- Home
- Skills
- Near
- Agent Skills
- Near Ai Cloud
near-ai-cloud_skill
8
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
3 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill near/agent-skills --skill near-ai-cloud- SKILL.md4.9 KB
Overview
This skill integrates NEAR AI Cloud for verifiable private AI inference using Trusted Execution Environments. It provides an OpenAI-compatible API endpoint, attestation verification for Intel TDX and NVIDIA NRAS, and persistent chat signature verification. Use it to run private model inference where data, model execution, and responses are cryptographically verifiable.
How this skill works
Requests are routed to Intel TDX confidential VMs with NVIDIA TEE GPUs so TLS terminates inside the TEE and prompts are never exposed outside the enclave. The platform issues attestation artifacts (NVIDIA NRAS payloads and Intel quotes) and a signing_address tied to an in-TEE key; each chat response is signed by that key. You verify freshness with a nonce, validate GPU and CPU attestations, bind attestations to the signing_address, then recover and compare the signer from the persistent chat signature.
When to use it
- You need verifiable, private inference where cloud operators and model providers cannot read inputs.
- You must verify hardware attestation for regulatory or compliance reasons (Intel TDX, NVIDIA NRAS).
- You want OpenAI-compatible integration but with cryptographic assurances and message signatures.
- You’re implementing end-to-end encrypted chat or need to bind responses to a specific TEE instance.
- You need persistent, auditable chat signatures for post-hoc verification.
Best practices
- Always generate a high-entropy nonce (64 hex chars / 32 bytes) per attestation request to prevent replay.
- Verify both NVIDIA NRAS JWTs and Intel TDX quotes using official validators (NRAS APIs, DCAP QVL or trusted attestation explorers).
- Confirm signing_address from the attestation report matches the recovered signer from the chat signature before trusting output.
- Use standard OpenAI SDKs pointed at https://cloud-api.near.ai/v1 to minimize integration work; treat the service as an OpenAI-compatible backend.
- Store attestation reports, nonces, and chat signatures alongside any audit logs to enable later verification.
Example use cases
- Securely running a customer’s PII-sensitive inference workloads while proving the run occurred inside a TEE.
- Verifying a model provider’s TEE attestation before using responses in regulated workflows.
- Implementing an end-to-end encrypted chat where the cloud signs messages and you verify the signer and attestation chain.
- Replacing an OpenAI endpoint with a TEE-backed drop-in that provides cryptographic proof of execution and signed outputs.
- Auditing historical chat completions by fetching persistent signatures and validating them against stored attestation reports.
FAQ
Point SDKs at https://cloud-api.near.ai/v1 and supply your NEAR AI Cloud API key in place of an OpenAI key.
How do I prove a chat response came from the attested TEE?
Fetch the model attestation report (signing_address + NRAS payload + Intel quote), perform GPU and CPU verification, then GET /v1/signature/{chat_id} and verify the recovered signer matches signing_address.