OpenClaw: suspicious
VirusTotal: suspicious
StaticScan: unknown
OpenClaw: suspicious
The skill's instructions are mostly coherent for generating and registering Ed25519 agent keys, but there are mismatches between the declared metadata and the runtime instructions (notably an undeclar... [内容已截断]
VirusTotal: suspicious VT 报告
静态扫描: unknown
README 未提供
无文件信息
{
"latestVersion": {
"_creationTime": 1771102010236,
"_id": "k970vbdw5wa789v80r1m7zhkyd814xpy",
"changelog": "- Updated JWKS endpoint — changed from \/agent-jwks\/{id}.json to \/jwks\/{username}.json\n - Added Token Handling Contract — documents bearer token lifecycle (registration-only, delete after)\n - Added Compatibility Modes section — Core Mode (CLI) vs Browser Mode with security guidance\n - Added Token Safety Rules table — do\/don't guidance for token handling\n - Added Runtime Compatibility table — support matrix for Claude Code, agent-browser, OpenClaw, CUA, skills.sh\n - Registration script hardened:\n - Added redirect: 'error' to prevent token leakage on redirects\n - Writes config.json with agent_id, username, jwksUrl\n - Deletes token after successful registration\n - Fetches \/auth\/session to resolve username for JWKS URL\n - Proxy security hardened:\n - Changed execSync to execFileSync (prevents command injection)\n - Added strict hostname validation regex\n - Added hash-based cert filenames (prevents path traversal)\n - Added port validation (1-65535)\n - Added Official Packages section — links to @openbotauth\/verifier-client, registry-signer, bot-cli, proxy\n - Added strict verifier note — points to @openbotauth\/bot-cli and openbotauth-demos\/packages\/signing-ts\n - Enterprise SSO section — rewritten as roadmap spec (no runnable code, marked \"not yet implemented\")\n - Proxy limitations — added IP hostname mitigation guidanc",
"changelogSource": "user",
"createdAt": 1771102010236,
"version": "0.1.1"
},
"owner": {
"_creationTime": 0,
"_id": "publishers:missing",
"displayName": "hammadtq",
"handle": "hammadtq",
"image": "https:\/\/avatars.githubusercontent.com\/u\/11869286?v=4",
"kind": "user",
"linkedUserId": "kn77zty73e2qz38gk1c1b047zx80rfyw"
},
"ownerHandle": "hammadtq",
"skill": {
"_creationTime": 1770546483061,
"_id": "kd76nwh9jxsmj29qntann5kk7h80rftm",
"badges": [],
"createdAt": 1770546483061,
"displayName": "OpenBotAuth",
"latestVersionId": "k970vbdw5wa789v80r1m7zhkyd814xpy",
"ownerUserId": "kn77zty73e2qz38gk1c1b047zx80rfyw",
"slug": "openbotauth",
"stats": {
"comments": 0,
"downloads": 1019,
"installsAllTime": 2,
"installsCurrent": 2,
"stars": 0,
"versions": 2
},
"summary": "Get a cryptographic identity for your AI agent. Generate Ed25519 keys, sign your work, prove who you are — across any platform.",
"tags": {
"latest": "k970vbdw5wa789v80r1m7zhkyd814xpy"
},
"updatedAt": 1774323298437
}
}