near-ai-cloud_skill

This skill helps you integrate verifiable private AI inference with NEAR AI Cloud, ensuring encrypted prompts, attested hardware, and signed responses.

8

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill near/agent-skills --skill near-ai-cloud

  • SKILL.md4.9 KB

Overview

This skill integrates NEAR AI Cloud for verifiable private AI inference using Trusted Execution Environments. It provides an OpenAI-compatible API endpoint, attestation verification for Intel TDX and NVIDIA NRAS, and persistent chat signature verification. Use it to run private model inference where data, model execution, and responses are cryptographically verifiable.

How this skill works

Requests are routed to Intel TDX confidential VMs with NVIDIA TEE GPUs so TLS terminates inside the TEE and prompts are never exposed outside the enclave. The platform issues attestation artifacts (NVIDIA NRAS payloads and Intel quotes) and a signing_address tied to an in-TEE key; each chat response is signed by that key. You verify freshness with a nonce, validate GPU and CPU attestations, bind attestations to the signing_address, then recover and compare the signer from the persistent chat signature.

When to use it

  • You need verifiable, private inference where cloud operators and model providers cannot read inputs.
  • You must verify hardware attestation for regulatory or compliance reasons (Intel TDX, NVIDIA NRAS).
  • You want OpenAI-compatible integration but with cryptographic assurances and message signatures.
  • You’re implementing end-to-end encrypted chat or need to bind responses to a specific TEE instance.
  • You need persistent, auditable chat signatures for post-hoc verification.

Best practices

  • Always generate a high-entropy nonce (64 hex chars / 32 bytes) per attestation request to prevent replay.
  • Verify both NVIDIA NRAS JWTs and Intel TDX quotes using official validators (NRAS APIs, DCAP QVL or trusted attestation explorers).
  • Confirm signing_address from the attestation report matches the recovered signer from the chat signature before trusting output.
  • Use standard OpenAI SDKs pointed at https://cloud-api.near.ai/v1 to minimize integration work; treat the service as an OpenAI-compatible backend.
  • Store attestation reports, nonces, and chat signatures alongside any audit logs to enable later verification.

Example use cases

  • Securely running a customer’s PII-sensitive inference workloads while proving the run occurred inside a TEE.
  • Verifying a model provider’s TEE attestation before using responses in regulated workflows.
  • Implementing an end-to-end encrypted chat where the cloud signs messages and you verify the signer and attestation chain.
  • Replacing an OpenAI endpoint with a TEE-backed drop-in that provides cryptographic proof of execution and signed outputs.
  • Auditing historical chat completions by fetching persistent signatures and validating them against stored attestation reports.

FAQ

Point SDKs at https://cloud-api.near.ai/v1 and supply your NEAR AI Cloud API key in place of an OpenAI key.

How do I prove a chat response came from the attested TEE?

Fetch the model attestation report (signing_address + NRAS payload + Intel quote), perform GPU and CPU verification, then GET /v1/signature/{chat_id} and verify the recovered signer matches signing_address.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational