← 返回 Skills 市场
1823
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install sev-attestation
功能描述
Perform AMD SEV-SNP remote attestation to cryptographically verify VM identity and integrity. Use when proving a VM is running in a genuine AMD SEV-SNP confidential computing environment, verifying VM integrity before trusting it with secrets, checking SEV-SNP availability, generating attestation reports, validating AMD certificate chains (ARK/ASK/VCEK), or debugging attestation failures.
安全使用建议
This skill appears to do exactly what it says: local SEV‑SNP attestation using /dev/sev-guest, snpguest or OpenSSL, and AMD's KDS. Before running it: 1) review the scripts (they are included) and confirm you are comfortable running them as root; 2) expect the fetch step to send chip identifiers and TCB fields to AMD's KDS (this is required to obtain the VCEK and may reveal hardware identifiers); 3) installing snpguest via cargo will pull code from crates.io—inspect that package if you have supply-chain concerns; 4) run in a trusted environment (attestation involves hardware identifiers and privileged device access) and, if using cloud VMs, check provider policies. If you want stricter assurance, run the manual OpenSSL verification path included so you can audit each step and avoid installing extra tooling.
功能分析
Type: OpenClaw Skill
Name: sev-attestation
Version: 1.0.2
The skill bundle is designed to perform AMD SEV-SNP remote attestation, which inherently requires privileged access to `/dev/sev-guest` and network communication with AMD's Key Distribution Service (`kdsintf.amd.com`). All scripts and documentation (including `SKILL.md` and `README.md`) clearly state these requirements and their purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation to hide intent, or prompt injection attempts against the agent. The use of `sudo` and interaction with privileged kernel devices are necessary for the stated functionality and are transparently documented in `SKILL.md` and `references/error-codes.md`.
能力评估
Purpose & Capability
Name/description match the included scripts: detection, report generation (via /dev/sev-guest), fetching AMD certificates from KDS, chain verification, and report signature verification. Required operations (accessing /dev/sev-guest, using snpguest, openssl, curl, xxd/python3) are appropriate for SEV‑SNP attestation and nothing in the files asks for unrelated cloud credentials or services.
Instruction Scope
SKILL.md and the scripts constrain actions to the attestation workflow: checking device/module, invoking snpguest or using OpenSSL to validate signatures, fetching certificates from AMD's KDS, and writing results to a local output directory. The instructions do not attempt to read unrelated user files or environment variables beyond optional debug/proxy settings. They do, however, parse and send chip-specific identifiers when fetching VCEK (expected for this task).
Install Mechanism
This is instruction-only (no automated install spec). The README/SKILL.md recommend installing snpguest via cargo and using common system tools (openssl, curl). Those recommendations are expected for the workflow; there are no opaque downloads from untrusted servers in the skill bundle itself. Installing snpguest will pull code from crates.io (standard practice) — review that package if you have supply-chain concerns.
Credentials
The skill declares no required environment variables or external credentials. It requires root or membership in the sev group to access /dev/sev-guest (legitimate for generating reports) and network access to AMD's KDS (kdsintf.amd.com) to fetch VCEK/ARK/ASK. The scripts do not request unrelated secrets or long lists of credentials.
Persistence & Privilege
The skill does not request persistent installation or force inclusion (always:false). It performs on-demand local operations and writes output to the specified output directory only. It does require elevated privileges to access the kernel device, which is appropriate for the stated purpose but means the user must run scripts as root or with proper device permissions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sev-attestation - 安装完成后,直接呼叫该 Skill 的名称或使用
/sev-attestation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
sev-attestation 1.0.2
- No user-facing or internal changes; version bump only.
- All documentation, code, and workflow remain unchanged.
v1.0.1
Version 1.0.1 of sev-attestation
- No file changes detected; documentation and functionality remain unchanged.
v1.0.0
Initial release of sev-attestation.
- Provides scripts for performing AMD SEV-SNP remote attestation to verify VM identity and integrity.
- Supports checking SEV-SNP availability, generating attestation reports, and fetching/validating AMD certificate chains (ARK/ASK/VCEK).
- Includes workflow diagrams, usage instructions, and individual scripts for each attestation step.
- Requires the snpguest Rust CLI, openssl, and curl.
元数据
常见问题
sev-attestation 是什么?
Perform AMD SEV-SNP remote attestation to cryptographically verify VM identity and integrity. Use when proving a VM is running in a genuine AMD SEV-SNP confidential computing environment, verifying VM integrity before trusting it with secrets, checking SEV-SNP availability, generating attestation reports, validating AMD certificate chains (ARK/ASK/VCEK), or debugging attestation failures. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1823 次。
如何安装 sev-attestation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sev-attestation」即可一键安装,无需额外配置。
sev-attestation 是免费的吗?
是的,sev-attestation 完全免费(开源免费),可自由下载、安装和使用。
sev-attestation 支持哪些平台?
sev-attestation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 sev-attestation?
由 xinyuwang(@xinyuwang)开发并维护,当前版本 v1.0.2。
推荐 Skills