Erc8004 Reputation
v1.1.1On-chain reputation for AI agents. Give feedback, check scores, view leaderboards, and build trust via the ERC-8004 Reputation Registry. Supports Base, Ethereum, Polygon, Monad, BNB.
⭐ 0· 1.1k·0 current·0 all-time
byaether@aetherstacey
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, CLI commands, ABI, and use of web3 all match an ERC-8004 on-chain reputation tool. The script interacts with on-chain contracts and chain RPCs (Base, Ethereum, Polygon, Monad, BNB) as expected. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and code explicitly require a wallet (mnemonic or private key) for write operations — this mismatch is unexplained and notable.
Instruction Scope
SKILL.md commands and examples are narrowly scoped to reading reputation data and signing transactions to give/revoke feedback. It documents which commands are read-only vs write. The heartbeat examples use local files (/var/log, /tmp) and desktop notifications (notify-send), which are reasonable for monitoring but should be noted. The leaderboard claims to fetch from an Agentscan API (an external endpoint) — that is consistent with the feature but worth auditing if you care about external network calls.
Install Mechanism
No automated install spec is provided; this is an instruction-only skill plus a script. Declared dependency installation is a simple pip install of web3 and eth-account — standard for Ethereum tooling. No arbitrary downloads or archive extraction are present in the package metadata.
Credentials
Write operations require sensitive creds (ERC8004_MNEMONIC or ERC8004_PRIVATE_KEY) as documented in SKILL.md and implemented in code (get_wallet reads these env vars). That is proportional to signing blockchain transactions. The concern: the skill registry metadata incorrectly shows 'Required env vars: none' and 'Primary credential: none' — an inconsistency that could cause users to expose secrets unexpectedly. Only the wallet-related env vars are used; no other unrelated credentials are requested.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It does not modify other skills' configuration based on the provided files. Autonomous invocation is allowed (platform default); that is not in itself a new risk here.
What to consider before installing
This skill appears to implement an ERC-8004 reputation CLI and will connect to public RPCs and the specified contract addresses. Important points before installing:
- The code requires a wallet for write operations (ERC8004_MNEMONIC or ERC8004_PRIVATE_KEY). Do NOT export your main/high-value mnemonic into environment variables for an untrusted skill. Use a dedicated, low-value wallet or a hardware/remote signer when possible.
- The registry metadata incorrectly lists no required env vars — treat the SKILL.md and code as authoritative for runtime behavior. That mismatch is a red flag worth asking the publisher to correct.
- The tool talks to external RPC endpoints and (per README/SKILL.md) an Agentscan API for leaderboards. RPC providers will see your transaction payloads (not your private key) and could censor or front-run transactions; prefer a provider you trust.
- Review the repository source (especially any remaining parts of scripts/reputation.py not shown) before running write commands. Read-only commands (lookup, my-rep, clients, feedback, leaderboard) do not require your wallet and are safe to run without credentials.
If you plan to use the 'give' or 'revoke' functions, verify the contract addresses on-chain independently, consider funding a disposable key, and ask the skill author to update metadata to declare required env vars so expectations are clear.Like a lobster shell, security has layers — review code before you run it.
latest
aether@aetherstacey
DownloadERC-8004 Reputation Skill
Interact with the ERC-8004 Reputation Registry — the decentralized reputation layer for AI agents.
Use This When...
- "Check an agent's reputation"
- "Rate this agent"
- "Give feedback to agent X"
- "What's my agent's reputation?"
- "Who gave feedback to my agent?"
- "Show me the reputation leaderboard"
- "Top agents by reputation"
- "Revoke my feedback"
Commands
lookup
Look up an agent's reputation summary.
python scripts/reputation.py lookup <agentId> [--chain CHAIN]
Shows: reviewer count, feedback count, summary value, individual feedback.
give
Give feedback to an agent.
python scripts/reputation.py give <agentId> <value> [--decimals N] [--tag1 TAG] [--tag2 TAG] [--chain CHAIN]
Examples:
# Simple score (0-100)
python scripts/reputation.py give 16700 85 --tag1 reliable
# Percentage with decimals (99.77%)
python scripts/reputation.py give 16700 9977 --decimals 2 --tag1 uptime
my-rep
Check your agent's reputation across all chains.
python scripts/reputation.py my-rep <agentId> [--chains base,ethereum,polygon]
clients
List all addresses that gave feedback.
python scripts/reputation.py clients <agentId> [--chain CHAIN]
feedback
Read a specific feedback entry.
python scripts/reputation.py feedback <agentId> <clientAddress> <feedbackIndex> [--chain CHAIN]
revoke
Revoke feedback you previously gave.
python scripts/reputation.py revoke <agentId> <feedbackIndex> [--chain CHAIN]
leaderboard
Show top agents by reputation score.
python scripts/reputation.py leaderboard [--chain CHAIN] [--limit 20]
Fetches from Agentscan API and displays top agents with scores and star ratings.
Cross-Skill Workflows
Post-Registration Reputation Building
# 1. Register your agent (from erc8004-register skill)
python scripts/register.py register --name "MyBot" --description "..."
# 2. Validate the registration
python scripts/register.py validate 42
# 3. Check initial reputation (should be empty)
python scripts/reputation.py lookup 42
# 4. After interacting with clients, check reputation growth
python scripts/reputation.py my-rep 42
Before Interacting with an Agent
# 1. Find the agent (from erc8004-discover skill)
python scripts/discover.py search "oracle"
# 2. Get detailed info
python scripts/discover.py info 0x1234...
# 3. Check their reputation
python scripts/reputation.py lookup 42 --chain base
# 4. If satisfied, interact and then give feedback
python scripts/reputation.py give 42 85 --tag1 reliable --tag2 accurate
Reputation Monitoring
# Check your reputation regularly
python scripts/reputation.py my-rep 42
# See who's giving feedback
python scripts/reputation.py clients 42 --chain base
# Read specific feedback
python scripts/reputation.py feedback 42 0xABC... 1 --chain base
Heartbeat Integration
Monitor reputation changes in automated pipelines:
# Cron: check reputation daily
0 9 * * * python scripts/reputation.py my-rep 42 >> /var/log/rep-monitor.log 2>&1
# In a monitoring script:
#!/bin/bash
# Get current feedback count
count=$(python scripts/reputation.py lookup 42 2>&1 | grep "Feedback count:" | awk '{print $3}')
last_count=$(cat /tmp/rep-count-42.txt 2>/dev/null || echo 0)
if [ "$count" != "$last_count" ]; then
echo "New feedback received! Count: $count" | notify-send
echo "$count" > /tmp/rep-count-42.txt
fi
Configuration
Wallet (required for write operations)
export ERC8004_MNEMONIC="your twelve word mnemonic phrase here"
# OR
export ERC8004_PRIVATE_KEY="0xabc123..."
Read operations (lookup, my-rep, clients, feedback, leaderboard) don't need a wallet.
Supported Chains
| Chain | ID | Default | Gas Cost |
|---|---|---|---|
| Base | 8453 | Yes | ~$0.001 |
| Ethereum | 1 | ~$1-10 | |
| Polygon | 137 | ~$0.01 | |
| Monad | 143 | ~$0.001 | |
| BNB | 56 | ~$0.05 |
Base is recommended — cheapest gas by far.
Contract Addresses
Same on all chains:
- Identity Registry:
0x8004A169FB4a3325136EB29fA0ceB6D2e539a432 - Reputation Registry:
0x8004BAa17C55a88189AE136b182e5fdA19dE9b63
Dependencies
pip install web3 eth-account
Related Skills
- erc8004-register: Register and manage agents on-chain
- erc8004-discover: Find and monitor agents
Comments
Loading comments...