OpenClaw Signet
Cryptographic verification for installed skills. Sign skills at install time, verify they haven't been tampered with later.
The Problem
You install a skill and it works. Days later, a compromised process modifies files inside the skill directory — injecting code, altering behavior, adding exfiltration. All current defenses are heuristic (regex pattern matching). Nothing mathematically verifies that installed code is unchanged.
Commands
Sign Skills
Generate SHA-256 content hashes for all installed skills and store in trust manifest.
CODEBLOCK0
Sign Single Skill
CODEBLOCK1
Verify Skills
Compare current skill state against trusted signatures.
CODEBLOCK2
List Signed Skills
CODEBLOCK3
Quick Status
CODEBLOCK4
How It Works
- 1.
sign computes SHA-256 hashes of every file in each skill directory - A composite hash represents the entire skill state
- INLINECODE1� recomputes hashes and compares against the manifest
- If any file is modified, added, or removed — the composite hash changes
- Reports exactly which files changed within each tampered skill
Exit Codes
- -
0 — All skills verified - INLINECODE3� — Unsigned skills detected
- INLINECODE4� — Tampered skills detected
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
OpenClaw Signet
对已安装技能进行加密验证。在安装时对技能进行签名,后续验证其未被篡改。
问题描述
你安装了一个技能并正常运行。几天后,某个被入侵的进程修改了技能目录中的文件——注入代码、改变行为、添加数据窃取功能。当前所有防御手段都是启发式的(正则表达式模式匹配)。没有任何数学方法能验证已安装的代码未被更改。
命令
签名技能
为所有已安装技能生成 SHA-256 内容哈希值,并存储在信任清单中。
bash
python3 {baseDir}/scripts/signet.py sign --workspace /path/to/workspace
签名单个技能
bash
python3 {baseDir}/scripts/signet.py sign openclaw-warden --workspace /path/to/workspace
验证技能
将当前技能状态与受信任签名进行比较。
bash
python3 {baseDir}/scripts/signet.py verify --workspace /path/to/workspace
列出已签名技能
bash
python3 {baseDir}/scripts/signet.py list --workspace /path/to/workspace
快速状态检查
bash
python3 {baseDir}/scripts/signet.py status --workspace /path/to/workspace
工作原理
- 1. sign 计算每个技能目录中所有文件的 SHA-256 哈希值
- 一个复合哈希值代表整个技能状态
- verify 重新计算哈希值并与清单进行比较
- 如果有任何文件被修改、添加或删除——复合哈希值会发生变化
- 精确报告每个被篡改技能中哪些文件发生了变更
退出代码
- - 0 — 所有技能验证通过
- 1 — 检测到未签名的技能
- 2 — 检测到被篡改的技能
无外部依赖
仅使用 Python 标准库。无需 pip 安装。无需网络调用。一切在本地运行。
跨平台兼容
适用于 OpenClaw、Claude Code、Cursor 以及任何使用 Agent Skills 规范的工具。
