Tencent SkillHub · Security & Compliance

Skillsign — ed25519 Skill Signing

Sign and verify agent skill folders with ed25519 keys. Detect tampering, manage trusted authors, and track provenance chains (isnād).

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

Sign and verify agent skill folders with ed25519 keys. Detect tampering, manage trusted authors, and track provenance chains (isnād).

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: README.md, setup.py, SKILL.md, skillsign.py

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 1.1.0

Provenance

Publisher: FELMONON
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 11 sections Open source page

skillsign

Cryptographic signing and verification for agent skill folders using ed25519 keys. Protects your skills from tampering and lets you verify who wrote them.

Install

pip3 install cryptography That's the only dependency. The tool is a single Python file.

Generate a signing identity

python3 skillsign.py keygen python3 skillsign.py keygen --name myagent Creates an ed25519 keypair in ~/.skillsign/keys/. Share the .pub file. Keep the .pem file secret.

Sign a skill folder

python3 skillsign.py sign ./my-skill/ python3 skillsign.py sign ./my-skill/ --key ~/.skillsign/keys/myagent.pem Hashes every file (SHA-256), builds a manifest, signs it with your private key. Creates .skillsig/ inside the folder.

Verify a skill folder

python3 skillsign.py verify ./my-skill/ Detects modified, added, or removed files. Verifies the cryptographic signature. Shows whether the signer is trusted.

Inspect signature metadata

python3 skillsign.py inspect ./my-skill/ Shows signer fingerprint, timestamp, file count, and all covered files with their hashes.

Trust an author

python3 skillsign.py trust ./their-key.pub Adds a public key to your local trusted authors list.

List trusted authors

python3 skillsign.py trusted

View provenance chain (isnād)

python3 skillsign.py chain ./my-skill/ Shows the full signing history — every author who signed the folder, in order.

When to Use

After installing a new skill — verify it hasn't been tampered with Before running untrusted code — check who signed it and whether you trust them Periodically — re-verify your skill folders to detect unauthorized modifications When publishing skills — sign your work so others can verify it came from you When auditing your agent's integrity — run verify on all your skill folders

Example Workflow

# First time: create your identity python3 skillsign.py keygen --name parker # Sign your skills python3 skillsign.py sign ~/.openclaw/skills/my-skill/ # Later: check nothing changed python3 skillsign.py verify ~/.openclaw/skills/my-skill/ # ✅ Verified — 14 files intact. # Signer: ca3458e92b73e432 [TRUSTED] # Someone tampers with a file: python3 skillsign.py verify ~/.openclaw/skills/my-skill/ # ❌ TAMPERED — Files changed since signing: # ~ main.py (modified) # Trust another agent's key python3 skillsign.py trust ./other-agent.pub # View full provenance python3 skillsign.py chain ~/.openclaw/skills/my-skill/ # === Isnād: my-skill/ (2 links) === # [1] ca3458e92b73e432 [TRUSTED] # ↓ # [2] f69159d8a25e8e32 [UNTRUSTED]

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

2 Docs2 Scripts

SKILL.md Primary doc
README.md Docs
setup.py Scripts
skillsign.py Scripts