← 返回 Skills 市场
130
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install zap1-zcash-attestation
功能描述
Provides cryptographic attestation for AI actions with Zcash-anchored proofs, policy enforcement, session tracking, and verifiable proof checkpoints.
安全使用建议
This plugin will automatically hash and transmit message metadata and some content-derived hashes to an external ZAP1 service (default pay.frontiercompute.io). That behavior matches its attestation purpose but has privacy and trust implications: 1) Only configure the plugin with an API key you control (prefer a key from a self‑hosted ZAP1 instance if possible). 2) Avoid providing a highly privileged API key unless you trust the backend operator; admin tools can create API keys and list webhooks. 3) Be aware that hashed data can sometimes be reversed (short or predictable messages), so do not assume hashing alone preserves privacy. 4) The SKILL.md suggests getting a key via messaging a third party — verify the operator's identity and repository provenance (the SKILL references frontiercompute.io and a GitHub repo; confirm those links actually host the code and maintainers). 5) The package includes a package-lock.json with many extra dev dependencies — verify the published package contents and ensure no unexpected binaries are shipped. If you need this capability but want lower risk, host your own ZAP1 backend and only give the plugin a write key for that instance. If you cannot verify the backend/operator, treat this plugin as potentially leaking metadata and avoid enabling the write hooks.
功能分析
Type: OpenClaw Skill
Name: zap1-zcash-attestation
Version: 0.2.1
The skill bundle provides a Zcash attestation layer that hashes agent activity and anchors it to the blockchain for auditability. It uses hooks (src/hooks.ts) to automatically hash and send event metadata to an external API (frontiercompute.io), and provides tools (src/tools.ts) for proof verification and protocol interaction. The behavior is transparently documented and aligned with the stated purpose, with no evidence of malicious execution or unauthorized data exfiltration.
能力评估
Purpose & Capability
The declared purpose (Zcash attestation, policy enforcement, session tracking) matches the code: the package registers hooks to attest messages/events and exposes tools to query/submit attestation data. The plugin expects a configured apiKey and agentId (via plugin config) for write operations, which is consistent with the stated functionality.
Instruction Scope
The runtime hooks automatically hash and POST message contents, channel IDs, sender IDs, session keys and other metadata to an external API (default: https://pay.frontiercompute.io). While the plugin hashes content before sending, hashes of short or predictable inputs can be brute-forced; some endpoints (e.g., memo decode) accept raw hex bodies. SKILL.md suggests obtaining API keys via messaging a third party (Signal) — an unusual operational detail that increases trust requirements. The hooks also inject periodic checkpoint messages into conversations that include links to the remote API.
Install Mechanism
No installer or external binary downloads are declared (instruction-only install path). Source files are included in the package (dist/ and src/). There is a package-lock.json with many (dev) dependencies not visible in package.json (Anthropic/AWS-related entries); that is odd but not an immediate code-execution risk by itself — still worth verifying the lockfile provenance and that no unexpected native modules/binaries are included.
Credentials
The plugin requires an API key and agentId in its plugin config (not environment variables). Those credentials are proportional for a service that writes attestation events. However, some tools (create_api_key, list_webhooks, create_event) appear to perform administrative or write operations — they require a privileged API key. Only provide such a key if you trust the operator or self-host the backend.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges. It registers hooks within the agent runtime (expected for this functionality) and does not appear to mutate other plugins' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zap1-zcash-attestation - 安装完成后,直接呼叫该 Skill 的名称或使用
/zap1-zcash-attestation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.1
First Zcash skill. 8 hooks, 14 tools, policy enforcement, session attestation.
元数据
常见问题
ZAP1 - Zcash Attestation 是什么?
Provides cryptographic attestation for AI actions with Zcash-anchored proofs, policy enforcement, session tracking, and verifiable proof checkpoints. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 130 次。
如何安装 ZAP1 - Zcash Attestation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zap1-zcash-attestation」即可一键安装,无需额外配置。
ZAP1 - Zcash Attestation 是免费的吗?
是的,ZAP1 - Zcash Attestation 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ZAP1 - Zcash Attestation 支持哪些平台?
ZAP1 - Zcash Attestation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ZAP1 - Zcash Attestation?
由 SkndrS(@skndrs)开发并维护,当前版本 v0.2.1。
推荐 Skills