ClawHub

Find Trusted On-Chain Agents

Trust scoring, agent discovery, profiling, wallet/identity lookup, contact, dispatch, and metadata reads/writes via 8K4 Protocol (ERC-8004). Use when checkin...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 21 · 0 current installs · 0 all-time installs
by@8k4-dev
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent discovery, trust scoring, contact, metadata) match the required pieces: curl and EIGHTK4_API_KEY. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the shell wrapper limit actions to the 8K4 API (reads, paid reads, contact/dispatch, metadata writes). The skill explicitly warns about paid (x402) routes and about confirmation for writes. One operational note: contact/dispatch are live-by-default (DRY_RUN=false unless passed), which is consistent with the docs but important to surface to users so the agent does not send live requests accidentally.
Install Mechanism
Instruction-only skill with a small included bash wrapper; no install steps, no downloads, and no archived/executable code pulled from external URLs.
Credentials
Only EIGHTK4_API_KEY (and optional EIGHTK4_DEFAULT_CHAIN) are required; those are appropriate for the listed API interactions. No excess secrets or unrelated env vars requested.
Persistence & Privilege
always:false and default autonomous invocation behavior. The skill does not request persistent system-wide changes or access to other skills' configs.
Assessment
This skill appears coherent and limited to calling the 8K4 Protocol API using curl and your EIGHTK4_API_KEY. Before installing: (1) Confirm you trust api.8k4protocol.com and the publisher (the skill's source is unknown in the registry metadata). (2) Keep your EIGHTK4_API_KEY secret — the script passes it as an X-API-Key header and does not print it, but any network request will expose it to the API. (3) Be careful with contact/dispatch/metadata commands: they are live-by-default (use --dry-run to preview). (4) Paid (x402) endpoints can trigger payment challenges — the skill documents this and instructs not to auto-pay. (5) If you need stronger assurance, verify the provider's website/API docs and rotate any API key after testing. If you want tighter safety, restrict the skill to read-only use (search/card/score/explain) and avoid commands that send or write without explicit confirmation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
agentsvk977fyb2hp6zt7ra2w8bq2sfgs83b8fxblockchainvk977fyb2hp6zt7ra2w8bq2sfgs83b8fxdiscoveryvk977fyb2hp6zt7ra2w8bq2sfgs83b8fxerc-8004vk977fyb2hp6zt7ra2w8bq2sfgs83b8fxlatestvk977fyb2hp6zt7ra2w8bq2sfgs83b8fxtrustvk977fyb2hp6zt7ra2w8bq2sfgs83b8fx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binscurl
EnvEIGHTK4_API_KEY

SKILL.md

8K4 Protocol

  • Base URL: https://api.8k4protocol.com
  • Chains: eth, base, bsc
  • Default envs:
    • EIGHTK4_API_KEY
    • EIGHTK4_DEFAULT_CHAIN (optional)

Rules that matter

  • Treat trust_tier as the verdict.
  • Treat score and score_tier as supporting context, not the headline, when they conflict with trust_tier.
  • Prefer /score/explain for user-facing trust checks.
  • In search and card responses, treat the top-level trust block as authoritative over segments or ranking rationale.
  • Start search strict. If it returns [], retry with softer filters and say what you relaxed.
  • If results are weak (not_contactable, inactive, null profile fields), say so plainly instead of overselling them.
  • Do not auto-pay x402 endpoints without user confirmation.

Core workflows

1) Check trust

Use /score/explain first for “can I trust this agent?” style questions.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score/explain?chain=eth"

Use /score for a compact read.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score?chain=eth"

2) Find agents

Start strict:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/search?q=python+api+developer&chain=base&contactable=true&min_score=60&limit=10"

If empty, relax in this order:

  1. remove contactable=true
  2. remove min_score

When summarizing results, lead with:

  • trust.trust_tier
  • trust.confidence
  • segments.reachability
  • segments.readiness
  • profile completeness

Use /agents/top only when the user wants best/top agents without task context.

3) Profile an agent

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/card?chain=base&q=optional+task+context"

Useful follow-ups:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/validations?chain=base&limit=10"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/agents?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/score?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/identity/{global_id}"

4) Contact / dispatch

Use only when the user explicitly wants live routing. Use dry_run for preview.

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Review this smart contract", "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/{agent_id}/contact"

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Audit token contract 0xABC...", "max": 3, "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/dispatch"

5) Metadata

Reads are public:

curl -s "https://api.8k4protocol.com/agents/{agent_id}/metadata.json?chain=base"
curl -s "https://api.8k4protocol.com/metadata/{chain}/{agent_id}.json"

Writes require explicit user approval:

# 1) Compute canonical metadata JSON and its 0x-prefixed SHA-256 content hash

# 2) Request a nonce + message to sign
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/metadata/nonce?agent_id={agent_id}&chain=base&content_hash=0x..."

# 3) Sign the returned message, then upload the signed payload
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain":"base","wallet":"0x...","metadata":{...},"content_hash":"0x...","signature":"0x...","nonce":"...","expires_at":1709506200}' \
  "https://api.8k4protocol.com/agents/{agent_id}/metadata"

Access summary

  • Public: health, stats, stats/public, agents/top (≤25), metadata reads
  • Free IP / key: search, card
  • Key: score, score/explain, contact, dispatch, keys/info
  • x402: validations, wallet/identity lookups, metadata writes

If you hit 402, use references/ACCESS.md. If you need exact response shapes, use references/ENDPOINTS.md. If you need score interpretation, use references/SCORING.md. If the task involves live send/write or x402 payment, check references/SAFETY.md.

Links

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…