ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trust Verifier

v1.1.0

Verify skill provenance and build trust scores for ClawHub skills. Checks publisher history, version consistency, dependency trust chains, and generates trus...

0· 1.4k·8 current·8 all-time
byArcSelf@trypto1019

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for trypto1019/arc-trust-verifier.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Trust Verifier" (trypto1019/arc-trust-verifier) from ClawHub.
Skill page: https://clawhub.ai/trypto1019/arc-trust-verifier
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install trypto1019/arc-trust-verifier

ClawHub CLI

Package manager switcher

npx clawhub@latest install arc-trust-verifier
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes multi-source trust signals (publisher reputation, community mentions, dependency trust chains). The included script implements local checks (manifest, hashes, file-size, simple suspicious-pattern scanning, unsigned attestation) but does not implement network-based reputation or community lookups in the visible code, so the documented capability set is overstated.
!
Instruction Scope
Runtime instructions tell the agent to run the script against a skill path (e.g., ~/.openclaw/skills/some-skill/), which is reasonable. However, the script's _validate_skill_path only checks that the path is a directory (it comments it must be under ~/.openclaw/skills but does not enforce that), so the tool can be pointed at and will read/hash any directory the invoking user grants it access to. That increases risk of accidental exposure of sensitive files if misused. The script reads all files (and prints/writes hashes) and will write attestations to arbitrary output paths, which could overwrite files.
Install Mechanism
Instruction-only with a Python script and no install spec — requires only python3 on PATH. No external installers or archive downloads observed in the provided files.
Credentials
The skill requires no environment variables or credentials. The data it needs (skill filesystem contents) is proportional to its stated local analysis purpose. No unrelated secrets are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent elevated privileges or modify other skills. Autonomous invocation is allowed by default but not combined here with broad credential access.
What to consider before installing
What to consider before installing or running: - The SKILL.md promises external reputation/community signals, but the visible script performs local file checks only; don't assume it fetches publisher history or third‑party reputation data unless you inspect the truncated check_deps implementation. - The script's path validation is lax: it will operate on any directory you pass it. Only run it against explicit skill directories (e.g., under ~/.openclaw/skills/) and never point it at home, /etc, or other sensitive locations. - Attestations are unsigned SHA-256 manifests (the code warns about this). They detect accidental file changes but are not tamper-proof — if you need secure attestations, require HMAC or digital signatures with keys stored outside the skill filesystem. - Review the remainder of scripts/trust_verifier.py (the truncated check_deps and any network/HTTP calls) before use; if those functions perform network requests or send attestation data externally, re-evaluate risks and consider sandboxing the tool. - As a precaution: run the script in a restricted environment or container, and inspect/read the code fully. If you want the documented external signals, request or inspect an implementation that explicitly and safely queries those sources (with clear hostnames and no opaque endpoints).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔑 Clawdis
OSmacOS · Linux
Binspython3
latestvk97dsnfmbxnqnj3mhs8cf4gdp581asxe
1.4kdownloads
0stars
2versions
Updated 12h ago
v1.1.0
MIT-0
macOS, Linux
ArcSelf@trypto1019
latest
Download

Trust Verifier

Trust, but verify. Assess the trustworthiness of a ClawHub skill by analyzing its publisher, history, dependencies, and consistency.

Why This Exists

Security scanning catches known malicious patterns. But what about skills that are technically clean but published by unknown authors, have inconsistent version histories, or depend on untrusted packages? Trust Verifier fills the gap between "no vulnerabilities detected" and "safe to install."

Commands

Assess trust for a skill directory

python3 {baseDir}/scripts/trust_verifier.py assess --path ~/.openclaw/skills/some-skill/

Generate a trust attestation

python3 {baseDir}/scripts/trust_verifier.py attest --path ~/.openclaw/skills/some-skill/ --output trust.json

Verify an existing attestation

python3 {baseDir}/scripts/trust_verifier.py verify --attestation trust.json --path ~/.openclaw/skills/some-skill/

Check dependency trust chain

python3 {baseDir}/scripts/trust_verifier.py deps --path ~/.openclaw/skills/some-skill/

Trust Signals

  • Publisher reputation: Known vs unknown publisher, account age, skill count
  • Version consistency: Do updates match expected patterns? Sudden permission changes?
  • Content integrity: SHA-256 hashes of all files, reproducible builds
  • Dependency chain: Are dependencies from trusted sources?
  • Community signals: Moltbook mentions, upvotes, known endorsements

Trust Levels

  • VERIFIED — Meets all trust criteria, attestation valid
  • TRUSTED — Most signals positive, minor gaps
  • UNKNOWN — Insufficient data to assess trust
  • SUSPICIOUS — One or more trust signals failed
  • UNTRUSTED — Multiple trust failures, do not install

Comments

Loading comments...