← 返回 Skills 市场
Valiron
作者
Vatsa Shah
· GitHub ↗
· v1.0.2
507
总下载
1
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install valiron-trust-layer
功能描述
Intercept and authorize outgoing machine-to-machine payments (x402 or similar) using @valiron/sdk trust decisions on the counterparty agent before payment ex...
安全使用建议
This skill appears coherent and focused on adding a trust gate before outgoing payments. Before installing: (1) verify the provenance of the @valiron/sdk npm package and review its upstream source; (2) store VALIRON_API_KEY and other secrets in a secrets manager (do not hardcode); (3) review and test your decision policy JSON and the provided validator locally to ensure it enforces your intended limits; (4) pick conservative fallback modes (fail-closed) for high-value flows and test fail-open behavior in a sandbox; (5) confirm logging/audit configuration redacts secrets as recommended. If you need higher assurance, review the actual @valiron/sdk runtime behavior (network endpoints, telemetry) and run the validator on representative policy files.
功能分析
Type: OpenClaw Skill
Name: valiron-trust-layer
Version: 1.0.2
The skill bundle is designed to intercept and authorize payments using a trust SDK. The `SKILL.md` provides clear instructions without any prompt injection attempts. The core logic in `assets/payment-interceptor.ts` uses the `@valiron/sdk` for external trust lookups, which is its stated purpose, and implements a secure 'fail-closed' default on errors. The `scripts/validate-payment-policy.mjs` script safely reads and validates local JSON policy files, incorporating robust path traversal prevention, NUL byte checks, and file size limits, demonstrating a strong focus on security. All documentation files (`references/*.md`) consistently promote security best practices. There is no evidence of data exfiltration, malicious execution, persistence, or obfuscation.
能力评估
Purpose & Capability
Name/description (payment interception using Valiron trust decisions) match the included source and runtime instructions. The primary credential (VALIRON_API_KEY) and references to @valiron/sdk and payment rail libraries are appropriate for this functionality. The SKILL.md also documents optional env vars (VALIRON_BASE_URL, VALIRON_TIMEOUT_MS), which are reasonable though not listed under required env vars in the registry metadata.
Instruction Scope
SKILL.md confines runtime actions to extracting counterparty identity, calling the Valiron SDK (checkAgent/getWalletProfile), applying a policy, and enforcing spend controls; it does not instruct broad system scans, exfiltration, or access to unrelated secrets. The included policy validator enforces sane path rules (no absolute paths, no path traversal) and file size limits. Logging/audit guidance includes redaction guidance.
Install Mechanism
No install spec or remote downloads are present (instruction-only plus two local code files). There are no URLs or archive extraction steps. Dependencies referenced (e.g., @valiron/sdk) are typical npm packages for this use case; the skill does not attempt to fetch arbitrary code at runtime.
Credentials
Only VALIRON_API_KEY is declared as the primary credential; SKILL.md explains that the API key is optional in some deployments and lists additional optional env vars for configuring endpoint and timeouts. No unrelated credentials or broad secrets are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or attempt to modify other skills. It instructs normal startup validation and policy checks but does not assert elevated platform presence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install valiron-trust-layer - 安装完成后,直接呼叫该 Skill 的名称或使用
/valiron-trust-layer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Added a metadata field specifying the skill key and primary environment variable required (`VALIRON_API_KEY`).
- Clarified that `VALIRON_API_KEY` is now optional by default, but reserved/required for authenticated deployments.
- Updated runtime requirements and configuration instructions to reflect optional and conditional use of `VALIRON_API_KEY`.
- Improved guidance on failure behavior: fail closed only if required policy/config inputs are missing, and clarified SDK authentication handling.
- No code or file changes; documentation/refinement update only.
v1.0.1
- Added a new runtime and credential requirements section to SKILL.md.
- Clarified that the system should fail startup or "fail closed" if required credentials/config are missing.
- Updated the resource list to include "runtime + credential checklist".
- No code or functionality changes; removed 8 supporting/reference files.
v1.0.0
Initial release of Valiron Payment Interceptor.
- Intercepts outgoing machine-to-machine payments to apply authorization and trust policies.
- Evaluates counterparty trust using @valiron/sdk before executing payments.
- Supports decision policies, spend controls, and explicit allowance/denial paths.
- Provides detailed logging and auditing of payment authorization outcomes.
- Includes bundled resources for decision models, fallback modes, audit schemas, and policy validation scripts.
元数据
常见问题
Valiron 是什么?
Intercept and authorize outgoing machine-to-machine payments (x402 or similar) using @valiron/sdk trust decisions on the counterparty agent before payment ex... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 507 次。
如何安装 Valiron?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install valiron-trust-layer」即可一键安装,无需额外配置。
Valiron 是免费的吗?
是的,Valiron 完全免费(开源免费),可自由下载、安装和使用。
Valiron 支持哪些平台?
Valiron 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Valiron?
由 Vatsa Shah(@vatsashah45)开发并维护,当前版本 v1.0.2。
推荐 Skills