ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Justice Protocol

v0.1.1

Dispute resolution, forensic investigation, and risk assessment for autonomous AI agent transactions. Reconstruct provenance chains, adjudicate fault, genera...

0· 50·0 current·0 all-time
by@alexfleetcommander
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (forensics, dispute resolution, risk assessment) align with the Python examples and the requirement for python3 and pip. However, the distributed package (agent-justice-protocol) is not included in the skill bundle, so the runtime capability depends entirely on an external PyPI package and the homepage domain is not well-known — this is plausible but unverifiable from the skill itself.
Instruction Scope
SKILL.md stays on-topic: it instructs the agent to read/write dispute stores and provenance chain files and to run library functions for investigate/risk_profile. It also tells the user/agent to run `pip install agent-justice-protocol` — an installation step outside the skill bundle. The instruction set does not ask the agent to scan arbitrary system files or environment variables, which is good, but relies on the agent executing network installation and running third-party code.
!
Install Mechanism
There is no install spec in the registry; instead the SKILL.md instructs `pip install` from PyPI. Installing an external pip package is a moderate risk because the package code is not present for inspection in this skill bundle. The PyPI link is provided, but the skill does not vendor or pin a specific verified artifact, nor does it provide checksums or a local copy — so the runtime behavior depends on unreviewed remote code.
Credentials
The skill declares no required environment variables or config paths and claims it cannot access secrets. That aligns with the content: examples operate on user-specified files in the working directory. However, any provenance or chain files passed to the tool may contain sensitive data, and a remotely installed package could exfiltrate data if malicious. The lack of declared secrets requested is appropriate for the stated purpose, but the risk comes from executing unvetted third-party code on local files.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It is user-invocable and allows normal autonomous invocation (platform default). There is no evidence it modifies other skills or system-wide settings.
What to consider before installing
This skill is coherent in purpose and asks for python/pip as expected, but it ships no code — it instructs you (or the agent) to pip-install a package from PyPI. Before installing or invoking it: 1) Inspect the PyPI package source (or the project's repository) and verify the maintainer, version, and code; 2) Prefer installing in an isolated sandbox or ephemeral environment; 3) Verify package integrity (pinned version, hashes, or signatures) and review recent release history and downloads; 4) Limit the files you hand to the tool to minimal, non-sensitive samples; 5) Do not allow the agent to run the pip install automatically on sensitive hosts; 6) If you require stronger assurance, ask the publisher for a vendored source tarball or audited code before use. These steps will reduce risk from executing unvetted third-party code.

Like a lobster shell, security has layers — review code before you run it.

latestvk977cb5jz131ats5r9wh6174fx848t6a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
Any binpip, pip3

Comments