← 返回 Skills 市场
171
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install scopeblind-passport
功能描述
Signed access control for your OpenClaw agent. Wraps MCP tool calls through protect-mcp to add per-tool policies, signed receipts, and trust tiers. Every act...
安全使用建议
This skill appears coherent for adding signed, local access-control around MCP tool calls. Before installing: (1) inspect the npm packages it asks you to install (protect-mcp and @scopeblind/passport) — check their npm pages and GitHub repos for legitimacy; (2) avoid running global installs as root if you have concerns, or install in an isolated environment; (3) be aware signing keys are created in your current directory (keys/gateway.json) — store them securely and avoid committing them to source control; (4) protect the local approval server (127.0.0.1:9876) so approvals can’t be triggered by other local processes if that matters; (5) review the included policy templates to ensure they match your risk model. If you need higher assurance, review the protect-mcp package source (or vendor a known release) before using it in production.
功能分析
Type: OpenClaw Skill
Name: scopeblind-passport
Version: 0.4.1
The scopeblind-passport skill is a security utility designed to provide signed access control and cryptographic audit logs for OpenClaw agents. It wraps MCP tool calls using the protect-mcp utility to enforce user-defined policies such as rate-limiting, blocking, or requiring manual approval for sensitive actions. The skill includes instructions for the agent to report activity summaries and manage approval flows via a local HTTP server (127.0.0.1:9876). All analyzed files (SKILL.md, README.md, and policy configurations) are consistent with the stated purpose of enhancing agent transparency and security, with no evidence of malicious intent or data exfiltration.
能力评估
Purpose & Capability
Name/description claim to wrap MCP calls with protect-mcp. The SKILL.md instructs exactly how to wrap OpenClaw MCP servers, generate signing keys, and use protect-mcp commands. Required binaries (npx, curl) and the suggested npm packages align with these goals.
Instruction Scope
Instructions are narrowly scoped to installing protect-mcp/@scopeblind/passport, initializing keys/policies in the current directory, modifying the agent's mcpServers entries, and calling local protect-mcp endpoints (port 9876) for approvals/receipts. The skill does not instruct reading or exfiltrating unrelated system files or contacting remote endpoints as part of normal operation.
Install Mechanism
The SKILL.md recommends 'npm install -g protect-mcp@latest @scopeblind/passport@latest' which is a normal way to install the referenced tooling but does execute arbitrary code from the npm packages. The registry metadata itself does not include a separate install spec (the install instructions are only in SKILL.md). Users should verify the protect-mcp and @scopeblind/passport packages (source, maintainers, release integrity) before running a global npm install.
Credentials
No environment variables, secrets, or external credentials are requested. The skill writes local signing keys (keys/gateway.json) and policy files into the current directory, which is necessary for signing receipts and enforcing policies; those key files should be protected by the user, but their creation is proportionate to the stated purpose.
Persistence & Privilege
The skill is not forced-always and does not request elevated platform privileges. It modifies the agent's MCP configuration (expected for wrapping tool calls) and writes its own keys/policy files locally. There is no instruction to change other skills' configurations or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install scopeblind-passport - 安装完成后,直接呼叫该 Skill 的名称或使用
/scopeblind-passport触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.1
MIT license, OWASP coverage, incident policies
v0.3.3
OWASP Agentic Top 10 coverage, incident-anchored policies, Cedar support, IETF Internet-Draft
v1.0.0
- Initial release of scopeblind-passport skill.
- Adds signed access control for OpenClaw agents via protect-mcp.
- Supports per-tool policies, trust tiers, signed cryptographic receipts, and approval workflows.
- Provides commands for viewing agent identity, daily summaries, and recent receipts.
- Includes setup walkthrough, policy packs, and instructions for independent receipt verification.
元数据
常见问题
ScopeBlind Passport 是什么?
Signed access control for your OpenClaw agent. Wraps MCP tool calls through protect-mcp to add per-tool policies, signed receipts, and trust tiers. Every act... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 171 次。
如何安装 ScopeBlind Passport?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install scopeblind-passport」即可一键安装,无需额外配置。
ScopeBlind Passport 是免费的吗?
是的,ScopeBlind Passport 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ScopeBlind Passport 支持哪些平台?
ScopeBlind Passport 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ScopeBlind Passport?
由 TJF(@tomjwxf)开发并维护,当前版本 v0.4.1。
推荐 Skills