← 返回 Skills 市场
dlhugly

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw

作者 DLhugly · GitHub ↗ · v1.5.0
cross-platform ✓ 安全检测通过
1008
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install vault0
功能描述
Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EIP-3009 signing. Secure API keys, watch agent behavior, and handle machine-to-machine micropayments. macOS desktop app (Rust + Tauri). Reads ~/.openclaw/.env during hardening. Installation downloads a DMG from GitHub releases. After install, the app makes no external network calls and only listens on localhost.
安全使用建议
This instruction-only skill is coherent with its stated goal (a macOS vault/monitor that reads OpenClaw configs and uses Keychain). Before installing: 1) Manually verify the SHA-256 shown by shasum against the release page before mounting the DMG. 2) Prefer building from source (git clone && npm install && npm run tauri build) if you or someone you trust can audit the code — the DMG is unsigned/notarized per the instructions. 3) Be aware the app will be persistent (installed to /Applications) and will access your OpenClaw files and macOS Keychain (wallet private keys are claimed to remain in Keychain). 4) Do not skip the gatekeeper prompt without understanding the risk. 5) If you cannot or will not audit the release, decline installation or use the build-from-source path. 6) After hardening, verify the expected changes (first line of ~/.openclaw/.env and Vault-0 dashboard) and keep a backup of any wallet mnemonic using a method you trust. If any step is unclear or you cannot confirm the GitHub release integrity, treat the binary as untrusted.
功能分析
Type: OpenClaw Skill Name: vault0 Version: 1.5.0 The skill 'vault0' is a security suite for OpenClaw agents, designed for secret storage and agent monitoring. The installation process is transparent, downloading a DMG from a public GitHub repository. Crucially, it includes a step to verify the SHA-256 hash of the downloaded file and explicitly instructs the agent to wait for human confirmation against the GitHub release page, which is a strong security practice. All executed commands are standard for macOS application installation and verification, and the skill explicitly states 'localhost-only-after-install' with 'no telemetry, no cloud sync, no external endpoints' post-installation. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection.
能力评估
Purpose & Capability
Name/description (agent security, local vault, monitor, optional wallet) align with the instructions: download and install a macOS app, run it to harden OpenClaw and monitor the gateway, and verify ~/.openclaw/.env. Declared configPaths (~/.openclaw/.env, openclaw.json) and the shown single-line check are consistent with the described hardening behavior.
Instruction Scope
SKILL.md tells the agent to fetch a DMG from the project's GitHub releases, verify SHA-256 manually, mount the DMG, copy the .app into /Applications, and run a single-line head of ~/.openclaw/.env to confirm hardening. These steps are scoped to installation and a minimal verification of the OpenClaw env file. The instructions do read a user config file (head -1 ~/.openclaw/.env) which is appropriate for the stated purpose, but the skill gives broad discretion to prompt the user and to open the app which will then access Keychain and the OpenClaw gateway locally.
Install Mechanism
No install scripts are bundled; instructions download a DMG from GitHub releases (standard distribution method). This is reasonable, but the DMG is not Apple-notarized per the SKILL.md, so Gatekeeper prompts are expected and the user is asked to manually verify the SHA-256. Because the delivered artifact is a binary (DMG) and not source, the user must trust the release or build from source. Use of GitHub releases is normal and not inherently red-flagged.
Credentials
The skill does not request environment variables or external credentials in the registry metadata. It does reference and read the OpenClaw config path (~/.openclaw/.env) during hardening and documents use of macOS Keychain for the optional wallet — both are proportional to a vault/wallet app. No unrelated credentials or broad env access are requested.
Persistence & Privilege
The skill instructs installing a persistent macOS app into /Applications which is expected for this functionality. always:true is not set. The app will run locally and listen on localhost for agent monitoring/proxying — that persistence and localhost access are coherent with the stated purpose but increase blast radius if the binary is malicious, so verification is important.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vault0
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vault0 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
Release v1.5.0. See https://github.com/0-Vault/Vault-0/releases/tag/v1.5.0
v1.4.0
Release v1.4.0. See https://github.com/0-Vault/Vault-0/releases/tag/v1.4.0
v1.3.0
Release v1.3.0. See https://github.com/0-Vault/Vault-0/releases/tag/v1.3.0
v1.2.0
Release v1.2.0. See https://github.com/0-Vault/Vault-0/releases/tag/v1.2.0
v1.1.0
Initial ClawHub release. Encrypted secret vault, policy engine, real-time agent monitoring, and MCP hardening for OpenClaw.
元数据
Slug vault0
版本 1.5.0
许可证
累计安装 1
当前安装数 1
历史版本数 5
常见问题

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw 是什么?

Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EIP-3009 signing. Secure API keys, watch agent behavior, and handle machine-to-machine micropayments. macOS desktop app (Rust + Tauri). Reads ~/.openclaw/.env during hardening. Installation downloads a DMG from GitHub releases. After install, the app makes no external network calls and only listens on localhost. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1008 次。

如何安装 Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vault0」即可一键安装,无需额外配置。

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw 是免费的吗?

是的,Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw 完全免费(开源免费),可自由下载、安装和使用。

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw 支持哪些平台?

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw?

由 DLhugly(@dlhugly)开发并维护,当前版本 v1.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论