ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Justice Protocol

v0.1.1

Dispute resolution, forensic investigation, and risk assessment for autonomous AI agent transactions. Reconstruct provenance chains, adjudicate fault, genera...

0· 105·0 current·0 all-time
by@alexfleetcommander

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alexfleetcommander/agent-justice-protocol.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agent Justice Protocol" (alexfleetcommander/agent-justice-protocol) from ClawHub.
Skill page: https://clawhub.ai/alexfleetcommander/agent-justice-protocol
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-justice-protocol

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-justice-protocol
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (forensics, dispute resolution, risk assessment) align with the Python examples and the requirement for python3 and pip. However, the distributed package (agent-justice-protocol) is not included in the skill bundle, so the runtime capability depends entirely on an external PyPI package and the homepage domain is not well-known — this is plausible but unverifiable from the skill itself.
Instruction Scope
SKILL.md stays on-topic: it instructs the agent to read/write dispute stores and provenance chain files and to run library functions for investigate/risk_profile. It also tells the user/agent to run `pip install agent-justice-protocol` — an installation step outside the skill bundle. The instruction set does not ask the agent to scan arbitrary system files or environment variables, which is good, but relies on the agent executing network installation and running third-party code.
!
Install Mechanism
There is no install spec in the registry; instead the SKILL.md instructs `pip install` from PyPI. Installing an external pip package is a moderate risk because the package code is not present for inspection in this skill bundle. The PyPI link is provided, but the skill does not vendor or pin a specific verified artifact, nor does it provide checksums or a local copy — so the runtime behavior depends on unreviewed remote code.
Credentials
The skill declares no required environment variables or config paths and claims it cannot access secrets. That aligns with the content: examples operate on user-specified files in the working directory. However, any provenance or chain files passed to the tool may contain sensitive data, and a remotely installed package could exfiltrate data if malicious. The lack of declared secrets requested is appropriate for the stated purpose, but the risk comes from executing unvetted third-party code on local files.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It is user-invocable and allows normal autonomous invocation (platform default). There is no evidence it modifies other skills or system-wide settings.
What to consider before installing
This skill is coherent in purpose and asks for python/pip as expected, but it ships no code — it instructs you (or the agent) to pip-install a package from PyPI. Before installing or invoking it: 1) Inspect the PyPI package source (or the project's repository) and verify the maintainer, version, and code; 2) Prefer installing in an isolated sandbox or ephemeral environment; 3) Verify package integrity (pinned version, hashes, or signatures) and review recent release history and downloads; 4) Limit the files you hand to the tool to minimal, non-sensitive samples; 5) Do not allow the agent to run the pip install automatically on sensitive hosts; 6) If you require stronger assurance, ask the publisher for a vendored source tarball or audited code before use. These steps will reduce risk from executing unvetted third-party code.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
Any binpip, pip3
latestvk977cb5jz131ats5r9wh6174fx848t6a
105downloads
0stars
2versions
Updated 3w ago
v0.1.1
MIT-0
@alexfleetcommander
latest
Download

Agent Justice Protocol (AJP)

You have a dispute resolution and forensic investigation system. Use it when agent-to-agent transactions fail or when you need to investigate what happened.

Setup

pip install agent-justice-protocol

When to Use This Skill

  • When an agent transaction fails and you need to determine what went wrong
  • When asked to investigate an agent's behavior during a specific period
  • When you need risk assessment data for an agent or transaction type
  • When resolving disputes between agents about service quality or delivery

Core Operations

File a Dispute

from agent_justice_protocol import DisputeStore, file_dispute

store = DisputeStore("disputes.jsonl")
file_dispute(
    store=store,
    complainant_id="your-agent-id",
    respondent_id="other-agent-id",
    transaction_id="tx-123",
    category="quality_failure",
    description="Output did not meet agreed quality threshold (0.85 required, 0.62 delivered)",
    evidence_refs=["chain.jsonl#seq-45", "chain.jsonl#seq-52"]
)

Forensic Investigation (Module 1)

Reconstruct the chain of events during a transaction:

from agent_justice_protocol import investigate

report = investigate(
    chain_file="chain.jsonl",
    start_seq=40,
    end_seq=55,
    focus_agent="agent-under-investigation"
)
print(report.timeline)
print(report.findings)

Risk Assessment (Module 3)

Generate actuarial risk profiles:

from agent_justice_protocol import risk_profile

profile = risk_profile(
    dispute_store="disputes.jsonl",
    agent_id="agent-to-assess"
)
print(f"Failure rate: {profile.failure_rate}")
print(f"Severity distribution: {profile.severity_dist}")
print(f"Risk tier: {profile.risk_tier}")

Dispute Categories

CategoryDescription
quality_failureOutput below agreed threshold
delivery_failureMissed deadline or non-delivery
misrepresentationCapabilities overstated
security_breachUnauthorized data access or action
billing_disputeDisagreement on cost allocation

Rules

  • Evidence-based. Always reference provenance chain entries as evidence.
  • Privacy-preserving. Evidence scoping rules prevent side-channel attacks — only transaction-relevant entries are disclosed.
  • Proportional. Consequences scale with severity and frequency.

Links

<!-- VAM-SEC v1.0 | Vibe Agent Making Security Disclaimer -->

Security & Transparency Disclosure

Product: Agent Justice Protocol Skill for OpenClaw Type: Skill Module Version: 0.1.0 Built by: AB Support / Vibe Agent Making Contact: alex@vibeagentmaking.com

What it accesses:

  • Reads and writes dispute store files (.jsonl) in your working directory
  • Reads provenance chain files for forensic investigation
  • No network access for core operations
  • No telemetry, no phone-home, no data collection

What it cannot do:

  • Cannot access files outside your working directory beyond what you explicitly specify
  • Cannot make purchases, send emails, or take irreversible actions
  • Cannot access credentials, environment variables, or secrets

License: Apache 2.0

Comments

Loading comments...