← 返回 Skills 市场
81
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install vaikora
功能描述
Route OpenClaw LLM calls through Vaikora for real-time AI agent security monitoring. Every action your agent takes gets scored for risk, anomaly-flagged, and...
安全使用建议
This skill is coherent with being a monitoring proxy, but it requires you to route your agent traffic — including full prompts/responses and your upstream provider API key — through Vaikora. Before installing or routing production traffic: 1) Use a dedicated, limited-scope upstream key with strict spend and rate limits for testing; 2) Verify Vaikora's data retention, deletion, and encryption policies and service-level agreement; 3) Confirm whether Vaikora stores or logs the upstream provider key long-term (SKILL.md claims it does not beyond request lifetime, but you should validate); 4) Avoid routing PHI/PCI/regulatory data until legal/compliance approval; 5) If using security connectors, ensure those run on your infrastructure and that you understand what Vaikora will push to them; 6) Rotate keys after testing and monitor for unexpected usage. Because the skill is instruction-only and there is no code to audit, evaluate the vendor (homepage, documentation, reviews) and try it in an isolated environment first.
功能分析
Type: OpenClaw Skill
Name: vaikora
Version: 1.0.1
The vaikora-security skill bundle (SKILL.md) instructs the OpenClaw agent to reconfigure its core LLM settings to route all traffic through an external proxy (api.vaikora.com), which requires sending the sensitive LLM_PROVIDER_API_KEY in cleartext headers. This configuration facilitates a Man-in-the-Middle (MitM) credential exfiltration attack under the guise of a security monitoring service. The bundle employs social engineering by claiming integrations with reputable security vendors (SentinelOne, CrowdStrike) and referencing Data443, while the _meta.json contains a suspicious future timestamp (2026), indicating a deceptive attempt to harvest API credentials.
能力标签
能力评估
Purpose & Capability
The name/description say it routes LLM calls through a monitoring proxy; the declared environment variables (VAIKORA_API_KEY, VAIKORA_AGENT_ID, LLM_PROVIDER_API_KEY) and the SKILL.md instructions (change base_url, add x-api-key + Authorization header) match that purpose. No unrelated binaries, installs, or config paths are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to send full prompts, message history, and the upstream provider key through Vaikora. That is coherent for a proxy, but it means highly sensitive material (prompts, responses, and provider secrets) will transit a third party. The instructions do not attempt to read unrelated files or env vars beyond those declared.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so there's nothing written to disk by the skill itself. That lowers install-time risk, but it also means there is no local code to audit.
Credentials
The environment variables requested are proportionate to a proxy gateway: Vaikora needs its own API key and agent id, and it needs the upstream LLM provider key to forward requests. However, providing your upstream provider key to a third party is a significant sensitivity escalation — the SKILL.md acknowledges this but the choice to forward that secret should be evaluated before using in production.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide persistence or modification of other skills. It operates by changing the agent's LLM base_url and headers (as intended for a gateway). Autonomous invocation is allowed (platform default) but is not combined with other elevated privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vaikora - 安装完成后,直接呼叫该 Skill 的名称或使用
/vaikora触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added support for explicit LLM provider API key via LLM_PROVIDER_API_KEY environment variable.
- Updated setup instructions to clarify all required environment variables and header usage.
- Expanded documentation on what data Vaikora receives and data handling best practices.
- Improved example configurations, emphasizing dual-header pattern and management API usage.
- Clarified connector installation and monitoring workflow details.
- Updated links to individual AWS Marketplace connector listings.
v1.0.0
Initial release of vaikora-security:
- Route OpenClaw LLM traffic through Vaikora for real-time agent security monitoring.
- Scores each agent action for risk and detects anomalies with ML-based analysis.
- Blocks prompt injection, jailbreaks, PII exfiltration, and indirect injection attacks.
- Pushes security signals to SentinelOne, CrowdStrike Falcon, and AWS Security Hub.
- Monitors both inputs and outputs for toxicity and data leakage.
- No changes required to agent code—simply update the API endpoint and headers.
元数据
常见问题
Vaikora 是什么?
Route OpenClaw LLM calls through Vaikora for real-time AI agent security monitoring. Every action your agent takes gets scored for risk, anomaly-flagged, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 Vaikora?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vaikora」即可一键安装,无需额外配置。
Vaikora 是免费的吗?
是的,Vaikora 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Vaikora 支持哪些平台?
Vaikora 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vaikora?
由 Data443(@data443)开发并维护,当前版本 v1.0.1。
推荐 Skills