TrustLayer Sybil Scanner
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: trustlayer-sybil-scanner Version: 4.1.0 The skill provides a legitimate interface for an AI agent to interact with the TrustLayer API (api.thetrustlayer.xyz) to detect Sybil attacks and reputation fraud in ERC-8004 agent systems. It uses standard curl commands to retrieve JSON data and provides clear decision logic for the agent to evaluate risk levels. No evidence of data exfiltration, malicious execution, or prompt injection was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Queries about agents, reviewers, or owners may be visible to the external provider.
The skill directs the agent to use curl to call an external API. This is expected for the stated scanner purpose, but it means lookup identifiers are sent to TrustLayer.
curl -s "https://api.thetrustlayer.xyz/trust/<chain>:<agentId>"
Use it for intended due-diligence lookups and avoid sending wallet or agent identifiers unless you are comfortable sharing that query with TrustLayer.
Using paid endpoints could incur small USDC charges if the user's environment supports payment authorization.
The skill discloses that some API endpoints are paid. No credential or wallet access is requested in the artifacts, but users should understand whether their environment can authorize x402 payments.
x402 micropayments on paid endpoints ($0.001 USDC per query)
Confirm before using paid endpoints and apply spending limits or explicit approval for any x402 payment-capable environment.
A TrustLayer result may cause the agent to recommend blocking a transaction or reducing exposure.
The skill provides strong action guidance based on the API's fraud signals. This is aligned with its purpose, but it can heavily influence payment or delegation decisions.
IF sybil_risk == "high" → BLOCK. Tell the user why.
Treat the scan as a decision aid, report the underlying score and flags to the user, and let the user make the final transaction decision.