← 返回 Skills 市场
Runtime Attestation Probe
作者
andyxinweiminicloud
· GitHub ↗
· v1.0.0
480
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install runtime-attestation-probe
功能描述
Helps validate that agent behavior at runtime matches the capabilities and constraints declared in its attestation. Detects divergence between what an agent...
安全使用建议
This skill is conceptually reasonable for detecting conditional or environment-triggered misbehavior, but the runtime instructions are the security surface — and those instructions are currently broad and not tightly constrained. Before installing or running: 1) Review the full SKILL.md (ask the publisher for the complete runtime procedure) and demand explicit lists of files, paths, and endpoints the probe will access. 2) Only run the probe in an isolated sandbox or ephemeral VM that contains no real credentials (do not run it on production hosts). 3) Require that any probing of other skills be done with explicit, auditable consent and that logs be stored securely. 4) Prefer a signed/traceable implementation (code + release) rather than an instruction-only skill if you need repeated or automated probing. 5) Because the publisher and homepage are unknown, treat provenance as weak and exercise extra caution.
功能分析
Type: OpenClaw Skill
Name: runtime-attestation-probe
Version: 1.0.0
The skill's stated purpose is to detect malicious runtime behavior (like conditional activation and data exfiltration) in *other* skills, not to perform such actions itself. The `SKILL.md` transparently describes the problem, the probe's functionality, and even its limitations and risks, emphasizing the need for sandboxed execution. While it requires `curl` and `python3`, these are justifiable for a tool designed to execute and monitor other processes for security analysis. The examples of credential harvesting and exfiltration are clearly presented as *outputs* of the probe, demonstrating what it *detects*, rather than instructions for the agent to execute.
能力评估
Purpose & Capability
Name and description match: a runtime attestation probe legitimately needs to observe file accesses, environment differences, and network calls. Requiring curl and python3 is plausible for driving probes and parsing traces. However, the skill's metadata declares no config paths, env vars, or credentials even though the documented examples explicitly show reading sensitive paths (e.g., ~/.aws/credentials) and observing outbound POSTs. That gap (declared minimal requirements vs. the behavior it claims to detect) is a notable mismatch.
Instruction Scope
This is an instruction-only skill; the SKILL.md is the runtime program. The examples demonstrate detecting reads of sensitive files and outbound network posts. As written, the instructions give the agent broad discretion to (a) exercise a target skill under multiple environments, (b) monitor file accesses (including credentials), and (c) observe or trigger outbound network traffic. Those actions can involve reading secrets and contacting external endpoints. The SKILL.md in the package is truncated in the registry data provided, but the visible material contains no concrete, constrained list of files/endpoints to probe or explicit safeguards. That vagueness increases the risk that the probe will access or exfiltrate sensitive data if run without isolation.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes supply-chain risk because nothing is downloaded or installed. The declared required binaries (curl, python3) are reasonable for a probe that issues HTTP requests and runs small scripts. No third-party downloads are present in the metadata.
Credentials
The skill requests no environment variables or config paths, but its examples and purpose imply it will examine environment-dependent behavior (env vars, credentials, files). Probing for undeclared sensitive items (AWS credentials, home-directory files) is a legitimate capability for this tool, but the skill does not declare those needs or request explicit permission. Because it can be instructed (by its own SKILL.md) to inspect potentially sensitive files and network behavior, the required access is broader than the published metadata indicates.
Persistence & Privilege
always: false (no forced permanent inclusion) and default autonomous invocation are set — those are normal. Because the skill can be invoked autonomously (platform default), combining autonomous invocation with the probe's broad scope would increase blast radius, but there's no 'always' privilege or other persistent modifications requested by the skill itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install runtime-attestation-probe - 安装完成后,直接呼叫该 Skill 的名称或使用
/runtime-attestation-probe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of runtime-attestation-probe.
- Detects and reports divergence between declared agent skill capabilities and actual runtime behavior.
- Probes for conditional activation, undeclared resource access, data flow inconsistencies, and side effects.
- Outputs a detailed attestation drift score and classification (COMPLIANT, DRIFT, VIOLATION, or CONDITIONAL_ACTIVATION).
- Aims to catch behavioral attacks missed by static analysis via controlled execution and environment variation.
元数据
常见问题
Runtime Attestation Probe 是什么?
Helps validate that agent behavior at runtime matches the capabilities and constraints declared in its attestation. Detects divergence between what an agent... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 480 次。
如何安装 Runtime Attestation Probe?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install runtime-attestation-probe」即可一键安装,无需额外配置。
Runtime Attestation Probe 是免费的吗?
是的,Runtime Attestation Probe 完全免费(开源免费),可自由下载、安装和使用。
Runtime Attestation Probe 支持哪些平台?
Runtime Attestation Probe 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Runtime Attestation Probe?
由 andyxinweiminicloud(@andyxinweiminicloud)开发并维护,当前版本 v1.0.0。
推荐 Skills