ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Trust Protocol

v2.0.1

Manage and update agent trust scores with Bayesian updates, domain-specific trust, revocation, forgetting, and visualize trust via dashboard.

2· 2.1k·1 current·1 all-time
by@felmonon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The package implements an agent trust graph, Bayesian updates, domain scores, challenge/response, a dashboard, Moltbook bridging, and a demo — all coherent with the name 'Agent Trust Protocol'. There are minor documentation gaps (no human-friendly description in the registry metadata) but the code matches the intended functionality.
Instruction Scope
Runtime instructions and code operate on local state (~/.atp, ~/.skillsign, demo temp dirs) and invoke local tooling (skillsign, moltbook CLI). Several files call subprocess.run (often with shell=True) and assume the presence of other CLIs/scripts. This is expected for an identity/trust tool, but it grants the skill the ability to execute local commands and run existing local scripts; review those call sites before running, especially demo and moltbook_trust.py.
Install Mechanism
There is no automated install spec (lowest risk), but SKILL.md suggests git cloning the GitHub repo. package.json lists an external dependency (github URL for skillsign) but no package manager install is provided — meaning code will run locally as shipped. No remote binaries or archive downloads are embedded in an install step.
Credentials
The skill requests no declared env vars or external credentials, but it reads and writes local identity/key material under ~/.skillsign and persistent data under ~/.atp (trust.json, interactions.jsonl, moltbook_bridge.json). For identity and signing workflows this is proportionate, but these files hold sensitive material (private keys may be accessed by skillsign flows), so ensure keys remain protected and review how skillsign interactions are orchestrated.
Persistence & Privilege
The skill creates and updates files in the user's home (~/.atp and bridge files) and the demo writes demo workspaces; it does not request always:true or modify other skills' configurations. Persisting local trust state is expected for this functionality.
Assessment
This skill appears to do what it says: it builds and visualizes a local trust graph and integrates with skillsign and Moltbook. Before installing or running: (1) review the code yourself (or have a trusted reviewer) because several modules spawn subprocesses (some with shell=True) and will execute other local scripts if present; (2) back up and audit any existing ~/.skillsign keys and ~/.atp data — the tool reads/writes those directories; (3) run the demo in an isolated environment (container or throwaway VM) rather than on a production machine, since the demo will invoke skillsign and copy key files; (4) if you use the Moltbook bridge, verify the exacte path it expects (~/.openclaw/...) and ensure any CLI it runs is the intended binary; and (5) if you need higher assurance, ask the author for provenance of the skillsign dependency and a signed release (or run the code after building from the trusted GitHub repo).

Like a lobster shell, security has layers — review code before you run it.

latestvk97av60dzkgkw3v93c5vvpc5bd809faj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments