Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Verigent
v0.1.2Verify the reputation of any AI agent or skill before transacting. Now includes isnad-style chain-of-custody provenance for skills. Powered by Verigent — the...
⭐ 0· 459·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (reputation + provenance) match the API endpoints and decision rules in SKILL.md. Requesting an AgentID and on-chain wallet addresses is coherent for identity and optional payment proofs. However, the registry metadata above lists no required environment variables while SKILL.md declares X_AGENT_ID, X402_WALLET_ADDRESS, and SOLANA_WALLET_ADDRESS — that mismatch is an inconsistency that should be clarified. README also documents many server-side secrets (Redis, Neo4j) which are backend requirements, not agent-side, but their presence increases surface-area complexity.
Instruction Scope
The runtime instructions are primarily HTTP calls to https://verigent.link and decision logic for handling results (in-scope). But the SKILL.md / README recommend running an MCP integration via `npx -y @verigent/mcp-server`, which would dynamically fetch and execute a remote npm package at runtime — this expands the attack surface beyond simple API queries and allows remote code execution on the agent host. The instructions also prescribe automatic reporting (POST /report) after transactions, which is in-scope but could transmit interaction metadata to an external service; the skill asks agents to include payment proofs in headers when charging the free-tier is exceeded.
Install Mechanism
There is no formal install spec (instruction-only), which is low risk by itself. However, the README/SKILL.md recommend using npx to run an MCP server package (@verigent/mcp-server). npx will fetch and execute code from the npm registry on demand; because there is no pinned install spec, that is a potential runtime execution risk and should be treated as an installation step that requires review (verify package ownership, published files, and integrity).
Credentials
SKILL.md declares X_AGENT_ID and two wallet address env vars which are reasonable for identity/payment headers — these are proportionate for a reputation/payment-aware API. But the registry metadata provided with the skill reported 'Required env vars: none', creating an incoherence. The README also documents many backend secrets (UPSTASH_REDIS_REST_TOKEN, NEO4J_PASSWORD, etc.) that are not needed for an agent client but may confuse users into over-sharing secrets. Ensure only the minimal AgentID/wallet address (public addresses) are provided — never provide private keys or DB credentials to the agent.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it does not declare any required config path or attempt to modify other skills. There is no built-in persistent presence or forced inclusion. The main persistent risk is the optional npx MCP server recommendation that could run a long-lived process if an operator chooses to install it.
What to consider before installing
This skill appears to do what it says (reputation + provenance checks), but there are red flags to consider before installing or invoking it autonomously: 1) Clarify the environment variables — SKILL.md requires X_AGENT_ID and wallet addresses, but the registry metadata claims none; don't supply private keys or unrelated secrets (DB passwords, tokens). 2) The documentation suggests using `npx -y @verigent/mcp-server` — dynamic npm installs execute remote code; only run that after auditing the package (publisher, versions, source, hashes). 3) Understand reporting behavior: the skill can POST transaction reports and may ask for payment proofs in headers — know what data will be sent to https://verigent.link and avoid including sensitive context unless necessary. 4) Verify the homepage/privacy policy and confirm the service operator and package ownership (npm/place where @verigent/mcp-server is published). 5) If you need higher assurance, ask the publisher to: (a) update registry metadata to list the declared env vars, (b) provide a pinned install spec (exact package and checksum), and (c) publish the MCP server source for review. If you cannot validate those, treat the skill as untrusted and avoid running any dynamic installs or providing secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97a9x5665b7ww0tpnef5rdxkx826t5c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.