ClawHub

Sentinel Reputation

v1.0.0

AI agent trust scoring and reputation data from the ACP marketplace. Returns reliability grades (A-F), success rates, job counts, buyer diversity, and servic...

0· 50·0 current·0 all-time
by@infragridacp-sentinel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise (agent reputation data from the ACP marketplace) aligns with the SKILL.md content: all examples call sentineltrust.xyz endpoints and describe the fields returned. No unrelated credentials, binaries, or system access are requested.
Instruction Scope
Runtime instructions are limited to curl calls to sentineltrust.xyz (demo and paid endpoints) and an optional example using the Nansen CLI for on-chain lookups. The skill does not instruct reading local files, environment variables, or other system state outside those API calls.
Install Mechanism
No install spec or code is present (instruction-only). Nothing is written to disk or downloaded by the skill itself, which minimizes install-time risk.
Credentials
The skill declares no required environment variables or credentials, which is proportional. It references a paid endpoint that expects payment via an x402 wallet/client (e.g., Nansen CLI or AgentCash). If you have such a client configured, invoking the paid endpoint could trigger a microtransaction handled by that client — the skill itself does not request wallet secrets.
Persistence & Privilege
always:false (no force-inclusion). Model invocation is allowed (default), so an agent could autonomously call the external API. This is normal for skills, but be aware autonomous calls could initiate paid lookups if you have an x402 wallet/client configured.
Assessment
This skill appears to do exactly what it says: call sentineltrust.xyz for reputation reports and optionally show how to combine that with Nansen on-chain data. Before installing, consider: 1) The skill calls an external domain (sentineltrust.xyz) — verify you trust that provider and their privacy/usage terms. 2) The paid endpoint uses x402 payments; if you have an x402-capable wallet/client configured, autonomous invocation could trigger small charges — disable autonomous invocation or avoid the paid endpoint if you don't want that. 3) The skill does not request credentials, but if you use the Nansen CLI examples you may need Nansen credentials locally; those are not supplied by the skill. 4) As with any reputation data, independently verify high-stakes decisions — treat reports as one signal among others.

Like a lobster shell, security has layers — review code before you run it.

latestvk974k0gxsxp15nnbvcsp1vxa1983wfaa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments