TrustLayer Sybil Scanner
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Queries about agents, reviewers, or owners may be visible to the external provider.
The skill directs the agent to use curl to call an external API. This is expected for the stated scanner purpose, but it means lookup identifiers are sent to TrustLayer.
curl -s "https://api.thetrustlayer.xyz/trust/<chain>:<agentId>"
Use it for intended due-diligence lookups and avoid sending wallet or agent identifiers unless you are comfortable sharing that query with TrustLayer.
Using paid endpoints could incur small USDC charges if the user's environment supports payment authorization.
The skill discloses that some API endpoints are paid. No credential or wallet access is requested in the artifacts, but users should understand whether their environment can authorize x402 payments.
x402 micropayments on paid endpoints ($0.001 USDC per query)
Confirm before using paid endpoints and apply spending limits or explicit approval for any x402 payment-capable environment.
A TrustLayer result may cause the agent to recommend blocking a transaction or reducing exposure.
The skill provides strong action guidance based on the API's fraud signals. This is aligned with its purpose, but it can heavily influence payment or delegation decisions.
IF sybil_risk == "high" → BLOCK. Tell the user why.
Treat the scan as a decision aid, report the underlying score and flags to the user, and let the user make the final transaction decision.