npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ellistevo/openclaw-secure

v1.1.0

Published

Security toolkit for OpenClaw skills - signing, manifests, and verification

Downloads

21

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ellistevoellistevo

Keywords

openclawaiagentsecuritysigningmanifest

Readme

OpenClaw Secure

🔐 Security toolkit for OpenClaw skills — signing, manifests, and verification.

Built by Sociable Inc 🇨🇦

Why?

The OpenClaw skill ecosystem has a security problem:

  • Skills are unsigned — anyone can publish anything
  • No permission system — skills get full access
  • No sandboxing — one bad skill = full compromise
  • Malicious skills exist — credential stealers, reverse shells

OpenClaw Secure fixes this with:

  1. Permission Manifests — Skills declare what they need
  2. Cryptographic Signing — Verify who wrote the skill
  3. Trust Scoring — See risk level before installing

Installation

npm install -g openclaw-secure

Quick Start

1. Initialize a manifest

cd your-skill-folder
openclaw-secure init

This creates skill.yaml with default (minimal) permissions.

2. Edit permissions

# skill.yaml
name: my-skill
version: 1.0.0
author:
  name: YourName
  moltbook: YourMoltbookUsername

permissions:
  network:
    allow:
      - api.example.com    # Only these domains
  filesystem:
    read:
      - ~/.config/my-skill/
    write: []
  shell:
    allowed: false         # No shell access
  credentials:
    - MY_API_KEY           # Only this env var
  capabilities:
    browser: false
    messaging: false
    cron: false
    spawn_agents: false

3. Generate signing keys

openclaw-secure keygen
# Creates ~/.openclaw-secure/default.key (secret)
# Creates ~/.openclaw-secure/default.pub (public)

⚠️ Keep your secret key safe!

4. Sign your skill

openclaw-secure sign
# Signs skill.yaml with your key

5. Verify a skill

openclaw-secure verify
# ✓ Signature is valid
# Signer: YourName

6. Audit trust score

openclaw-secure audit
# 🟢 Trust Score: A (8 points)
#    Minimal Risk - This skill requests very few permissions

CLI Commands

| Command | Description | |---------|-------------| | init | Create new skill.yaml | | validate | Check manifest syntax | | keygen | Generate signing keypair | | sign | Sign manifest with your key | | verify | Verify manifest signature | | audit | Calculate trust score | | attest | Add an auditor attestation (vouch for a skill) | | isnad | Show the chain of trust (author → auditors) | | show-key | Display your public key |

Attestation Chains (Isnad) 🆕

Signing proves WHO wrote a skill. Attestations prove WHO REVIEWED it.

An isnad (from Arabic: سند, "chain of transmission") is a chain of trust showing:

  1. Who authored the skill
  2. Who audited/reviewed it
  3. Who vouches for it

Add an attestation (as an auditor)

# Review the skill, then attest it
openclaw-secure attest --name "YourAuditorName" --type security_audit --notes "Reviewed code, no malicious patterns"

View the chain of trust

openclaw-secure isnad --verify
# 📜 Chain of Trust (Isnad):
#    Provenance chain for this skill
#
#    ├── AUTHOR: SkillAuthor ✓ verified
#    │   Key: abc123...
#    │   Time: 2026-02-05T...
#
#    └── AUDITOR: SecurityExpert ✓ verified
#        Key: def456...
#        Time: 2026-02-06T...
#        Type: security_audit
#        Notes: Reviewed code, no malicious patterns

Trust scoring with attestations

Attestations reduce risk scores:

| Attestation Type | Score Bonus | |------------------|-------------| | security_audit | -20 points | | code_review | -15 points | | endorsement | -10 points | | From trusted auditor | -10 extra |

A skill with Grade C (45 points) + one security audit = Grade B (25 points).

Programmatic attestation

const {
  createAttestation,
  addAttestation,
  verifyAttestation,
  verifyAllAttestations,
  getIsnad
} = require('openclaw-secure');

// Create attestation
const attestation = createAttestation(signedManifest, auditorSecretKey, 'AuditorName', {
  type: 'security_audit',
  notes: 'Reviewed and approved'
});

// Add to manifest
const attested = addAttestation(signedManifest, attestation);

// Verify
const result = verifyAttestation(attestation, attested);
console.log(result.valid, result.auditor);

// View chain
const chain = getIsnad(attested);
chain.forEach(link => console.log(link.role, link.identity));

Trust Grades

| Grade | Score | Meaning | |-------|-------|---------| | 🟢 A | 0-10 | Minimal Risk | | 🟡 B | 11-30 | Low Risk | | 🟠 C | 31-60 | Medium Risk | | 🔴 D | 61-100 | High Risk | | ⚫ F | 100+ | Dangerous |

Permission Reference

Network

network:
  allow:
    - "*.example.com"     # Wildcard domain
    - api.specific.com    # Specific domain
  deny:
    - malicious.com       # Explicit block

Filesystem

filesystem:
  read:
    - ~/.config/myskill/  # Can read here
  write:
    - /tmp/myskill/       # Can write here
  deny:
    - ~/.ssh              # Always blocked (default)
    - ~/.gnupg

Shell

shell:
  allowed: false          # RECOMMENDED: disable
  # OR
  allowed: true
  commands:
    - curl                # Only these commands
    - jq

Credentials

credentials:
  - WEATHER_API_KEY       # Skill sees ONLY these
  - OTHER_KEY

Capabilities

capabilities:
  browser: false          # Browser automation
  messaging: false        # Send messages as user
  cron: false             # Schedule tasks
  spawn_agents: false     # Create sub-agents

Programmatic Usage

const {
  validateManifest,
  generateKeyPair,
  signManifest,
  verifyManifest,
  calculateTrustScore
} = require('openclaw-secure');

// Validate
const result = validateManifest(manifest);
console.log(result.valid, result.errors);

// Sign
const keyPair = generateKeyPair();
const signed = signManifest(manifest, keyPair.secretKey, 'MyName');

// Verify
const verification = verifyManifest(signed);
console.log(verification.valid, verification.signer);

// Score
const trust = calculateTrustScore(manifest, { signed: true, verified: true });
console.log(trust.grade, trust.score);

Security Model

  1. Manifest = Contract: Skills declare permissions upfront
  2. Signing = Identity: Cryptographic proof of authorship
  3. Verification = Trust: Confirm the skill wasn't tampered
  4. Scoring = Risk: Quantify how dangerous the permissions are

This doesn't sandbox execution (that's OpenClaw's job), but it enables:

  • Informed consent: See what a skill needs before installing
  • Accountability: Know who wrote potentially dangerous code
  • Detection: Catch tampering via signature verification

Contributing

PRs welcome! Areas we need help:

  • [ ] Integration with OpenClaw core
  • [x] Attestation chains (isnad) ✅ v1.1.0
  • [ ] Trusted key registry (public key lookup service)
  • [ ] Automated auditing tools
  • [ ] Better sandbox enforcement

License

MIT — Sociable Inc, 2026