← All skills

Tencent SkillHub · AI

OCC for OpenClaw

OCC (Origin Controlled Computing) — cryptographic proof of every OpenClaw agent action. Install, configure, and audit.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

OCC (Origin Controlled Computing) — cryptographic proof of every OpenClaw agent action. Install, configure, and audit.

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 1.1.1

Provenance

Publisher: mikeargento
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 9 sections Open source page

What this skill does

openclaw-occ is an OpenClaw plugin that commits a cryptographic OCC (Origin Controlled Computing) proof after every tool the agent runs — bash commands, file reads, browser navigation, API calls. Proofs are stored locally in ~/.openclaw/workspace/occ-proofs/ as append-only JSONL files. If a malicious skill or prompt injection causes unauthorized actions, those actions either appear in the proof log without a valid signature, or are absent entirely — making the attack visible in the audit trail. Why OCC proofs are different from regular logs: a log is written by the system being monitored and can be deleted without leaving a trace. An OCC proof is committed to an external notary by the OpenClaw runtime automatically — the model's instructions cannot suppress it. Proofs are chained by a monotonic counter, so a gap (e.g. counter jumps from 41 to 43) is itself evidence of a suppressed action. Signatures are Ed25519 and verifiable offline — no trust in the notary is required to audit your trail. Use this skill to help users install the plugin, configure it, and understand their audit results.

Privacy & data

What the notary receives: each proof contains the tool name (e.g. bash, read), a timestamp, a SHA-256 hash chained to the previous proof, and a monotonic counter. It does not contain the content of tool inputs or outputs — no file contents, no bash commands, no API responses. Source: lib/notary.js Zero-network option: set "mode": "stub" in ~/.openclaw/workspace/occ.json. All proofs are stored locally as SHA-256 hashes with no outbound requests. Self-hosting: run your own Cloudflare Worker notary (see Self-hosting section) so no proof data ever leaves your infrastructure.

Installing the plugin

Tell the user to run these commands: npm install -g openclaw-occ openclaw-occ install Then restart OpenClaw. It will discover the plugin automatically on next start (it scans for openclaw.extensions in package.json).

Configuring

Create ~/.openclaw/workspace/occ.json. There are three modes: ModeWhat it doesstubLocal SHA-256 only. No network call. Good for offline or privacy-first use.remotePOST to one notary. Returns a signed proof with Ed25519 signature + monotonic counter. Default.teePOST to multiple notaries simultaneously. Best for compliance or redundancy. Default config (uses the hosted OCC notary, no setup needed): { "mode": "remote", "notaries": ["https://occ-notary.gjp9tm85hq.workers.dev/commit"] } Tee mode (your own notary + hosted fallback): { "mode": "tee", "notaries": [ "https://my-own-notary.example.com/commit", "https://occ-notary.gjp9tm85hq.workers.dev/commit" ] }

Checking the audit trail

In chat (type in any connected chat — WhatsApp, Telegram, Slack, Discord): occ audit — today's summary: action count, proof status, last tool run occ verify bash — re-verify the last 5 bash tool proofs against the notary In terminal: npx occ-verify # recent proofs (last 7 days) npx occ-verify --verbose # full detail per proof npx occ-verify --check # re-verify all proofs against notary npx occ-verify --tool bash # filter by tool name npx occ-verify --date 2026-02-27 # filter to a specific date npx occ-verify --session <id> # filter by session npx occ-verify --json # raw JSON output (for piping / scripting) In the Control UI: the OCC panel shows every action with its timestamp, tool name, proof hash, mode indicator, and one-click verification.

Interpreting proof status

🔏 signed — proof was committed to the notary; carries an Ed25519 signature + monotonic counter ⚪ stub — local SHA-256 only (mode is stub, or notary was unreachable) ⚠ failed — notary unreachable; a fallback proof was stored so the gap remains visible Counter gaps matter. If the counter jumps from 41 to 43, proof 42 is missing — potentially evidence of a suppressed or injected action.

Self-hosting a notary

If the user wants full control and offline verification, they can deploy their own Cloudflare Worker notary. Prerequisites: a Cloudflare account with Workers and KV enabled, and Wrangler authenticated (npx wrangler login). cd ~/.openclaw/extensions/openclaw-occ/notary-worker npx wrangler kv:namespace create OCC_PROOFS # Copy the output ID into wrangler.toml under [[kv_namespaces]] npx wrangler deploy After deploy, save the public key for offline verification: curl https://your-worker.workers.dev/key # → { "publicKeyB64": "...", "version": "occ/1" } Then update ~/.openclaw/workspace/occ.json: { "mode": "remote", "notaries": ["https://your-worker.workers.dev/commit"] }

Proof storage location

~/.openclaw/workspace/occ-proofs/ 2026-02-27.jsonl 2026-02-26.jsonl … One JSONL file per day. Append-only. Crash-safe. Easy to grep, archive, or pipe into other tools.

More info

Plugin: npm install openclaw-occ Docs: https://occprotocol.com/openclaw Source: https://github.com/mikeargento/occ-core

Category context

Agent frameworks, memory systems, reasoning layers, and model-native orchestration.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

1 Docs

SKILL.md Primary doc