← 返回 Skills 市场
Who
作者
Erasmus Hagen
· GitHub ↗
· v1.0.0
· MIT-0
103
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install who
功能描述
Shorthand for /whoareyou — show your verified wayID identity card
安全使用建议
This skill largely does what it says, but be cautious: it instructs the agent to read ~/.openclaw/identity/device.json, a file that—per the SKILL.md—contains both publicKey and privateKey. Before installing or enabling the skill, consider: 1) Confirm you trust the external service (https://way.je) and that TLS and domain are correct; 2) Ask the skill author to declare required config paths and to explicitly limit reads to the publicKey field (so the privateKey is not accessed or transmitted); 3) If you are unsure, run the lookup manually (extract the publicKey yourself and call the API from a separate, auditable client) rather than giving the agent automatic file access; 4) If the privateKey may have been exposed, rotate it; 5) Prefer running this skill only in a sandboxed agent environment where local secrets are protected. If the developer can update the metadata to list the config path and justify that only the publicKey is read (and show no privateKey is transmitted), the concern would be largely resolved.
功能分析
Type: OpenClaw Skill
Name: who
Version: 1.0.0
The skill instructs the agent to read a sensitive local file (`~/.openclaw/identity/device.json`) containing both public and private keys. While the instructions in SKILL.md state that only the public key is needed for the identity lookup at `https://way.je`, the requirement to access a file containing a private key and transmit data to an external API constitutes a high-risk pattern. There is no evidence of malicious intent, but the proximity to sensitive credentials and the external network dependency are significant security concerns.
能力评估
Purpose & Capability
Name/description (shorthand for /whoareyou) match the runtime instructions: the skill reads the agent's public key and calls the way.je APIs to fetch and display a verified identity card. No unrelated services, binaries, or installs are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to read ~/.openclaw/identity/device.json. That file format shown includes both publicKey and privateKey. Although the instructions say only the publicKey is needed, the agent will read a local file containing the privateKey value. The skill metadata did not declare this config path or local-file access, which is an inconsistency and a potential data-exposure risk.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is low installation risk.
Credentials
No environment variables or credentials are requested (appropriate), but the omission of a declared required config path is problematic because the runtime requires reading a local identity file that contains a privateKey. That local sensitive data access should be declared and justified.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent presence or elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install who - 安装完成后,直接呼叫该 Skill 的名称或使用
/who触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
who 1.0.0 — Initial Release
- Adds a shorthand command for `/whoareyou` to display your verified wayID identity card.
- Reads your public key, looks up your wayID, and fetches your identity card directly via API calls.
- Clearly shows verification status and certificate details.
- Handles errors and unverified identities with explanatory messages.
元数据
常见问题
Who 是什么?
Shorthand for /whoareyou — show your verified wayID identity card. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 103 次。
如何安装 Who?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install who」即可一键安装,无需额外配置。
Who 是免费的吗?
是的,Who 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Who 支持哪些平台?
Who 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Who?
由 Erasmus Hagen(@erasmus)开发并维护,当前版本 v1.0.0。
推荐 Skills