Agent Rating Protocol
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for agent reputation tracking, with the main cautions being an unpinned external PyPI package and persistent local rating files.
This skill looks coherent for local agent reputation tracking. Before installing, be comfortable with the external PyPI dependency, preferably use a virtual environment, and treat generated rating files as persistent trust data that may affect future decisions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package allows third-party Python code to run in the user’s environment when imported or used.
The skill depends on an external PyPI package that is not bundled or pinned in the provided artifact. This is purpose-aligned setup behavior, but it means the user must trust the package source and version resolved at install time.
The `agent-rating-protocol` Python package must be installed. If not available, install it: ```bash pip install agent-rating-protocol ```
Install in a virtual environment, review the PyPI package and source if available, and consider pinning a known-good version.
Stored ratings could affect which agents are trusted later, and rating explanations may contain context the user did not intend to share.
The skill intentionally creates persistent local reputation data. That fits the purpose, but these records may influence later agent-selection decisions and could be sensitive or misleading if edited, corrupted, or shared without review.
Reads and writes rating store files (`.jsonl`) in your working directory
Keep rating files in a known location, review them before exporting or sharing, and avoid including private details in rating explanations.