Cryptographic skill verification. Sign installed skills with SHA-256 content hashes and verify they haven't been tampered with. Detects modified, added, and removed files within skill directories. Free alert layer — upgrade to openclaw-signet-pro for rejection, quarantine, and trust chain restoration.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install openclaw-signet或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install openclaw-signet⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/openclaw-signet/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: openclaw-signet user-invocable: true metadata: {"openclaw":{"emoji":"🔏","requires":{"bins":["python3"]},"os":["darwin","linux","win32"]}} ---
Cryptographic verification for installed skills. Sign skills at install time, verify they haven't been tampered with later.
You install a skill and it works. Days later, a compromised process modifies files inside the skill directory — injecting code, altering behavior, adding exfiltration. All current defenses are heuristic (regex pattern matching). Nothing mathematically verifies that installed code is unchanged.
Generate SHA-256 content hashes for all installed skills and store in trust manifest.
python3 {baseDir}/scripts/signet.py sign --workspace /path/to/workspacepython3 {baseDir}/scripts/signet.py sign openclaw-warden --workspace /path/to/workspaceCompare current skill state against trusted signatures.
python3 {baseDir}/scripts/signet.py verify --workspace /path/to/workspacepython3 {baseDir}/scripts/signet.py list --workspace /path/to/workspacepython3 {baseDir}/scripts/signet.py status --workspace /path/to/workspacesign computes SHA-256 hashes of every file in each skill directoryverify recomputes hashes and compares against the manifest0 — All skills verified1 — Unsigned skills detected2 — Tampered skills detectedPython standard library only. No pip install. No network calls. Everything runs locally.
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
安装 Openclaw Signet 后,可以对 AI 说这些话来触发它
Help me get started with Openclaw Signet
Explains what Openclaw Signet does, walks through the setup, and runs a quick demo based on your current project
Use Openclaw Signet to cryptographic skill verification
Invokes Openclaw Signet with the right parameters and returns the result directly in the conversation
What can I do with Openclaw Signet in my developer & devops workflow?
Lists the top use cases for Openclaw Signet, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/openclaw-signet/ 目录(个人级,所有项目可用),或 .claude/skills/openclaw-signet/(项目级)。重启 AI 客户端后,用 /openclaw-signet 主动调用,或让 AI 根据上下文自动发现并使用。
Openclaw Signet 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Openclaw Signet 可免费安装使用。请查阅仓库了解许可证信息。
Cryptographic skill verification. Sign installed skills with SHA-256 content hashes and verify they haven't been tampered with. Detects modified, added, and removed files within skill directories. Free alert layer — upgrade to openclaw-signet-pro for rejection, quarantine, and trust chain restoration.
Openclaw Signet 属于「Developer & DevOps」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my developer & devops tasks using Openclaw Signet
Identifies repetitive steps in your workflow and sets up Openclaw Signet to handle them automatically