# Send cifer to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "cifer-security", "name": "cifer", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/TIP-citron/cifer-security", "canonicalUrl": "https://clawhub.ai/TIP-citron/cifer-security", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/cifer-security", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cifer-security", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "reference.md", "SKILL.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "cifer-security", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-04T19:07:54.990Z", "expiresAt": "2026-05-11T19:07:54.990Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cifer-security", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cifer-security", "contentDisposition": "attachment; filename=\"cifer-security-0.3.1.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "cifer-security" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/cifer-security" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/cifer-security", "downloadUrl": "https://openagent3.xyz/downloads/cifer-security", "agentUrl": "https://openagent3.xyz/skills/cifer-security/agent", "manifestUrl": "https://openagent3.xyz/skills/cifer-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/cifer-security/agent.md" } } ``` ## Documentation ### Overview CIFER SDK provides quantum-resistant encryption (ML-KEM-768 + AES-256-GCM) for blockchain apps. Secrets are on-chain key pairs: public key on IPFS, private key sharded across enclaves. Package: cifer-sdk (npm) Chains: Ethereum Mainnet (1), Sepolia (11155111), Ternoa (752025) Blackbox URL: https://cifer-blackbox.ternoa.dev:3010 For the full API reference, see reference.md. ### Quick Setup npm install cifer-sdk ethers dotenv package.json must have "type": "module" for ESM imports. import 'dotenv/config'; import { createCiferSdk, keyManagement, blackbox } from 'cifer-sdk'; import { Wallet, JsonRpcProvider } from 'ethers'; ### Step 1: Initialize SDK const sdk = await createCiferSdk({ blackboxUrl: 'https://cifer-blackbox.ternoa.dev:3010', }); const chainId = 1; // Ethereum Mainnet (or 11155111 for Sepolia, 752025 for Ternoa) const controllerAddress = sdk.getControllerAddress(chainId); const rpcUrl = sdk.getRpcUrl(chainId); sdk.getSupportedChainIds() returns all available chains. ### Step 2: Create Wallet Signer (Server-Side) const provider = new JsonRpcProvider(rpcUrl); const wallet = new Wallet(process.env.PRIVATE_KEY, provider); // Signer adapter — this is what the SDK expects const signer = { async getAddress() { return wallet.address; }, async signMessage(message) { return wallet.signMessage(message); }, }; For browser wallets, use the built-in adapter instead: import { Eip1193SignerAdapter } from 'cifer-sdk'; const signer = new Eip1193SignerAdapter(window.ethereum); ### Step 3: Create a Secret A secret costs a fee in native token. Check balance first. const fee = await keyManagement.getSecretCreationFee({ chainId, controllerAddress, readClient: sdk.readClient, }); const txIntent = keyManagement.buildCreateSecretTx({ chainId, controllerAddress, fee }); const tx = await wallet.sendTransaction({ to: txIntent.to, data: txIntent.data, value: txIntent.value, }); const receipt = await tx.wait(); const secretId = keyManagement.extractSecretIdFromReceipt(receipt.logs); ### Step 4: Wait for Secret Sync After creation, the enclave cluster generates keys (~30-120s on mainnet). let ready = false; while (!ready) { ready = await keyManagement.isSecretReady( { chainId, controllerAddress, readClient: sdk.readClient }, secretId, ); if (!ready) await new Promise(r => setTimeout(r, 5000)); } Or read the full state: const state = await keyManagement.getSecret( { chainId, controllerAddress, readClient: sdk.readClient }, secretId, ); // state.owner, state.delegate, state.isSyncing, state.publicKeyCid ### Step 5: Encrypt Text const encrypted = await blackbox.payload.encryptPayload({ chainId, secretId, plaintext: 'Your secret message', signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl, }); // Returns: { cifer, encryptedMessage } ### Step 6: Decrypt Text Caller must be secret owner or delegate. const decrypted = await blackbox.payload.decryptPayload({ chainId, secretId, encryptedMessage: encrypted.encryptedMessage, cifer: encrypted.cifer, signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl, }); // Returns: { decryptedMessage } ### Step 7: Encrypt File File operations are async jobs. Works with Blob in Node.js 18+. import { readFile, writeFile } from 'fs/promises'; const buffer = await readFile('myfile.pdf'); const blob = new Blob([buffer], { type: 'application/pdf' }); // Start encrypt job const job = await blackbox.files.encryptFile({ chainId, secretId, file: blob, signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl, }); // Poll until done const status = await blackbox.jobs.pollUntilComplete(job.jobId, sdk.blackboxUrl, { intervalMs: 2000, maxAttempts: 120, onProgress: (j) => console.log(\`${j.progress}%\`), }); // Download encrypted .cifer file (no auth needed for encrypt jobs) const encBlob = await blackbox.jobs.download(job.jobId, { blackboxUrl: sdk.blackboxUrl }); await writeFile('myfile.pdf.cifer', Buffer.from(await encBlob.arrayBuffer())); ### Step 8: Decrypt File const encBuffer = await readFile('myfile.pdf.cifer'); const encBlob = new Blob([encBuffer]); const decJob = await blackbox.files.decryptFile({ chainId, secretId, file: encBlob, signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl, }); const decStatus = await blackbox.jobs.pollUntilComplete(decJob.jobId, sdk.blackboxUrl, { intervalMs: 2000, maxAttempts: 120, }); // Download decrypted file (auth REQUIRED for decrypt jobs) const decBlob = await blackbox.jobs.download(decJob.jobId, { blackboxUrl: sdk.blackboxUrl, chainId, secretId, signer, readClient: sdk.readClient, }); await writeFile('myfile-decrypted.pdf', Buffer.from(await decBlob.arrayBuffer())); ### List Existing Secrets const secrets = await keyManagement.getSecretsByWallet( { chainId, controllerAddress, readClient: sdk.readClient }, wallet.address, ); // secrets.owned: bigint[] — secrets you own // secrets.delegated: bigint[] — secrets delegated to you ### Delegation Set a delegate (can decrypt but not encrypt or modify): const txIntent = keyManagement.buildSetDelegateTx({ chainId, controllerAddress, secretId, newDelegate: '0xDelegateAddress', }); await wallet.sendTransaction({ to: txIntent.to, data: txIntent.data }); Remove delegation: const txIntent = keyManagement.buildRemoveDelegationTx({ chainId, controllerAddress, secretId, }); ### Important Notes Minimum SDK version: Use cifer-sdk@0.3.1 or later. Earlier versions had incorrect function selectors. Payload size limit: Text encryption max ~16KB (encryptPayload). Use file encryption for larger data. Block freshness: The SDK auto-retries up to 3 times if the block number becomes stale. Secret sync time: ~30-60s on Ternoa, ~60-120s on Ethereum mainnet. Auth for file download: Encrypt job downloads need no auth. Decrypt job downloads require signer + readClient. Fee: Secret creation requires a fee in native token (e.g. ~0.0005 ETH on mainnet). Query getSecretCreationFee() first. Private keys: Never expose private keys in frontend code. Use server-side signer for Node.js. ### Error Handling import { isCiferError, isBlockStaleError } from 'cifer-sdk'; try { await blackbox.payload.encryptPayload({ ... }); } catch (error) { if (isBlockStaleError(error)) { // RPC returning stale blocks, SDK already retried 3x } else if (error instanceof SecretNotReadyError) { // Wait and retry } else if (isCiferError(error)) { console.error(error.code, error.message); } } ### Complete Minimal Example import 'dotenv/config'; import { createCiferSdk, keyManagement, blackbox } from 'cifer-sdk'; import { Wallet, JsonRpcProvider } from 'ethers'; const sdk = await createCiferSdk({ blackboxUrl: 'https://cifer-blackbox.ternoa.dev:3010' }); const chainId = 1; const controllerAddress = sdk.getControllerAddress(chainId); const provider = new JsonRpcProvider(sdk.getRpcUrl(chainId)); const wallet = new Wallet(process.env.PRIVATE_KEY, provider); const signer = { async getAddress() { return wallet.address; }, async signMessage(msg) { return wallet.signMessage(msg); }, }; // Create secret const fee = await keyManagement.getSecretCreationFee({ chainId, controllerAddress, readClient: sdk.readClient }); const txIntent = keyManagement.buildCreateSecretTx({ chainId, controllerAddress, fee }); const tx = await wallet.sendTransaction({ to: txIntent.to, data: txIntent.data, value: txIntent.value }); const receipt = await tx.wait(); const secretId = keyManagement.extractSecretIdFromReceipt(receipt.logs); // Wait for sync let ready = false; while (!ready) { ready = await keyManagement.isSecretReady({ chainId, controllerAddress, readClient: sdk.readClient }, secretId); if (!ready) await new Promise(r => setTimeout(r, 5000)); } // Encrypt & decrypt const enc = await blackbox.payload.encryptPayload({ chainId, secretId, plaintext: 'Hello CIFER!', signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl, }); const dec = await blackbox.payload.decryptPayload({ chainId, secretId, encryptedMessage: enc.encryptedMessage, cifer: enc.cifer, signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl, }); console.log(dec.decryptedMessage); // "Hello CIFER!" ## Trust - Source: tencent - Verification: Indexed source record - Publisher: TIP-citron - Version: 0.3.1 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-04T19:07:54.990Z - Expires at: 2026-05-11T19:07:54.990Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/cifer-security) - [Send to Agent page](https://openagent3.xyz/skills/cifer-security/agent) - [JSON manifest](https://openagent3.xyz/skills/cifer-security/agent.json) - [Markdown brief](https://openagent3.xyz/skills/cifer-security/agent.md) - [Download page](https://openagent3.xyz/downloads/cifer-security)