🔐 Redshift — 去中心化密钥管理

v0.2.0

基于 Nostr 的去中心化加密密钥管理工具，通过 Redshift CLI 安全地设置、读取和同步应用密钥，无需中心化服务器。

0· 613·0 当前·0 累计

by @accolver (Alan Colver)

安全开发工具云服务

下载技能包

最后更新

2026/2/26

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill is internally consistent with a Redshift CLI integration: it only requires the redshift binary, documents the relevant optional env vars, and its instructions match the tool's expected behavior.

评估建议

This skill is coherent with the official Redshift CLI. Before installing: ensure the redshift binary on your system is the legitimate upstream release (don’t run an unknown redshift executable), avoid pasting private keys into shared shells, store REDSHIFT_NSEC/REDSHIFT_BUNKER in your CI secret store rather than local plaintext, and be cautious about allowing the agent to run redshift run since it can execute arbitrary commands with secrets injected — always confirm the exact command you want ex...

详细分析 ▾

✓ 用途与能力

Name/description, required binary (redshift), and declared optional env vars (REDSHIFT_NSEC, REDSHIFT_BUNKER, REDSHIFT_CONFIG_DIR) align with a Redshift CLI secret-management integration.

ℹ 指令范围

SKILL.md focuses on using the redshift CLI (setup, login, secrets get/set/upload/download, run, serve). It references reading/writing redshift.yaml and secrets files and warns about command-line secrecy and host binding. This is expected for a secret manager, but special caution is warranted around redshift run (it can inject secrets into arbitrary commands) — the skill correctly instructs to confirm commands with the user before executing.

✓ 安装机制

Instruction-only skill with no install spec; requires the redshift binary to already be present. This is low risk and appropriate for a CLI wrapper skill.

✓ 凭证需求

No required credentials are declared. The optional env vars the SKILL.md mentions (REDSHIFT_NSEC, REDSHIFT_BUNKER, REDSHIFT_CONFIG_DIR) are directly relevant to Redshift usage (CI auth and config). Nothing requests unrelated secrets or system credentials.

✓ 持久化与权限

Skill is not always-enabled and uses normal model-invocation settings. It does not request elevated or persistent platform privileges and does not attempt to modify other skills or system-wide configs.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.2.02026/2/18

Remove auto-install command (no more git clone/build). Declare installHint instead — users install the binary themselves. Add agent guardrails: redshift run requires explicit user confirmation, no arbitrary command construction.

● 无害

安装命令

点击复制

官方npx clawhub@latest install redshift

镜像加速npx clawhub@latest install redshift --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库