{
  "schemaVersion": "1.0",
  "item": {
    "slug": "skillsign",
    "name": "Skillsign — ed25519 Skill Signing",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/FELMONON/skillsign",
    "canonicalUrl": "https://clawhub.ai/FELMONON/skillsign",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/skillsign",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skillsign",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "README.md",
      "setup.py",
      "SKILL.md",
      "skillsign.py"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/skillsign"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/skillsign",
    "agentPageUrl": "https://openagent3.xyz/skills/skillsign/agent",
    "manifestUrl": "https://openagent3.xyz/skills/skillsign/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/skillsign/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "skillsign",
        "body": "Cryptographic signing and verification for agent skill folders using ed25519 keys. Protects your skills from tampering and lets you verify who wrote them."
      },
      {
        "title": "Install",
        "body": "pip3 install cryptography\n\nThat's the only dependency. The tool is a single Python file."
      },
      {
        "title": "Generate a signing identity",
        "body": "python3 skillsign.py keygen\npython3 skillsign.py keygen --name myagent\n\nCreates an ed25519 keypair in ~/.skillsign/keys/. Share the .pub file. Keep the .pem file secret."
      },
      {
        "title": "Sign a skill folder",
        "body": "python3 skillsign.py sign ./my-skill/\npython3 skillsign.py sign ./my-skill/ --key ~/.skillsign/keys/myagent.pem\n\nHashes every file (SHA-256), builds a manifest, signs it with your private key. Creates .skillsig/ inside the folder."
      },
      {
        "title": "Verify a skill folder",
        "body": "python3 skillsign.py verify ./my-skill/\n\nDetects modified, added, or removed files. Verifies the cryptographic signature. Shows whether the signer is trusted."
      },
      {
        "title": "Inspect signature metadata",
        "body": "python3 skillsign.py inspect ./my-skill/\n\nShows signer fingerprint, timestamp, file count, and all covered files with their hashes."
      },
      {
        "title": "Trust an author",
        "body": "python3 skillsign.py trust ./their-key.pub\n\nAdds a public key to your local trusted authors list."
      },
      {
        "title": "List trusted authors",
        "body": "python3 skillsign.py trusted"
      },
      {
        "title": "View provenance chain (isnād)",
        "body": "python3 skillsign.py chain ./my-skill/\n\nShows the full signing history — every author who signed the folder, in order."
      },
      {
        "title": "When to Use",
        "body": "After installing a new skill — verify it hasn't been tampered with\nBefore running untrusted code — check who signed it and whether you trust them\nPeriodically — re-verify your skill folders to detect unauthorized modifications\nWhen publishing skills — sign your work so others can verify it came from you\nWhen auditing your agent's integrity — run verify on all your skill folders"
      },
      {
        "title": "Example Workflow",
        "body": "# First time: create your identity\npython3 skillsign.py keygen --name parker\n\n# Sign your skills\npython3 skillsign.py sign ~/.openclaw/skills/my-skill/\n\n# Later: check nothing changed\npython3 skillsign.py verify ~/.openclaw/skills/my-skill/\n# ✅ Verified — 14 files intact.\n#    Signer: ca3458e92b73e432 [TRUSTED]\n\n# Someone tampers with a file:\npython3 skillsign.py verify ~/.openclaw/skills/my-skill/\n# ❌ TAMPERED — Files changed since signing:\n#    ~ main.py (modified)\n\n# Trust another agent's key\npython3 skillsign.py trust ./other-agent.pub\n\n# View full provenance\npython3 skillsign.py chain ~/.openclaw/skills/my-skill/\n# === Isnād: my-skill/ (2 links) ===\n#   [1] ca3458e92b73e432 [TRUSTED]\n#       ↓\n#   [2] f69159d8a25e8e32 [UNTRUSTED]"
      }
    ],
    "body": "skillsign\n\nCryptographic signing and verification for agent skill folders using ed25519 keys. Protects your skills from tampering and lets you verify who wrote them.\n\nInstall\npip3 install cryptography\n\n\nThat's the only dependency. The tool is a single Python file.\n\nCommands\nGenerate a signing identity\npython3 skillsign.py keygen\npython3 skillsign.py keygen --name myagent\n\n\nCreates an ed25519 keypair in ~/.skillsign/keys/. Share the .pub file. Keep the .pem file secret.\n\nSign a skill folder\npython3 skillsign.py sign ./my-skill/\npython3 skillsign.py sign ./my-skill/ --key ~/.skillsign/keys/myagent.pem\n\n\nHashes every file (SHA-256), builds a manifest, signs it with your private key. Creates .skillsig/ inside the folder.\n\nVerify a skill folder\npython3 skillsign.py verify ./my-skill/\n\n\nDetects modified, added, or removed files. Verifies the cryptographic signature. Shows whether the signer is trusted.\n\nInspect signature metadata\npython3 skillsign.py inspect ./my-skill/\n\n\nShows signer fingerprint, timestamp, file count, and all covered files with their hashes.\n\nTrust an author\npython3 skillsign.py trust ./their-key.pub\n\n\nAdds a public key to your local trusted authors list.\n\nList trusted authors\npython3 skillsign.py trusted\n\nView provenance chain (isnād)\npython3 skillsign.py chain ./my-skill/\n\n\nShows the full signing history — every author who signed the folder, in order.\n\nWhen to Use\nAfter installing a new skill — verify it hasn't been tampered with\nBefore running untrusted code — check who signed it and whether you trust them\nPeriodically — re-verify your skill folders to detect unauthorized modifications\nWhen publishing skills — sign your work so others can verify it came from you\nWhen auditing your agent's integrity — run verify on all your skill folders\nExample Workflow\n# First time: create your identity\npython3 skillsign.py keygen --name parker\n\n# Sign your skills\npython3 skillsign.py sign ~/.openclaw/skills/my-skill/\n\n# Later: check nothing changed\npython3 skillsign.py verify ~/.openclaw/skills/my-skill/\n# ✅ Verified — 14 files intact.\n#    Signer: ca3458e92b73e432 [TRUSTED]\n\n# Someone tampers with a file:\npython3 skillsign.py verify ~/.openclaw/skills/my-skill/\n# ❌ TAMPERED — Files changed since signing:\n#    ~ main.py (modified)\n\n# Trust another agent's key\npython3 skillsign.py trust ./other-agent.pub\n\n# View full provenance\npython3 skillsign.py chain ~/.openclaw/skills/my-skill/\n# === Isnād: my-skill/ (2 links) ===\n#   [1] ca3458e92b73e432 [TRUSTED]\n#       ↓\n#   [2] f69159d8a25e8e32 [UNTRUSTED]"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/FELMONON/skillsign",
    "publisherUrl": "https://clawhub.ai/FELMONON/skillsign",
    "owner": "FELMONON",
    "version": "1.1.0",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/skillsign",
    "downloadUrl": "https://openagent3.xyz/downloads/skillsign",
    "agentUrl": "https://openagent3.xyz/skills/skillsign/agent",
    "manifestUrl": "https://openagent3.xyz/skills/skillsign/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/skillsign/agent.md"
  }
}