Install
openclaw skills install @zkeviny/cross-node-script-authZero‑exposure cross‑device script authorization using MGC Blackbox seal functionality. Scripts are encrypted with target node's public key, transferred as ciphertext, and decrypted only during execution on authorized node. Complete zero‑exposure throughout the entire chain.
openclaw skills install @zkeviny/cross-node-script-authCross‑Device Encrypted Script Authorization is a documentation skill that teaches how to authorize script execution across devices without exposing plaintext.
This skill enables:
This skill contains no executable code and is safe for automatic approval.
After reading this documentation, an AI agent will understand how to:
pip install mgc-blackbox (recommended 1.4.6+)mgc (runs at http://127.0.0.1:57219)mgc_get, mgc_seal, mgc_save~/.mgc/database/mgc_black_box/.mgc_tokenTraditional: Script Owner → Send Script (plaintext) → Authorized Node
MGC Way: Script Owner → Seal with node_pub → Encrypted → Authorized Node
↓
Always encrypted, never exposed
The script remains encrypted throughout:
Organization A has a script they want to share with Organization B without exposing the script content.
A company wants to provide automation scripts to partners without revealing the script logic.
A central server delegates tasks to edge devices without exposing task logic.
The node that will run the sealed script must provide its public key.
# Get node public key via MCP
node_pub = mgc_get(
info_type="__NODE_PUB__",
info_owner="__NODE_PUB__"
)
Note: If no node key exists, MGC automatically generates one when first accessed.
The script owner seals their script using the authorized node's public key.
# Store original script first
mgc_save(
info_type="script",
info_owner="my_script",
ext01="python",
content="print('Confidential script')"
)
# Seal the script with target node's public key
sealed_script = mgc_seal(
info_type="script",
info_owner="my_script",
ext04=node_pub # Target node's public key
)
Transfer the sealed script to the authorized node. The sealed content is ciphertext.
# sealed_script contains encrypted data
print(sealed_script) # Only send this to authorized node
The authorized node stores the sealed script in their MGC.
# Store sealed version
mgc_save(
info_type="script",
info_owner="partner_script",
ext01="python",
content=sealed_script # This is already encrypted
)
The authorized node executes the sealed script.
# Execute sealed script
result = mgc_get(
info_type="script",
info_owner="partner_script",
action="run"
)
# Result returned, script never exposed
When sealing scripts, ensure dependencies are available on the target node:
| Dependency | How to Handle |
|---|---|
| MGC credentials | Store credentials on target node with same info_type/info_owner, format must be consistent but content varies by node |
| External files | Must exist on target node with consistent paths, recommended to also store in MGC and call via MGC API |
| Environment variables | Must be set on target node |
Important: If your script relies on MGC credentials or external resources, ensure they are available on the target node before execution.
Get node public key:
{
"info_type": "__NODE_PUB__",
"info_owner": "__NODE_PUB__"
}
Execute sealed script:
{
"info_type": "script",
"info_owner": "sealed_script_identifier",
"action": "run"
}
Arguments:
{
"info_type": "script",
"info_owner": "original_script_identifier",
"ext04": "target_node_public_key"
}
Returns: Sealed (encrypted) script content / key / startup command, etc.
Store original script:
{
"info_type": "script",
"info_owner": "script_identifier",
"ext01": "python",
"content": "script plaintext"
}
Store sealed script:
{
"info_type": "script",
"info_owner": "sealed_script_identifier",
"ext01": "python",
"content": "sealed_encrypted_content"
}
| Issue | Solution |
|---|---|
| Script fails to run | Check MGC version 1.4.6+ required |
| Credential not found | Ensure credentials stored with same info_type/info_owner on target |
| Sealing fails | Verify node_pub is valid RSA public key |
| Execution timeout | Check script dependencies are available |