openclaw-signet

# OpenClaw Signet

Cryptographic verification for installed skills. Sign skills at install time, verify they haven't been tampered with later.

## The Problem

You install a skill and it works. Days later, a compromised process modifies files inside the skill directory — injecting code, altering behavior, adding exfiltration. All current defenses are heuristic (regex pattern matching). Nothing mathematically verifies that installed code is unchanged.


## Commands

### Sign Skills

Generate SHA-256 content hashes for all installed skills and store in trust manifest.

```bash
python3 {baseDir}/scripts/signet.py sign --workspace /path/to/workspace
```

### Sign Single Skill

```bash
python3 {baseDir}/scripts/signet.py sign openclaw-warden --workspace /path/to/workspace
```

### Verify Skills

Compare current skill state against trusted signatures.

```bash
python3 {baseDir}/scripts/signet.py verify --workspace /path/to/workspace
```

### List Signed Skills

```bash
python3 {baseDir}/scripts/signet.py list --workspace /path/to/workspace
```

### Quick Status

```bash
python3 {baseDir}/scripts/signet.py status --workspace /path/to/workspace
```

## How It Works

1. `sign` computes SHA-256 hashes of every file in each skill directory
2. A composite hash represents the entire skill state
3. `verify` recomputes hashes and compares against the manifest
4. If any file is modified, added, or removed — the composite hash changes
5. Reports exactly which files changed within each tampered skill

## Exit Codes

- `0` — All skills verified
- `1` — Unsigned skills detected
- `2` — Tampered skills detected

## No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

## Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

# OpenClaw Signet

Cryptographic skill verification for [OpenClaw](https://github.com/openclaw/openclaw), [Claude Code](https://docs.anthropic.com/en/docs/claude-code), and any Agent Skills-compatible tool.

Sign installed skills with SHA-256 content hashes. Verify they haven't been tampered with. Detect exactly which files changed.


## Install

```bash
git clone https://github.com/AtlasPA/openclaw-signet.git
cp -r openclaw-signet ~/.openclaw/workspace/skills/
```

## Usage

```bash
# Sign all installed skills
python3 scripts/signet.py sign

# Sign a specific skill
python3 scripts/signet.py sign openclaw-warden

# Verify all skills
python3 scripts/signet.py verify

# List signed skills
python3 scripts/signet.py list

# Quick status
python3 scripts/signet.py status
```

## How It Works

```
sign:   Compute SHA-256 of every file → composite hash → store in manifest
verify: Recompute hashes → compare to manifest → report differences
```

If any file within a skill is modified, added, or removed, the composite hash changes and `verify` reports exactly what changed.


|---------|------|-----|
| SHA-256 skill signing | Yes | Yes |
| Tamper detection | Yes | Yes |
| File-level change report | Yes | Yes |
| Trust manifest | Yes | Yes |
| **Reject unsigned skills** | - | Yes |
| **Quarantine tampered skills** | - | Yes |
| **Restore from trusted state** | - | Yes |
| **Pre-install verification** | - | Yes |

## Requirements

- Python 3.8+
- No external dependencies (stdlib only)
- Cross-platform: Windows, macOS, Linux

## License

MIT