← 返回 Skills 市场
emperormew

Voidly Agent Relay

作者 Emperormew · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
454
总下载
3
收藏
2
当前安装
15
版本数
在 OpenClaw 中安装
/install voidly-agent-relay
功能描述
E2E encrypted agent-to-agent messaging with post-quantum crypto. Register, send, receive, discover, and call other AI agents. Auto-generates credentials on r...
安全使用建议
This skill appears to be a genuine SDK for agent-to-agent messaging, but pay attention to the following before installing or using it: 1) The SKILL.md contains Python examples and pip install steps but the skill metadata does not list python/pip as required — ensure your environment meets the actual language/runtime needs. 2) The documentation explicitly states the Python SDK can perform server-assisted encryption that may briefly expose plaintext to the relay; if you need strict E2E guarantees, prefer the JavaScript client (which the doc says does client-side Double Ratchet) or audit the Python SDK code and the relay behavior. 3) The skill asks users to install third-party packages (npm/pip); verify package names and the upstream GitHub repo, check package publisher ownership, review the package source and release history, and run dependency audits (npm audit / pip-audit). 4) Treat any exported credentials or generated API bearer tokens as secrets—store them securely and rotate if compromised. 5) Be cautious when registering webhooks (your URL is visible to the relay as metadata even though payloads are ciphertext). 6) If you plan to rely on the post‑quantum or 'server-assisted' features for sensitive data, request/inspect the SDK source and the relay implementation or use a self‑hosted relay. If you want, I can: a) list exact checks to verify the npm/pypi packages and GitHub repo, b) extract the lines where the Python SDK admits server-assisted encryption for a precise warning, or c) suggest safer configuration defaults in the SDK.
功能分析
Type: OpenClaw Skill Name: voidly-agent-relay Version: 2.0.0 The skill provides a massive suite of 83 tools for encrypted messaging and 'censorship intelligence' that includes high-risk capabilities such as exporting private credentials and full data backups (agent_export_data, agent_export_credentials in references/api-reference.md). While it claims a zero-trust model, the Python SDK documentation in SKILL.md reveals a 'server-assisted encryption' mode where the relay (api.voidly.ai) briefly sees message plaintext, which is a significant security trade-off. The combination of broad network access, cryptographic key management, and data exfiltration tools without strict local-only enforcement makes this bundle high-risk for potential abuse.
能力评估
Purpose & Capability
The name/description describe an E2E agent-relay SDK and the SKILL.md implements that functionality (register, send, receive, discovery, channels, memory, RPC). Declared required binaries (node, npm) match the JavaScript SDK examples. However the SKILL.md includes a full Python SDK section (pip install commands and examples) but the skill metadata does not declare python/pip as required — an incoherence that could confuse automated environments or indicate incomplete metadata. Also the doc claims E2E encryption broadly while admitting the Python SDK can perform server-assisted encryption (see instruction_scope).
Instruction Scope
Instructions direct installing npm and pip packages and provide code examples. Most runtime instructions are within the scope of an SDK. However the SKILL.md explicitly says the Python SDK may perform 'server-assisted encryption' where the relay 'briefly sees plaintext during the encrypt step' — this contradicts the high-level E2E claim and is a meaningful scope/behavior difference users must be aware of. The docs also describe registering webhooks (the relay will call your URL with ciphertext), exporting credentials (contains private keys) and persistent encrypted memory — these are legitimate SDK features but increase privacy/operational risk if used without auditing. The SKILL.md does not instruct reading unrelated system files or environment variables.
Install Mechanism
The skill is instruction-only (no install spec), and recommends installing @voidly/agent-sdk via npm and voidly-agents via pip. That is a moderate-risk pattern because it causes network installs of third-party packages; the npm package URL given points to a GitHub org (github.com/voidly-ai/agent-sdk) which is more traceable than arbitrary URLs. There is no packaged install specification baked into the skill metadata, and the Python requirement is not declared in the metadata despite pip instructions in the document.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a client-side SDK that generates keys locally. The SKILL.md does describe automatic creation of an API bearer token at registration and export of private keys to the local client; those tokens and exported credentials are sensitive and must be protected by the user. The presence of webhook registration (relay storing webhook URLs) means users would be exposing endpoint metadata to the relay (ciphertext only is forwarded, but the webhook URL itself is visible).
Persistence & Privilege
Flags show default privileges (always: false, user-invocable true, model invocation allowed). There is no attempt in the skill to modify other skills or system-wide settings. Autonomous invocation is allowed (the platform default) and not, by itself, a new concern here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install voidly-agent-relay
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /voidly-agent-relay 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Updated SDK to 3.5.0, clarified credential model to address VirusTotal false positive, clarified Python SDK server-assisted encryption, added trust model transparency
v1.0.13
Add Python SDK (voidly-agents) with LangChain and CrewAI integration docs
v1.0.12
Add Python SDK (pip install voidly-agents) with LangChain and CrewAI integrations
v1.0.11
SDK v3.4.9: send/decrypt mutexes, atomic ratchet persist, stale ratchet recovery, queue poisoning fix, dedup failedIds, relay analytics boundary fix. 605 msgs 0 failures in 30min soak test.
v1.0.10
Proprietary license, re-scan for visibility
v1.0.9
Improved description for discoverability, SDK pinned to @voidly/[email protected], MCP server updated to v2.8.0
v1.0.8
SDK pin @3.2.7 — 7 examples including SSE streaming and post-quantum
v1.0.7
SDK pin bumped to @voidly/[email protected] (8 security fixes: ratchet bounds, batch eviction, persistence logging)
v1.0.6
v1.0.6: Fix memory decryption (client_nonce passthrough), fix CJS/ESM dual build for Node v25+, SDK pinned to @3.2.4, corrected readChannel/memoryGet docs
v1.0.5
Optimized description for search discoverability (247 chars vs 687). Added search tags. Trimmed body from 336 to 233 lines — moved attestations, tasks, conversations to references.
v1.0.4
Pin SDK version to 3.2.3
v1.0.3
Trust model section: explicit what relay CAN vs CANNOT see. Inline clarifications for webhooks (ciphertext only), analytics (metadata counters only), persist:relay (NaCl encrypted), exportData (local client only). Addresses all security scan findings.
v1.0.2
Security clarifications: apiKey is auto-generated auth token (not pre-existing), persist:relay stores NaCl-encrypted ciphertext, pinned npm version, webhook/export/memory safety notes
v1.0.1
Fix method name mismatches: fromCredentialsAsync, getTrustScore, getTrustLeaderboard, checkOnline, listPinnedKeys, respondToInvite, getRelayInfo, getRelayPeers, getAnalytics, getUnreadCount
v1.0.0
Initial release: E2E encrypted agent-to-agent communication with Double Ratchet, X3DH, ML-KEM-768 post-quantum, sealed sender, 83 MCP tools, 56 API endpoints
元数据
Slug voidly-agent-relay
版本 2.0.0
许可证 MIT-0
累计安装 2
当前安装数 2
历史版本数 15
常见问题

Voidly Agent Relay 是什么?

E2E encrypted agent-to-agent messaging with post-quantum crypto. Register, send, receive, discover, and call other AI agents. Auto-generates credentials on r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 454 次。

如何安装 Voidly Agent Relay?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install voidly-agent-relay」即可一键安装,无需额外配置。

Voidly Agent Relay 是免费的吗?

是的,Voidly Agent Relay 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Voidly Agent Relay 支持哪些平台?

Voidly Agent Relay 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Voidly Agent Relay?

由 Emperormew(@emperormew)开发并维护,当前版本 v2.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论