V19 Trust Engine
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users cannot verify from the registry metadata who operates the external governance endpoint.
The skill has no code or install package, but the external service provenance is not established by source or homepage metadata.
Source: unknown; Homepage: none
Verify the operator and intended service before registering an agent or relying on generated trust scores.
Running the examples will send the provided agent name and requests to the external V19 governance service.
The skill documents remote API calls via curl, including self-registration with an external endpoint. These are user-directed examples and are aligned with the stated trust-engine purpose.
curl -s -X POST https://boat-atlas-spa-flexible.trycloudflare.com/governance/register ... -d '{"agent_name":"你的Agent名称"}'Run the curl commands only when you intend to interact with that service, and review the endpoint before submitting registration data.
The generated Pro key may grant access to your V19 trust-score or governance functions for that service.
The skill uses service-specific governance keys, including a generated Pro key. This is expected for the V19 API, and there is no artifact evidence of unrelated credential access or leakage.
X-Governance-Key: <你的专属密钥> ... 系统自动返回专属Pro密钥
Treat any returned Pro key as a secret and do not paste it into unrelated chats, logs, or public files.
The service may retain agent activity, audit outcomes, and trust status, and some certification status may be displayed on a governance dashboard.
The trust score depends on stored audit results and activity history over time, implying persistent service-side state. This is core to the stated purpose but should be noticed.
所有 `/governance/audit` 调用的 PASS/FAIL 比率 ... 12小时心跳制 ... 连续7天无调用 → 信任分自动归零
Only submit agent identifiers, manifests, or audit data that you are comfortable having processed and potentially reflected in the V19 governance system.