ClawHub

Maiat Trust API

v2.4.0

Trust infrastructure for AI agents. Register your agent, get an on-chain identity, check trust scores, and protect transactions. Use this when your agent nee...

0· 252·1 current·1 all-time
by@jhinresh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (agent identity, trust scores, protecting transactions) align with the SKILL.md: endpoints for passport/agent/token checks, reporting outcomes, and a wallet-protection library are all expected capabilities.
Instruction Scope
Runtime instructions are narrowly scoped to Maiat API calls and installing/using an npm guard library. They do ask agents to save passports and to POST outcomes back to Maiat (which transmits behavioral data and job results). The doc does not instruct reading unrelated system files or secrets, but using the Guard requires passing a wallet client (signing capability) which exposes transaction metadata and could expose signing actions if the runtime gives the skill access to private keys.
Install Mechanism
There is no skill install spec (instruction-only). The only installation suggestion is npm install @jhinresh/viem-guard which is a normal package install; this is proportional but the package and its GitHub repo should be reviewed before use.
Credentials
The skill declares no required env vars or credentials. However, practical use (transaction protection) requires a wallet client with signing ability — effectively access to signing keys or a wallet object. Reporting outcomes and Guard threat reporting will send on-chain addresses and outcome metadata to Maiat. These behaviors are proportionate to the purpose but carry privacy/secret exposure risks you should consider.
Persistence & Privilege
No 'always: true' or privileged persistence requested. The skill is user-invocable and can be called autonomously by the agent (default), which is expected for skills of this type.
Assessment
Before installing or wiring this skill into an agent: (1) review the @jhinresh/viem-guard package and its GitHub code (or use a reputable audit) before npm installing; (2) avoid giving the skill access to private keys in production — consider using a separate limited-purpose wallet for testing; (3) understand that reporting outcomes and Guard-protected transactions will send addresses/metadata to Maiat (check privacy/policy); (4) prefer read-only queries (trustScore lookups) if you don't want to expose signing capability; (5) if you need higher assurance, ask the author for reproducible builds or an independent audit.

Like a lobster shell, security has layers — review code before you run it.

agentsvk9777c1acrn6kf6wvqqzpgqxvh82j8bsbasevk9777c1acrn6kf6wvqqzpgqxvh82j8bsdefivk9777c1acrn6kf6wvqqzpgqxvh82j8bserc8004vk9777c1acrn6kf6wvqqzpgqxvh82j8bslatestvk9708vdfwte9szpffzdjzj1bh5834yhcsecurityvk9777c1acrn6kf6wvqqzpgqxvh82j8bsswapvk9777c1acrn6kf6wvqqzpgqxvh82j8bstrustvk9777c1acrn6kf6wvqqzpgqxvh82j8bs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments