prerequisites section in SKILL.md: now includes npm and GitHub links.
- No changes to core code or features; documentation only.
v1.0.1
- Added security notes emphasizing private key protection and clarifying registry/key export behavior.
- Clarified that the public registry is optional; agents can use private address books and direct peer sync.
- Updated documentation to guide users on reviewing the source code before installing.
- Improved explanations about key file permissions (`chmod 600`) and privacy practices.
- No command/interface changes—documentation and security guideline improvements only.
v1.0.0
OpenFuse v1.0.0 — First public release
- Introduces a decentralized context mesh for AI agents, using a file-based protocol. Works over LAN/WAN/same filesystem. The Protocol is files.
- Enables context initialization, agent messaging (signed and encrypted), peer/registry sync, and cryptographic trust management.
- Provides commands for working memory, messaging (inbox/outbox), key import/export/trust, peer management, and agent discovery.
- Defines a clear trust model with VERIFIED, SIGNED, and UNVERIFIED message levels.
- Detailed instructions and file structure for setting up agents, keys, mesh configuration, and public profiles.
元数据
常见问题
Openfused - Decentralized Context Mesh for AI Agents. 是什么?
Decentralized context mesh for AI agents. Manage stores, send signed/encrypted messages, sync with peers, and manage cryptographic trust. Use when initializi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。
如何安装 Openfused - Decentralized Context Mesh for AI Agents.?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openfused-mail-system-for-ai-agents」即可一键安装,无需额外配置。
Openfused - Decentralized Context Mesh for AI Agents. 是免费的吗?
是的,Openfused - Decentralized Context Mesh for AI Agents. 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openfused - Decentralized Context Mesh for AI Agents. 支持哪些平台?
Openfused - Decentralized Context Mesh for AI Agents. 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openfused - Decentralized Context Mesh for AI Agents.?
由 velinxs(@velinxs)开发并维护,当前版本 v1.0.6。
推荐 Skills