{ "schemaVersion": "1.0", "item": { "slug": "nano-agentguard", "name": "AgentGuard by Nano", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/sendwealth/nano-agentguard", "canonicalUrl": "https://clawhub.ai/sendwealth/nano-agentguard", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/nano-agentguard", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=nano-agentguard", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CLAWHUB.md", "README-GITHUB.md", "README.md", "SKILL.md", "TEST-REPORT.md", "docs/1PASSWORD-COMPARISON.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/nano-agentguard" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/nano-agentguard", "agentPageUrl": "https://openagent3.xyz/skills/nano-agentguard/agent", "manifestUrl": "https://openagent3.xyz/skills/nano-agentguard/agent.json", "briefUrl": "https://openagent3.xyz/skills/nano-agentguard/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Overview", "body": "AgentGuard is a trust middleware for Phase 1 hybrid authentication:\n\nCredential Vault: Encrypted storage for API keys and OAuth tokens\nPermission Scopes: Define what operations need human approval\nHuman Gate: Push confirmation requests for high-risk operations\nAudit Trail: Cryptographically signed operation logs\nAgent Registry: Track agents with credentials and permissions" }, { "title": "Installation", "body": "# Install globally\nnpm install -g agentguard\n\n# Or use as OpenClaw skill\ncp -r . ~/.openclaw/skills/agentguard" }, { "title": "Quick Start", "body": "# Initialize vault\nagentguard init\n\n# Register an agent\nagentguard register my-agent --owner \"user@example.com\"\n\n# Store a credential\nagentguard vault store my-agent OPENAI_API_KEY sk-xxx\n\n# Define permission scope\nagentguard scope set my-agent --level read --dangerous require-approval\n\n# List agents\nagentguard list\n\n# Audit log\nagentguard audit my-agent --last 24h" }, { "title": "Permission Levels", "body": "LevelAuto-approveRequires Humanread✅ Read operations❌write✅ Read/Write❌admin✅ Most operations⚠️ Dangerous onlydangerous❌ All operations✅ Always" }, { "title": "Dangerous Operations (Require Human Approval)", "body": "Send messages/emails\nFinancial transactions\nDelete data\nModify system config\nAccess sensitive credentials\nExternal API calls (configurable)" }, { "title": "Human Gate Integration", "body": "When an agent attempts a dangerous operation:\n\nAgentGuard blocks the operation\nPushes notification to owner (Feishu/Telegram/Email)\nOwner approves/denies with biometric confirmation\nIf approved, operation proceeds with short-lived token\nAll logged with cryptographic signature" }, { "title": "Configuration", "body": "~/.agentguard/config.json:\n\n{\n \"vault\": {\n \"encryption\": \"aes-256-gcm\",\n \"keyDerivation\": \"pbkdf2\"\n },\n \"humanGate\": {\n \"timeout\": 300,\n \"channels\": [\"feishu\", \"telegram\"],\n \"biometric\": true\n },\n \"audit\": {\n \"retention\": \"30d\",\n \"signLogs\": true\n }\n}" }, { "title": "API Usage (for skills)", "body": "const agentguard = require('agentguard');\n\n// Check permission\nconst allowed = await agentguard.check('my-agent', 'send_email');\nif (!allowed) {\n // Request human approval\n const approval = await agentguard.requestApproval({\n agent: 'my-agent',\n action: 'send_email',\n details: { to: 'user@example.com', subject: 'Test' }\n });\n}\n\n// Get credential\nconst apiKey = await agentguard.getCredential('my-agent', 'OPENAI_API_KEY');\n\n// Log action\nawait agentguard.audit('my-agent', 'api_call', { endpoint: '/completions' });" }, { "title": "Security Model", "body": "Vault Encryption: AES-256-GCM with key derived from master password\nCredential Isolation: Each agent has separate encrypted container\nAudit Integrity: SHA-256 hash chain for tamper detection\nHuman Gate: Out-of-band confirmation via trusted channel\nToken Expiry: Short-lived tokens (default 5 min)" }, { "title": "Files", "body": "~/.agentguard/ - Data directory\n~/.agentguard/vault/ - Encrypted credentials\n~/.agentguard/registry.json - Agent registry\n~/.agentguard/audit/ - Audit logs\n~/.agentguard/config.json - Configuration" }, { "title": "OpenClaw Integration", "body": "AgentGuard integrates with OpenClaw as a skill:\n\nAdd to ~/.openclaw/skills/agentguard/\nConfigure in workspace AGENTS.md:\n## AgentGuard\nAll external API calls require AgentGuard permission check.\nDangerous operations require human approval.\n\n\nUse in other skills:\nconst guard = require('agentguard');\nawait guard.checkOrApprove(agentId, operation, details);" }, { "title": "Roadmap", "body": "Phase 1: CLI + Vault + Permission Scopes\n Phase 2: Human Gate (Feishu/Telegram integration)\n Phase 3: Audit Trail + Export\n Phase 4: OAuth2 Token Auto-refresh\n Phase 5: Multi-tenant Support\n Phase 6: DID Preparation (future Phase 2)\n\nBuilding trust infrastructure for the Agentic Era." } ], "body": "AgentGuard - Agent Identity & Permission Guardian\nOverview\n\nAgentGuard is a trust middleware for Phase 1 hybrid authentication:\n\nCredential Vault: Encrypted storage for API keys and OAuth tokens\nPermission Scopes: Define what operations need human approval\nHuman Gate: Push confirmation requests for high-risk operations\nAudit Trail: Cryptographically signed operation logs\nAgent Registry: Track agents with credentials and permissions\nInstallation\n# Install globally\nnpm install -g agentguard\n\n# Or use as OpenClaw skill\ncp -r . ~/.openclaw/skills/agentguard\n\nQuick Start\n# Initialize vault\nagentguard init\n\n# Register an agent\nagentguard register my-agent --owner \"user@example.com\"\n\n# Store a credential\nagentguard vault store my-agent OPENAI_API_KEY sk-xxx\n\n# Define permission scope\nagentguard scope set my-agent --level read --dangerous require-approval\n\n# List agents\nagentguard list\n\n# Audit log\nagentguard audit my-agent --last 24h\n\nPermission Levels\nLevel\tAuto-approve\tRequires Human\nread\t✅ Read operations\t❌\nwrite\t✅ Read/Write\t❌\nadmin\t✅ Most operations\t⚠️ Dangerous only\ndangerous\t❌ All operations\t✅ Always\nDangerous Operations (Require Human Approval)\nSend messages/emails\nFinancial transactions\nDelete data\nModify system config\nAccess sensitive credentials\nExternal API calls (configurable)\nHuman Gate Integration\n\nWhen an agent attempts a dangerous operation:\n\nAgentGuard blocks the operation\nPushes notification to owner (Feishu/Telegram/Email)\nOwner approves/denies with biometric confirmation\nIf approved, operation proceeds with short-lived token\nAll logged with cryptographic signature\nConfiguration\n\n~/.agentguard/config.json:\n\n{\n \"vault\": {\n \"encryption\": \"aes-256-gcm\",\n \"keyDerivation\": \"pbkdf2\"\n },\n \"humanGate\": {\n \"timeout\": 300,\n \"channels\": [\"feishu\", \"telegram\"],\n \"biometric\": true\n },\n \"audit\": {\n \"retention\": \"30d\",\n \"signLogs\": true\n }\n}\n\nAPI Usage (for skills)\nconst agentguard = require('agentguard');\n\n// Check permission\nconst allowed = await agentguard.check('my-agent', 'send_email');\nif (!allowed) {\n // Request human approval\n const approval = await agentguard.requestApproval({\n agent: 'my-agent',\n action: 'send_email',\n details: { to: 'user@example.com', subject: 'Test' }\n });\n}\n\n// Get credential\nconst apiKey = await agentguard.getCredential('my-agent', 'OPENAI_API_KEY');\n\n// Log action\nawait agentguard.audit('my-agent', 'api_call', { endpoint: '/completions' });\n\nSecurity Model\nVault Encryption: AES-256-GCM with key derived from master password\nCredential Isolation: Each agent has separate encrypted container\nAudit Integrity: SHA-256 hash chain for tamper detection\nHuman Gate: Out-of-band confirmation via trusted channel\nToken Expiry: Short-lived tokens (default 5 min)\nFiles\n~/.agentguard/ - Data directory\n~/.agentguard/vault/ - Encrypted credentials\n~/.agentguard/registry.json - Agent registry\n~/.agentguard/audit/ - Audit logs\n~/.agentguard/config.json - Configuration\nOpenClaw Integration\n\nAgentGuard integrates with OpenClaw as a skill:\n\nAdd to ~/.openclaw/skills/agentguard/\nConfigure in workspace AGENTS.md:\n## AgentGuard\nAll external API calls require AgentGuard permission check.\nDangerous operations require human approval.\n\nUse in other skills:\nconst guard = require('agentguard');\nawait guard.checkOrApprove(agentId, operation, details);\n\nRoadmap\n Phase 1: CLI + Vault + Permission Scopes\n Phase 2: Human Gate (Feishu/Telegram integration)\n Phase 3: Audit Trail + Export\n Phase 4: OAuth2 Token Auto-refresh\n Phase 5: Multi-tenant Support\n Phase 6: DID Preparation (future Phase 2)\n\nBuilding trust infrastructure for the Agentic Era." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/sendwealth/nano-agentguard", "publisherUrl": "https://clawhub.ai/sendwealth/nano-agentguard", "owner": "sendwealth", "version": "0.4.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/nano-agentguard", "downloadUrl": "https://openagent3.xyz/downloads/nano-agentguard", "agentUrl": "https://openagent3.xyz/skills/nano-agentguard/agent", "manifestUrl": "https://openagent3.xyz/skills/nano-agentguard/agent.json", "briefUrl": "https://openagent3.xyz/skills/nano-agentguard/agent.md" } }