Praesidia
v2.0.1Verify AI agents, check trust scores (0-100), fetch A2A agent cards, discover marketplace agents, apply guardrails for security and compliance. Use when user mentions agent verification, trust scores, agent discovery, A2A protocol, agent identity, agent marketplace, guardrails, security policies, content moderation, or asks "is this agent safe?" or "find agents that can [task]" or "apply guardrails to protect my agent".
⭐ 4· 1.9k·0 current·0 all-time
by@msoica
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and runtime instructions all describe calling a Praesidia REST API to fetch agent cards, trust scores, discovery results, and manage guardrails — the single required credential (PRAESIDIA_API_KEY) is appropriate for that purpose.
Instruction Scope
SKILL.md instructs only API calls (web_fetch) to Praesidia endpoints and presenting results. It does tell the agent to obtain orgId from the user's profile/context and to read OpenClaw config (~/.openclaw/openclaw.json) for the API key/URL; both are reasonable for this functionality but are assumptions the agent will need to access user/context data to populate orgId. No instructions request unrelated files or credentials.
Install Mechanism
Instruction-only skill (no install spec, no code files). Lowest install risk — nothing is written to disk by an installer.
Credentials
The skill requires a single credential (PRAESIDIA_API_KEY) which matches the API usage. SKILL.md however uses PRAESIDIA_API_URL in examples (and asks users to place it in openclaw.json) but PRAESIDIA_API_URL is not declared in the top-level required env list/metadata — minor inconsistency that could cause runtime confusion but not an escalated permission request.
Persistence & Privilege
always is false and there is no install-time agent persistence or cross-skill config modification described. The skill can be invoked autonomously (platform default), which is expected for this type of service.
Assessment
This skill appears to do what it says: make authenticated calls to a Praesidia API to verify agents and manage guardrails. Before installing: 1) Confirm the Praesidia service and domain (api.praesidia.ai) are legitimate and you trust the provider. 2) Limit the API key scope and rotate keys if possible; do not reuse high-privilege keys. 3) Note SKILL.md expects PRAESIDIA_API_URL in config even though only PRAESIDIA_API_KEY is declared — set the URL explicitly in ~/.openclaw/openclaw.json or confirm with the publisher. 4) Understand the agent will need access to your orgId/context to call organization-scoped endpoints; verify you are comfortable with the skill reading that context. 5) Because this is instruction-only with no source code in the package and the skill's source is listed as unknown, consider obtaining the publisher/homepage or additional provenance before trusting it in sensitive environments.Like a lobster shell, security has layers — review code before you run it.
a2avk974yzdrrhkyj9ex0ch5pmc0zn80jadmagentsvk974yzdrrhkyj9ex0ch5pmc0zn80jadmguardrailsvk974yzdrrhkyj9ex0ch5pmc0zn80jadmidentityvk974yzdrrhkyj9ex0ch5pmc0zn80jadmlatestvk978azvegmdnj87mcy7sxy444h80kx25securityvk974yzdrrhkyj9ex0ch5pmc0zn80jadmtrustvk974yzdrrhkyj9ex0ch5pmc0zn80jadmverificationvk974yzdrrhkyj9ex0ch5pmc0zn80jadm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
EnvPRAESIDIA_API_KEY
Primary envPRAESIDIA_API_KEY