V19 Trust Engine
PassAudited by ClawScan on May 4, 2026.
Overview
This instruction-only skill does not install or run code, but it points users to an external V19 governance API and uses service-specific keys, so users should verify the service before registering.
This appears to be a documentation/API-integration skill rather than executable code. Before installing or using it, verify that the Cloudflare-hosted V19 endpoint is the service you intend to use, run the curl commands only deliberately, keep any returned Pro key private, and understand what audit or registration data may be stored or displayed by the governance service.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users cannot verify from the registry metadata who operates the external governance endpoint.
The skill has no code or install package, but the external service provenance is not established by source or homepage metadata.
Source: unknown; Homepage: none
Verify the operator and intended service before registering an agent or relying on generated trust scores.
Running the examples will send the provided agent name and requests to the external V19 governance service.
The skill documents remote API calls via curl, including self-registration with an external endpoint. These are user-directed examples and are aligned with the stated trust-engine purpose.
curl -s -X POST https://boat-atlas-spa-flexible.trycloudflare.com/governance/register ... -d '{"agent_name":"你的Agent名称"}'Run the curl commands only when you intend to interact with that service, and review the endpoint before submitting registration data.
The generated Pro key may grant access to your V19 trust-score or governance functions for that service.
The skill uses service-specific governance keys, including a generated Pro key. This is expected for the V19 API, and there is no artifact evidence of unrelated credential access or leakage.
X-Governance-Key: <你的专属密钥> ... 系统自动返回专属Pro密钥
Treat any returned Pro key as a secret and do not paste it into unrelated chats, logs, or public files.
The service may retain agent activity, audit outcomes, and trust status, and some certification status may be displayed on a governance dashboard.
The trust score depends on stored audit results and activity history over time, implying persistent service-side state. This is core to the stated purpose but should be noticed.
所有 `/governance/audit` 调用的 PASS/FAIL 比率 ... 12小时心跳制 ... 连续7天无调用 → 信任分自动归零
Only submit agent identifiers, manifests, or audit data that you are comfortable having processed and potentially reflected in the V19 governance system.