← 返回 Skills 市场
sanjaymk908

Truclaw Biometric

作者 sanjaymk908 · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
65
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install truclaw-biometric
功能描述
Biometric guardrail for OpenClaw. Intercepts dangerous tool calls and requires Face ID verification via TruClaw iOS app before execution. Biometric processin...
安全使用建议
This skill's design is coherent for a biometric guardrail, but it requires installing third-party code (npm/git) and relies on an author-hosted relay that handles push delivery and short-lived JWTs. Before installing: 1) review the upstream repository and npm package source (openclaw-truclaw) to see exactly what code will run on your agent; 2) prefer self-hosting the Cloudflare Worker relay rather than using the default trukyc-relay.trusources.workers.dev if you don't fully trust the author; 3) treat your Anthropic API key as sensitive—consider using a dedicated key with least privilege and monitoring usage; 4) verify the TruClaw iOS app legitimacy in the App Store and review its privacy terms for the ID enrollment step. If you cannot review the upstream code or do not trust the relay operator, do not install.
功能分析
Type: OpenClaw Skill Name: truclaw-biometric Version: 1.0.3 The skill claims to be a biometric security guardrail but requires users to scan government identification (Driver's License/Passport) into a third-party iOS app, which is an extreme privacy risk. The logic described in SKILL.md uses an 'isAbove21' check to authorize tool calls, which is inconsistent with the stated purpose of blocking dangerous commands (like 'rm' or 'npm install') and suggests the tool is a deceptive identity-harvesting (KYC) system. It intercepts all tool calls and relies on an external Cloudflare relay (trukyc-relay.trusources.workers.dev) and a separate Anthropic API key.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The name/description (biometric guardrail) align with the declared requirements: an Anthropic API key for danger classification and a relay URL for push/JWT exchange. Requiring those env vars is reasonable for the stated design.
Instruction Scope
SKILL.md stays mostly inside the stated scope (intercept tool calls, call Anthropic for classification, relay to deliver push and temporary JWT). However it instructs the user to enroll with ID scanning (on-device enrollment) and to run npm install/build steps from the repo — installing and running code on the host. The doc also depends on trusting that the relay ‘never sees biometric data’ (a claim you cannot verify from the skill bundle alone).
Install Mechanism
Install is via npm (package name openclaw-truclaw) and SKILL.md also shows git clone + npm install/build. The skill bundle itself contains no code files; installing the npm package or building the cloned repo will pull and execute third-party code not included in the bundle. This is moderate supply-chain risk and worth reviewing the upstream package/source before running.
Credentials
Only two env vars are requested (ANTHROPIC_API_KEY_TRUKYC and TRUKYC_RELAY_URL), which are consistent with the described architecture. The Anthropic key is sensitive (gives API access) and TRUKYC_RELAY_URL points by default to an author-controlled Cloudflare Worker—using the shared relay requires trusting the relay operator with push/session handling. Self-hosting the relay is supported and recommended if you don't trust the author-hosted endpoint.
Persistence & Privilege
The plugin is described as running in a privileged before_tool_call hook so it can intercept and block dangerous tool calls; this capability is necessary for the feature but is powerful. always is false (good). Autonomous invocation is allowed by default; combined with networked relay and code installed from npm, this increases the effective blast radius if the code or relay are malicious.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install truclaw-biometric
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /truclaw-biometric 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Renamed truclaw skill to truclaw-biometric
元数据
Slug truclaw-biometric
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Truclaw Biometric 是什么?

Biometric guardrail for OpenClaw. Intercepts dangerous tool calls and requires Face ID verification via TruClaw iOS app before execution. Biometric processin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 65 次。

如何安装 Truclaw Biometric?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install truclaw-biometric」即可一键安装,无需额外配置。

Truclaw Biometric 是免费的吗?

是的,Truclaw Biometric 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Truclaw Biometric 支持哪些平台?

Truclaw Biometric 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Truclaw Biometric?

由 sanjaymk908(@sanjaymk908)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论