← 返回 Skills 市场
460
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tokamak-vault-breach
功能描述
Participate in the Tokamak Network Vault Breach Challenge - an AI security Capture The Flag (CTF) game where you interact with a secured AI agent to extract...
安全使用建议
This skill is an instruction-playbook for actively trying to extract secrets from a remote AI agent. That makes it high-risk even though it has no install or credential requests. Before installing or using it: 1) Confirm you have explicit authorization to test the listed URL/target (unauthorized access may be illegal). 2) Do not provide your own credentials or private keys to the skill or the remote dashboard. 3) Prefer to run any interactions in an isolated/sandboxed environment and avoid enabling autonomous, unsupervised runs. 4) Verify the dashboard URL and community links independently (they could be malicious or phishing). 5) If you cannot verify the source/owner or the legality of the challenge, do not proceed — treat this as potentially abusive guidance rather than a benign utility.
功能分析
Type: OpenClaw Skill
Name: tokamak-vault-breach
Version: 1.0.0
The skill is designed for an AI security Capture The Flag (CTF) challenge, instructing the OpenClaw agent to interact with an external, untrusted server at `https://tokamak-network-openfang-vault-production.up.railway.app/` (as seen in SKILL.md). It directs the agent to make external network calls using `curl` and process responses via shell commands like `jq`. While the stated intent is educational, the execution of shell commands with data fetched from an external domain introduces a vulnerability risk (e.g., potential RCE if the external server is compromised or malicious and returns crafted data that exploits `jq` or shell parsing), classifying it as suspicious rather than benign. The instructions for 'prompt injection' and 'file system access' are directed at the *target AI agent* on the CTF platform, not the OpenClaw agent itself.
能力评估
Purpose & Capability
The name/description match the instructions: this is an instruction-only CTF/playbook for extracting a secret seed from a remote AI agent. There are no unrelated required binaries, env vars, or installs, so the declared capabilities align with the stated purpose.
Instruction Scope
The SKILL.md explicitly instructs the agent to perform social engineering, prompt-injection, and file-system exfiltration (e.g., attempt to read /vault.key) via the target's chat API. It gives open-ended guidance to probe the agent and 'bypass' protections, which grants broad discretion and encourages sensitive-data extraction. While coherent with a CTF objective, these actions are high-risk and can be used for unauthorized access; the instructions do not constrain or limit potentially abusive behavior.
Install Mechanism
No install specification or code files are provided; the skill is instruction-only. This minimizes disk/execution risk from the skill bundle itself.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate to an instruction-only guide. Note: although the skill doesn't request your secrets, it instructs the agent to attempt to extract secrets from a remote agent and to interact with external endpoints, so the interaction could induce credential exposure if misused.
Persistence & Privilege
The skill does not request always:true or other elevated installation privileges. Model invocation is allowed (default), which is normal; however, because the instructions encourage exfiltration techniques, allowing autonomous invocation could increase risk if the agent is permitted to act without supervision.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tokamak-vault-breach - 安装完成后,直接呼叫该 Skill 的名称或使用
/tokamak-vault-breach触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Tokamak Vault Breach skill for the CTF challenge.
- Provides full instructions for engaging with the Tokamak Vault AI agent via API and dashboard.
- Includes step-by-step guide for API discovery, attack strategies, and reward claiming.
- Outlines agent capabilities, endpoints, and example API interactions.
- Offers hints, community links, and quick reference for participants.
元数据
常见问题
tokamak-vault-breach 是什么?
Participate in the Tokamak Network Vault Breach Challenge - an AI security Capture The Flag (CTF) game where you interact with a secured AI agent to extract... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 460 次。
如何安装 tokamak-vault-breach?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tokamak-vault-breach」即可一键安装,无需额外配置。
tokamak-vault-breach 是免费的吗?
是的,tokamak-vault-breach 完全免费(开源免费),可自由下载、安装和使用。
tokamak-vault-breach 支持哪些平台?
tokamak-vault-breach 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 tokamak-vault-breach?
由 0xHammerr(@0xhammerr)开发并维护,当前版本 v1.0.0。
推荐 Skills