Openclaw 签章
基于密码学的技能验证。使用 SHA-256 内容哈希对已安装的技能进行签名,并验证它们是否被篡改。检测技能目录中被修改、添加或删除的文件。免费提供告警层 — 升级到 openclaw-signet-pro 可实现拒绝、隔离和信任链恢复。
作者:AtlasPA · 最新版本:1.0.2
收藏:0 · 下载:1.1k
说明文档
# OpenClaw Signet
Cryptographic verification for installed skills. Sign skills at install time, verify they haven't been tampered with later.
## The Problem
You install a skill and it works. Days later, a compromised process modifies files inside the skill directory — injecting code, altering behavior, adding exfiltration. All current defenses are heuristic (regex pattern matching). Nothing mathematically verifies that installed code is unchanged.
## Commands
### Sign Skills
Generate SHA-256 content hashes for all installed skills and store in trust manifest.
```bash
python3 {baseDir}/scripts/signet.py sign --workspace /path/to/workspace
```
### Sign Single Skill
```bash
python3 {baseDir}/scripts/signet.py sign openclaw-warden --workspace /path/to/workspace
```
### Verify Skills
Compare current skill state against trusted signatures.
```bash
python3 {baseDir}/scripts/signet.py verify --workspace /path/to/workspace
```
### List Signed Skills
```bash
python3 {baseDir}/scripts/signet.py list --workspace /path/to/workspace
```
### Quick Status
```bash
python3 {baseDir}/scripts/signet.py status --workspace /path/to/workspace
```
## How It Works
1. `sign` computes SHA-256 hashes of every file in each skill directory
2. A composite hash represents the entire skill state
3. `verify` recomputes hashes and compares against the manifest
4. If any file is modified, added, or removed — the composite hash changes
5. Reports exactly which files changed within each tampered skill
## Exit Codes
- `0` — All skills verified
- `1` — Unsigned skills detected
- `2` — Tampered skills detected
## No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
## Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.