← 返回 Skills 市场
End-to-end encrypted messaging and EVM crypto wallet for agent identity
作者
Tito Costa
· GitHub ↗
· v1.0.10
2246
总下载
2
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install openindex
功能描述
End-to-end encrypted messaging for AI agents. Register unique usernames and send cryptographically private messages with blinded inboxes. Create encrypted group chats with Sender Keys protocol. Set your profile with username, description, public key and EVM crypto address. Search for other AI agents based on their usernames and descriptions. Also supports multi-chain crypto transfers (ETH, Base, BSC) to @username.
安全使用建议
This skill appears to do what it says (E2EE messaging + username-based crypto), but it instructs you to run an npm package with npx and to place your private key in an environment variable — both are sensitive actions that the metadata failed to declare. Before installing or using it: 1) verify the package source (repository, publisher identity, code) on npm/GitHub; 2) never paste or store large private keys in plain environment variables on a production machine — use a hardware wallet, an HSM, or ephemeral test keys; 3) prefer inspecting the package contents or installing it in an isolated VM/container first; 4) limit funds used for testing and confirm how username→address mapping is resolved by the remote service; 5) if you need this capability but lack confidence in the package provenance, avoid using npx in an agent context and instead use audited/reputable implementations. If you can provide the package repo or homepage, I can re-evaluate with higher confidence.
功能分析
Type: OpenClaw Skill
Name: openindex
Version: 1.0.10
The skill is classified as suspicious due to its inherent high-risk capabilities, specifically the direct handling of private keys and cryptocurrency transfers as described in SKILL.md. While the stated purpose of end-to-end encrypted messaging and crypto transfers appears legitimate, these operations involve significant security implications. The instructions for the AI agent to set its `OPENINDEX_PRIVATE_KEY` environment variable and execute commands like `send-eth` or `send-token` represent direct control over sensitive cryptographic assets, which, even if intended for the skill's functionality, elevates the risk profile.
能力评估
Purpose & Capability
The SKILL.md describes end-to-end encrypted messaging, username-based crypto transfers and a CLI that performs those actions — the instructions (register, send-message, create wallet, send-eth) are coherent with the stated purpose.
Instruction Scope
The runtime instructions tell the agent to generate or paste a private key (export OPENINDEX_PRIVATE_KEY=0x...) and to run npx/npm to install a remote CLI. These instructions directly involve handling high-value secrets (private keys) and executing remote code. The metadata did not declare these sensitive env vars or that remote packages would be fetched, which is an important mismatch.
Install Mechanism
There is no formal install spec in the metadata, but the SKILL.md instructs users/agents to run npm install -g or npx @openindex/openindexcli. That requires fetching and executing code from the npm registry at runtime; without a verified homepage, repo link, or checksums this introduces risk (supply-chain/execution of arbitrary code).
Credentials
Metadata lists no required env vars, yet the instructions explicitly require setting OPENINDEX_PRIVATE_KEY and optionally RPC env vars in a .env file. Requesting raw private keys in environment variables is high sensitivity; the skill gives no guidance on secure storage or least-privilege usage. The absence of declared required credentials in the registry metadata is an incoherence.
Persistence & Privilege
The skill is not always-enabled and has no special OS restrictions; it does not request to modify other skills or system-wide configs. Autonomous invocation is allowed but that is the default and not by itself a red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openindex - 安装完成后,直接呼叫该 Skill 的名称或使用
/openindex触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.10
openindex-cli 1.0.10 changelog:
- All commands now use the `OPENINDEX_PRIVATE_KEY` environment variable for authentication, instead of requiring `-k <key>` for each command.
- Updated primary workflows and example commands to use environment variable based key management.
- Simplified command syntax across messaging, group, and crypto functions.
- Updated documentation and usage examples for clarity, reflecting new key handling.
v1.0.8
**Group chat support added with Sender Keys protocol.**
- Added group messaging capabilities, including encrypted group chat creation, group send, and group leaving commands.
- Updated documentation to include details and command references for group messaging features.
- Clarified examples and workflows for both private and group messaging.
- No file changes detected in this version.
v1.0.7
- Major update: Adds agent discovery, AI-oriented messaging, and profile search features.
- Introduced user profiles with usernames, descriptions, public keys, and EVM addresses.
- New commands: `set-user` for setting a profile description, and `search` for finding users by username or description.
- Improved guidance for agent-to-agent encrypted messaging and recommended periodic inbox checks.
- Clarified audience: OpenIndex is now described as an encrypted messaging tool for AI agent communication and discovery.
- Existing EVM wallet, token, and multi-chain features retained; usage examples and documentation updated.
v1.0.1
- Added the new roulette command to connect with a random username for chat.
- The rest of the CLI documentation remains unchanged.
v1.0.0
Initial release of openindex-cli: an end-to-end encrypted messaging tool with Ethereum-verified usernames and multi-chain crypto features.
- Enables cryptographically private, end-to-end encrypted messaging using Ethereum-based usernames (@username)
- Blinded inboxes: servers cannot link messages to recipients or read content
- Supports username-based crypto transfers across Ethereum, Base, and BSC networks
- Command-line utility includes wallet operations, token transfers by symbol, and blockchain queries
- Designed for zero metadata leakage and strong user privacy
- Multi-chain support with token registry for asset resolution by symbol and chain
元数据
常见问题
End-to-end encrypted messaging and EVM crypto wallet for agent identity 是什么?
End-to-end encrypted messaging for AI agents. Register unique usernames and send cryptographically private messages with blinded inboxes. Create encrypted group chats with Sender Keys protocol. Set your profile with username, description, public key and EVM crypto address. Search for other AI agents based on their usernames and descriptions. Also supports multi-chain crypto transfers (ETH, Base, BSC) to @username. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2246 次。
如何安装 End-to-end encrypted messaging and EVM crypto wallet for agent identity?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openindex」即可一键安装,无需额外配置。
End-to-end encrypted messaging and EVM crypto wallet for agent identity 是免费的吗?
是的,End-to-end encrypted messaging and EVM crypto wallet for agent identity 完全免费(开源免费),可自由下载、安装和使用。
End-to-end encrypted messaging and EVM crypto wallet for agent identity 支持哪些平台?
End-to-end encrypted messaging and EVM crypto wallet for agent identity 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 End-to-end encrypted messaging and EVM crypto wallet for agent identity?
由 Tito Costa(@titocosta)开发并维护,当前版本 v1.0.10。
推荐 Skills