← 返回 Skills 市场
Signet Guardian
作者
rafalzacher1
· GitHub ↗
· v0.1.0
839
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install signet-guardian
功能描述
Payment guard middleware for AI agents. Use whenever any skill is about to initiate a payment. Runs a preflight check against the user's policy (payments enabled, per-transaction limit, monthly cap). Returns ALLOW, DENY, or CONFIRM_REQUIRED. Other payment-capable skills must call signet-preflight before proceeding and signet-record after a successful payment.
安全使用建议
This skill appears to do what it says: local preflight checks, ledger recording, and optional dashboard policy UI. Before installing, do the following: (1) review scripts/signet-cli.ts (and the migrate/edit code path) so you understand exactly how it reads/writes ~/.openclaw/openclaw.json and the references/ ledger; back up your OpenClaw config first; (2) be aware that denied attempts are appended to a local ledger that will contain payee, amount, and purpose — this is stored locally (no network calls shown) but could include sensitive metadata; (3) the migrate command may modify your global OpenClaw config — only run it if you trust the repo and have a backup; (4) installation as an OpenClaw extension requires copying files into your OpenClaw extensions path and restarting the gateway — follow those steps carefully. If you want extra assurance, run the test script in an isolated environment (or inspect/execute the CLI manually) before enabling it for real payments.
功能分析
Type: OpenClaw Skill
Name: signet-guardian
Version: 0.1.0
The skill's primary function as a payment guard is benign, but the `signet-cli.ts` script contains a Remote Code Execution (RCE) vulnerability. The `signet-policy --edit` command executes `process.env.EDITOR` with `spawnSync` and `shell: false`. While `shell: false` prevents direct command injection, an attacker could set the `EDITOR` environment variable to a malicious command (e.g., `sh -c 'rm -rf /'`). If an AI agent is instructed to run `signet-policy --edit` while `EDITOR` is controlled by an attacker (e.g., via prompt injection), it could lead to arbitrary code execution. This is a significant vulnerability, but there is no evidence of intentional malicious exploitation within the skill's code or documentation.
能力评估
Purpose & Capability
Name and description (payment preflight, record, report, policy) align with included CLI and extension files. The skill only needs local config/refs and registers a config schema for the OpenClaw dashboard; it does not request unrelated cloud credentials or external services.
Instruction Scope
Runtime instructions and CLI implement preflight, record, report and policy edit/migrate as described. The CLI reads the OpenClaw config file (path from OPENCLAW_CONFIG_PATH or default ~/.openclaw/openclaw.json) and falls back to references/policy.json; it appends ledger lines and logs DENY events. The policy-migrate/edit commands will read and (likely) write the OpenClaw config — review code/path handling before running to avoid accidental config overwrites. It does not perform outbound network requests.
Install Mechanism
No install spec; this is instruction/CLI code you run locally. Dependencies are standard npm packages (prompts, tsx) declared in package.json and lockfile. There are no downloads from arbitrary URLs or extracted archives.
Credentials
Skill declares no required env vars or credentials. It legitimately uses OPENCLAW_BASE_DIR / OPENCLAW_SKILL_DIR / OPENCLAW_CONFIG_PATH to find policy and ledger files; that is proportional to its purpose. Note: the CLI reads the whole OpenClaw config file (to find signet.policy), which could contain other settings — the skill does not send them anywhere but will access them locally.
Persistence & Privilege
Does not request always:true and is not force-included. It writes only to its references directory and to OpenClaw config when migrating policy or when installed as an extension (the extension registers a schema). Ledger and lock files are local and expected for its function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install signet-guardian - 安装完成后,直接呼叫该 Skill 的名称或使用
/signet-guardian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release
元数据
常见问题
Signet Guardian 是什么?
Payment guard middleware for AI agents. Use whenever any skill is about to initiate a payment. Runs a preflight check against the user's policy (payments enabled, per-transaction limit, monthly cap). Returns ALLOW, DENY, or CONFIRM_REQUIRED. Other payment-capable skills must call signet-preflight before proceeding and signet-record after a successful payment. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 839 次。
如何安装 Signet Guardian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install signet-guardian」即可一键安装,无需额外配置。
Signet Guardian 是免费的吗?
是的,Signet Guardian 完全免费(开源免费),可自由下载、安装和使用。
Signet Guardian 支持哪些平台?
Signet Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Signet Guardian?
由 rafalzacher1(@rafalzacher1)开发并维护,当前版本 v0.1.0。
推荐 Skills