📦 Openfused — 去中心化代理网格

Name: Openfused — 去中心化代理网格
Rating: 1

v1.0.6

为AI代理打造去中心化上下文网格，支持分布式存储、签名加密消息、节点同步与加密信任管理，初始化即用。

1· 94·0 当前·0 累计

by @velinxs

智能体安全网络工具云服务数据处理

下载技能包

最后更新

2026/3/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

medium confidence

NULL

评估建议

This skill appears to do what it says, but take these precautions before installing: - Inspect the npm package source (and GitHub repo) before npm install, because installing a package executes third-party code. - Be aware it uses your ~/.ssh config and existing SSH keys for SCP/peer sync — limit exposure by using a dedicated SSH key/config or running the agent in a sandboxed environment. - Avoid placing secrets in the store's shared/ directory; shared files are plaintext to peers. - Prefer loca...

详细分析 ▾

✓ 用途与能力

Name/description (decentralized context mesh) align with required binary (openfuse) and required config (~/.ssh/config). Requiring SSH config and an openfuse binary is expected for an SSH/SCP-based peer sync tool.

ℹ 指令范围

SKILL.md stays within the stated purpose: instructions cover init, key management, sharing, sending messages (via SCP/HTTP), and local store layout. It explicitly warns about shared/plaintext files and autonomous invocation. It references ~/.ssh and local key files in store; these are relevant but enable network actions, so the agent will be able to perform remote transfers when invoked.

ℹ 安装机制

Install is an npm package from the public registry (openfused@0.3.5), which is an expected distribution method but carries the usual moderate risk of executing third-party code. The SKILL.md suggests global npm -g install which modifies system-wide binaries.

⚠ 凭证需求

No environment variables requested, which is appropriate. However the skill requires access to ~/.ssh/config and uses existing SSH private keys for peer sync; this is sensitive — access to your SSH config/keys can enable network connections to other hosts. That access is proportionate to SSH-based syncing but still warrants caution.

✓ 持久化与权限

always is false and the skill is user-invocable. The skill notes autonomous invocation as a risk and recommends sandboxing; there is no indication it attempts to persist beyond installing the openfuse binary. This is normal for a CLI integration.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.62026/3/22

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install openfused-mail-system-for-ai-agents

镜像加速npx clawhub@latest install openfused-mail-system-for-ai-agents --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库