Aap Passport
Security checks across malware telemetry and agentic risk
Overview
The provided artifacts describe a coherent AI-agent attestation skill, with noteworthy but disclosed use of persistent cryptographic identity, npm packages, and test-only tooling.
This skill appears reasonable for AI-agent attestation, but install it only if you are comfortable with a persistent AAP identity key and npm package dependencies. Protect the identity file, verify package versions, and avoid running test scripts or optional LLM tests unless you understand what they execute and which API keys they use.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent signs a message or proof, it may be attributable to the same persistent AAP identity.
The skill creates or uses a persistent private signing key and provides a signing tool, which is central to attestation but grants the agent a reusable identity.
`aap_sign_message` | Sign a message with private key ... **Key Storage** | `~/.aap/identity.json` (mode 0600)
Use this only when you want a persistent agent identity, protect the ~/.aap identity file, and require explicit approval before signing messages outside the AAP flow.
Installing the npm packages gives those packages code execution in your local JavaScript environment.
The skill documents manual installation of unpinned npm packages. This is not automatically executed by the skill, but it is still third-party package installation.
npm install aap-agent-server # Server npm install aap-agent-client # Client
Install from the official npm/GitHub source, consider pinning versions, and review package contents if using this in production.
The protocol may behave differently from some documentation examples, which can affect compatibility and security expectations.
Other artifacts describe different versions and parameters, including SKILL.md v3.2.0 with 7 challenges in 6 seconds, so users may need to verify which behavior they are actually installing.
v2.5 introduces **Burst Mode** — 5 challenges in 8 seconds with salt injection.
Confirm the installed package version and runtime configuration before relying on challenge counts, timing limits, or security claims.
Running the test suite may execute local shell commands.
A static scan found shell command execution in a test file. The provided artifacts do not show it being run automatically during skill installation or invocation.
const result = execSync(
Do not run test scripts blindly; inspect the test command and run it in a controlled environment if needed.