by 安全扫描
OpenClaw
可疑
medium confidenceThe plugin's code and instructions largely match an attestation purpose, but it sends conversation metadata and hashes to a third‑party API (and exposes admin tooling) and includes some odd provenance/packaging signals; review before installing or provide a self‑hosted backend.
评估建议
This plugin will automatically hash and transmit message metadata and some content-derived hashes to an external ZAP1 service (default pay.frontiercompute.io). That behavior matches its attestation purpose but has privacy and trust implications: 1) Only configure the plugin with an API key you control (prefer a key from a self‑hosted ZAP1 instance if possible). 2) Avoid providing a highly privileged API key unless you trust the backend operator; admin tools can create API keys and list webhooks....详细分析 ▾
✓ 用途与能力
The declared purpose (Zcash attestation, policy enforcement, session tracking) matches the code: the package registers hooks to attest messages/events and exposes tools to query/submit attestation data. The plugin expects a configured apiKey and agentId (via plugin config) for write operations, which is consistent with the stated functionality.
⚠ 指令范围
The runtime hooks automatically hash and POST message contents, channel IDs, sender IDs, session keys and other metadata to an external API (default: https://pay.frontiercompute.io). While the plugin hashes content before sending, hashes of short or predictable inputs can be brute-forced; some endpoints (e.g., memo decode) accept raw hex bodies. SKILL.md suggests obtaining API keys via messaging a third party (Signal) — an unusual operational detail that increases trust requirements. The hooks also inject periodic checkpoint messages into conversations that include links to the remote API.
ℹ 安装机制
No installer or external binary downloads are declared (instruction-only install path). Source files are included in the package (dist/ and src/). There is a package-lock.json with many (dev) dependencies not visible in package.json (Anthropic/AWS-related entries); that is odd but not an immediate code-execution risk by itself — still worth verifying the lockfile provenance and that no unexpected native modules/binaries are included.
ℹ 凭证需求
The plugin requires an API key and agentId in its plugin config (not environment variables). Those credentials are proportional for a service that writes attestation events. However, some tools (create_api_key, list_webhooks, create_event) appear to perform administrative or write operations — they require a privileged API key. Only provide such a key if you trust the operator or self-host the backend.
✓ 持久化与权限
The skill is not marked always:true and does not request system-wide privileges. It registers hooks within the agent runtime (expected for this functionality) and does not appear to mutate other plugins' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install zap1-zcash-attestation
镜像加速npx clawhub@latest install zap1-zcash-attestation --registry https://cn.longxiaskill.com