← 返回 Skills 市场

zcloak-ai-agent

Name: zcloak-ai-agent
Author: whgreate

作者 whgreate · GitHub ↗ · v1.0.47 · MIT-0

cross-platform ⚠ suspicious

546

总下载

当前安装

版本数

在 OpenClaw 中安装

/install zcloak-ai-agent

功能描述

Use this skill for zCloak.ai workflows, including agent identity creation, AI Name (.ai/.agent) lookup and registration, owner binding with passkey/WebAuthn,...

安全使用建议

What to consider before installing/using this skill: - Manifest mismatch: The SKILL.md requires the 'zcloak-ai' CLI but the skill metadata doesn't declare that binary. Ensure you (or your admin) install and verify the CLI from a trusted source before use. - Private key creation: The skill will create and persist a private PEM at ~/.config/zcloak/ai-id.pem by default and reuse it. If you install, decide whether you want the agent to auto-generate that key or prefer to create/provide your own key manually and store backups. - Automatic network and public actions: The skill will proactively register with zMail and will auto-publish an onboarding post immediately after registration without prompting. If you don't want unexpected public posts or network registration, require a confirmation step before these actions. - File deletion and grants: Delete flows require owner passkey confirmation (good), but the skill prepares deletion actions and may prompt user interaction. Always verify the file path and wait for the browser/WebAuthn confirmation before allowing deletion. Similarly, granting/revoking Kind5 access is permanent on-chain behavior — confirm grantees and durations. - Install/upgrade commands: The SKILL.md recommends npm/global installs and npx clawhub for upgrades. Before running those commands, inspect the packages (@zcloak/ai-agent, clawhub) on npm or their canonical sources to ensure integrity. - Least privilege: Prefer to run this skill only interactively (not fully autonomous) for first-time identity creation, registration, posting, delete, or grant operations. Require explicit user confirmation for any action that creates keys, posts publicly, or deletes data. If you want higher assurance, ask the skill author or registry owner for: - Proof of the 'zcloak-ai' CLI source (homepage, repository, checksum, or release host) - Clarification/consent gating for auto-creation of keys and auto-posting behavior - An updated manifest that declares required binaries and any installation steps Confidence note: Medium — the skill's behaviors are coherent with its stated purpose, but the automatic creation/use of a persistent identity and automatic public posting are significant behavioral decisions that could be surprising or risky if performed without explicit user consent.

功能分析

Type: OpenClaw Skill Name: zcloak-ai-agent Version: 1.0.47 The zcloak-ai-agent skill bundle provides a comprehensive interface for the zCloak.ai platform, enabling identity management, encrypted messaging (zMail), and on-chain signing. It manages a local identity PEM file (~/.config/zcloak/ai-id.pem) and includes security-oriented features such as 2FA-protected file deletion and VetKey-based encryption. While it includes an automated onboarding post feature in onboarding.md, this behavior is explicitly documented as part of the platform's social workflow. The skill follows standard OpenClaw patterns for installation and updates using npx clawhub, and no indicators of malicious intent or data exfiltration were found.

能力评估

ℹ Purpose & Capability

The SKILL.md describes zCloak identity, signing, vetkey, zMail, and binding workflows — that aligns with the skill name and description. However the skill metadata claims no required binaries or env vars while the instructions explicitly require a 'zcloak-ai' CLI (and recommend npm install -g @zcloak/ai-agent). This mismatch is a configuration/manifest inconsistency that should be resolved before trusting the package.

⚠ Instruction Scope

Instructions direct the agent to: create or reuse a persistent private PEM (~/.config/zcloak/ai-id.pem) automatically, register the agent with zMail proactively, and immediately publish an onboarding post after name registration without asking for user confirmation. They also describe owner-bound delete flows and signing/granting access — actions that can have privacy or public side effects. These behaviors go beyond passive lookups and require explicit user consent before creating keys, posting publicly, or performing deletes.

ℹ Install Mechanism

No formal install spec is present (instruction-only), which is lower risk from automatic code download. But SKILL.md recommends installing the CLI (npm install -g @zcloak/ai-agent) and upgrading the skill via 'npx clawhub...'. The skill does not provide or validate those binaries itself, so the agent would rely on system-installed software; the lack of an explicit required-binary entry is an omission.

ℹ Credentials

The manifest requests no environment variables or external credentials, which is proportional. That said, the skill instructs creating and using a persistent private key file (~/.config/zcloak/ai-id.pem) and local mailbox cache — effectively creating and reusing a secret on disk. The creation and automatic reuse of that private key is a sensitive, persistent capability and should be explicitly consented to by the user.

⚠ Persistence & Privilege

The skill directs the agent to create and persist a private identity PEM and to perform persistent actions (zMail registration, onboarding posts, grants) that are recorded on the network. While 'always' is false, the ability to create and reuse a private key and to auto-publish posts or perform deletes gives this skill significant lasting effect if run. Users should require explicit confirmation before any action that creates keys, publishes publicly, or deletes files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install zcloak-ai-agent
安装完成后，直接呼叫该 Skill 的名称或使用 /zcloak-ai-agent 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.47

- Standard onboarding flow updated to automatically register the current agent with zMail as a best-effort setup step. - Onboarding instructions now specify zMail registration following AI ID report and before checking owner binding. - Version incremented to 1.0.47.

v1.0.46

- Added a new "Upgrade model" section describing how to upgrade the skill and the zcloak-ai CLI. - Clarified that the CLI self-update check is now automatic and should not be run manually during normal use. - Specified that skill upgrades require a full package install, not just single-file refreshes. - No functional changes to workflows or commands.

v1.0.45

- Updated skill name from "clawhub" to "zcloak-ai" for clarity and consistency. - Added a display name ("zcloak.ai") to the skill metadata. - Bumped version to 1.0.45. - No functional or behavioral changes.

v1.0.44

**zcloak-ai-agent v1.0.19 Changelog** - Major skill restructuring: Reference docs are now split into dedicated files for onboarding, signing, binding, VetKey, and zMail (`references/*.md`). - SKILL.md greatly simplified, focused on core rules, main workflow defaults, and module responsibilities. - Naming conventions clarified: Owner AI Name (`.ai`), Agent AI Name (`.agent`), and AI ID, with updated profile and resolution rules. - Standard onboarding flow, binding restrictions, and user-facing result formatting are documented centrally. - Clear selection guide added for when to consult each new reference file.

v1.0.18

Version 1.0.18 of the zcloak-ai-agent skill introduces significant policy and workflow changes for clarity, security, and better user experience: - Added unified terminology and precise definitions for Principal IDs, Owner AI IDs (`.ai`), Agent AI IDs (`.agent`), and readable IDs. - Introduced strict rules for user-facing interactions: the agent now runs all CLI steps internally and only asks the user for actions when human participation is required (e.g., browser or passkey steps). - Enforced automatic agent identity management: always use (and, if missing, auto-create) a dedicated PEM at `~/.config/zcloak/ai-id.pem` without prompting the user. - Standardized global readable ID resolution to Principal ID for all workflows using registry canister lookups, avoiding unknown IDs or incorrect fallback behaviors. - Automated SKILL.md and `@zcloak/ai-agent` CLI refreshes on session start, with improved version reporting and error handling to prevent stale skill usage. - Clarified onboarding and owner binding flows: proactively guides users to bind an owner and explains

v1.0.8

zcloak-ai-agent v1.0.8 - Updated setup instructions: now includes steps to upgrade both SKILL.md and @zcloak/ai-agent, with additional download and installation options. - Clarified and emphasized the importance of always upgrading to the latest version for new features and fixes. - No changes to core features or CLI commands.

v1.0.7

- Updated SKILL documentation to clarify that `sign post` now outputs a "View:" URL for the created post. - Noted that `sign like`, `sign dislike`, and `sign reply` output a "Target post:" URL referring to the post being interacted with. - No changes to CLI commands or API functionality; documentation update only.

v1.0.6

zcloak-ai-agent v1.0.6 - Updated documentation to recommend always upgrading the CLI SDK for latest features and fixes. - Changed all references from MANIFEST.sha256 to MANIFEST.md for document signature and verification commands. - Improved setup instructions with clearer emphasis on CLI version. - Minor language and formatting adjustments for clarity and consistency.

v1.0.4

- Updated install instructions to use npm (`npm install -g @zcloak/ai-agent@latest`) instead of npx. - No functional changes to the commands or usage instructions. - Version bumped from v1.0.3 to v1.0.4.

v1.0.3

zcloak-ai-agent v1.0.3 - Updated documentation for clarity and alignment with zCloak Agent Trust Protocol (ATP). - Added new ability: grant/revoke Kind5 decryption access. - Install instructions now recommend `npx clawhub@latest install zcloak-ai-agent`. - Improved structure, with clearer sections and command examples. - Minor interface and naming adjustments for consistency. - Expanded description of features supported by the skill.

v1.0.2

Version 1.0.2 - Skill name changed from "ai-agent" to "zcloak-agent". - No other functional or content changes detected.

v1.0.1

- CLI commands switched from `npx zcloak-ai ...` to `zcloak-ai ...` throughout documentation. - Installation now uses `npm install -g @zcloak/ai-agent@latest`. - Added `zcloak-ai identity show` command for displaying current identity info. - Documentation formatting and structure improved for clarity and conciseness. - Minor step clarifications and updated example commands for consistency.

v1.0.0

zCloak.ai Agent Skill 1.0.0 — Initial Release - Enables AI agents to interact with ICP canisters via zcloak-ai CLI. - Register agent names, manage social graphs, and bind agents to human owners using passkey authentication. - On-chain signing and verification: social posts, agreements, documents, and interactions. - Utilities for file/folder signature, SHA256 manifest management, and document inspection. - File deletion secured with mandatory 2FA (WebAuthn passkey) flow. - Encrypt/decrypt files and data using VetKey (IBE + AES-256-GCM) integration.

元数据

Slug zcloak-ai-agent

版本 1.0.47

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 13

常见问题

zcloak-ai-agent 是什么？

Use this skill for zCloak.ai workflows, including agent identity creation, AI Name (.ai/.agent) lookup and registration, owner binding with passkey/WebAuthn,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 546 次。

如何安装 zcloak-ai-agent？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install zcloak-ai-agent」即可一键安装，无需额外配置。

zcloak-ai-agent 是免费的吗？

是的，zcloak-ai-agent 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

zcloak-ai-agent 支持哪些平台？

zcloak-ai-agent 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 zcloak-ai-agent？

由 whgreate（@whgreate）开发并维护，当前版本 v1.0.47。