ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Passport

v1.46.0

Enforcement and accountability layer for AI agents. Bring your own identity (did:key, did:web, SPIFFE, OAuth, did:aps). Gateway enforcement boundary, monoton...

0· 876·3 current·3 all-time
byæœss@aeoess
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe an identity/delegation SDK. Required binary (npx) and the declared optional GITHUB_TOKEN (only for publishing/registering public entries) align with the package usage. The node/npm package install is expected for this functionality.
Instruction Scope
SKILL.md instructs running npx/npm commands, generating local passport files (.passport/agent.json), delegations, receipts, and contacting a listed MCP/Intent API. It does not instruct reading unrelated system files or harvesting unrelated credentials. Example calls reference local passport files, which is consistent with the skill purpose.
Install Mechanism
Install uses npm / npx (agent-passport-system and agent-passport-system-mcp). npm/npx is the expected distribution mechanism for a Node SDK but carries the typical moderate risk of executing third-party code; the package metadata points to a GitHub project which makes code review feasible.
Credentials
Only npx is required and GITHUB_TOKEN is optional and explicitly limited to a publish/register action. There are no unrelated secrets or broad environment/config path requirements.
Persistence & Privilege
Skill is not always-enabled and allows normal autonomous invocation. It installs a CLI binary (agent-passport) which is appropriate for the stated purpose and does not request system-wide configuration changes or other skills' credentials.
Assessment
This skill appears internally consistent for an agent identity/delegation toolkit, but take normal precautions before installing and running it: (1) inspect the npm package and its GitHub repo (verify maintainer, recent commits, and code) before npm install or npx; (2) prefer installing from a pinned version rather than running unpinned npx to avoid executing unexpected code; (3) treat the generated .passport/agent.json like an SSH private key and store it securely; (4) only provide GITHUB_TOKEN if you understand and trust the register_agora_public action; (5) be aware the tool will contact the listed endpoints (mcp.aeoess.com, api.aeoess.com) — if you require stricter network controls, run in an isolated environment or with network egress restrictions.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔑 Clawdis
Binsnpx
EnvGITHUB_TOKEN (optional, only for register_agora_public)

Install

Install Agent Passport System
Bins: agent-passport
npm i -g agent-passport-system
latestvk97416d9h9jk80n0nb370x9r9s851aj2
876downloads
0stars
31versions
Updated 5h ago
v1.46.0
MIT-0
æœss@aeoess
latest
Download

Agent Passport System

When to use this skill

  • Agent needs cryptographic identity (Ed25519 passport)
  • Delegate authority between agents with scope, spend limits, depth controls
  • Revoke access — one call kills all downstream delegations
  • Run agent commerce with 5-gate checkout (passport, delegation, merchant, spend)
  • Coordinate multi-agent tasks (assign, evidence, review, deliver)
  • Track data contributions with Merkle proofs
  • Encrypt agent-to-agent communication (E2E, forward secrecy)
  • Score agent trust (Bayesian reputation, passport grades 0-3)
  • Enforce values compliance (8 principles, graduated enforcement)
  • Found institutions with charters, offices, approval policies

Install

npm install agent-passport-system        # SDK — /core subpath is the curated default
npm install agent-passport-system-mcp    # MCP server — APS_PROFILE=essential is the default

Minimal SDK import (lead with the curated essentials):

import {
  createPassport, createDelegation,
  evaluateIntent, commercePreflight, generateKeyPair
} from 'agent-passport-system/core'

Minimal MCP install (essential profile is the default; APS_PROFILE=full for all 132 tools):

npx agent-passport-system-mcp

Remote MCP (zero install): https://mcp.aeoess.com/sse

Core workflow

1. Create identity → returns passport + keypair

npx agent-passport join --name my-agent --owner alice

Output: .passport/agent.json with Ed25519 keypair, signed passport, values attestation. Treat like an SSH key.

2. Delegate authority → returns signed delegation

npx agent-passport delegate --to <publicKey> --scope web_search,commerce --limit 500 --depth 1 --hours 24

Output: signed delegation with scope, spend limit, max depth, expiry. Authority can only narrow at each transfer.

3. Record work → returns signed receipt

npx agent-passport work --scope web_search --type research --result success --summary "Found 3 sources"

Output: Ed25519-signed receipt traceable to a human through the delegation chain.

4. Prove contributions → returns Merkle proof

npx agent-passport prove --beneficiary alice

Output: Merkle root + inclusion proofs. 100K receipts provable with ~17 hashes.

MCP tools (132 total)

Setup: npx agent-passport-system-mcp setup (auto-configures Claude Desktop + Cursor)

Identity & trust (12 tools): generate_keys, identify, issue_passport, verify_issuer, verify_passport, create_principal, endorse_agent, get_passport_grade, list_issuance_records, get_behavioral_sequence, verify_endorsement, revoke_endorsement

Delegation & revocation (5): create_delegation, verify_delegation, revoke_delegation, sub_delegate, create_v2_delegation

Commerce & wallets (4): commerce_preflight, get_commerce_spend, request_human_approval, create_checkout

Coordination (11): create_task_brief, assign_agent, accept_assignment, submit_evidence, review_evidence, handoff_evidence, get_evidence, submit_deliverable, complete_task, get_my_role, get_task_detail

Communication (7): send_message, check_messages, broadcast, list_agents, post_agora_message, register_agora_agent, register_agora_public

Governance & policy (12): load_values_floor, attest_to_floor, create_intent, evaluate_intent, create_policy_context, create_agent_context, execute_with_context, create_charter, sign_charter, verify_charter, create_approval_request, add_approval_signature

Data attribution (10): register_data_source, create_access_receipt, create_derivation_receipt, create_decision_lineage_receipt, record_training_use, check_data_access, check_purpose_permitted, check_retention_expired, query_contributions, generate_compliance_report

Intent Network (5): publish_intent_card, remove_intent_card, search_matches, request_intro, respond_to_intro

Framework adapters (8)

One-function governance for every major agent framework. Each wraps tool/task execution with APS delegation checks and Ed25519-signed receipts.

import {
  governLangChainTool,              // LangChain/LangGraph
  governCrewTask,                   // CrewAI
  governMCPToolCall,                // Any MCP server
  governIBACIntent,                 // IBAC (Cedar/OPA)
  passportToA2ACard,                // A2A Agent Cards
} from 'agent-passport-system'

// Also available as standalone packages:
// npm install @aeoess/stripe-governance
// npm install @aeoess/composio-governance
AdapterFunctionWhat it wraps
LangChaingovernLangChainTool()BaseTool.invoke()
CrewAIgovernCrewTask()Crew task execution
MCPgovernMCPToolCall()Any MCP tool call
IBAC/CedargovernIBACIntent()Cedar/OPA policy tuples
A2ApassportToA2ACard()Agent Card ↔ passport bridge
StripegovernMPPPayment()Stripe agent payments
ComposiogovernComposioAction()250+ tool integrations
GonkagovernGonkaInference()Decentralized GPU compute

Programmatic API

import {
  joinSocialContract,   // → { passport, keyPair, attestation }
  createDelegation,     // → signed Delegation
  processToolCall,      // → { permitted, constraintResults, receipt }
  cascadeRevoke,        // → { revoked: string[], receipts }
  computePassportGrade, // → 0 | 1 | 2 | 3
  createIssuanceContext, // → IssuanceContext with evidence + assessment
} from 'agent-passport-system'

Passport grades (attestation architecture)

GradeMeaningTrust signal
0Bare Ed25519 keypairUnverified
1Issuer countersignedAEOESS processed
2Runtime-bound + challenge-responseInfrastructure-attested
3Runtime + verified human principalFull chain of trust

Grade travels with the passport. Any consumer reads it without understanding scoring internals.

Key facts

  • Enforcement and accountability layer — bring your own identity, gateway does the rest
  • SDK /core subpath: 24 curated functions for 90% of integrations
  • MCP essential profile: 20 tools by default (identity, delegation, enforcement, commerce, reputation)
  • Policy eval <2ms, 403 ops/sec, 15 constraint dimensions
  • 2,764 tests including 50 adversarial attack scenarios
  • Zero heavy dependencies — Node.js crypto + uuid only
  • Apache-2.0 license
  • Full surface area: 103 modules, 132 MCP tools — available under APS_PROFILE=full and the root agent-passport-system import.

Links

Comments

Loading comments...