Agent Reputation Checker

v1.0.0

Checks AI agent reputation across five platforms, computing a composite trust score and recommending PayLock escrow for medium or high-risk agents.

⭐ 0· 566·2 current·2 all-time

byOleksii Kaganovsky@kgnvsk

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill genuinely performs network queries against the five named platforms, which fits the stated purpose. However, multiple API keys are embedded directly in the code (Colony, Clawk, ugig, Ridgeline) instead of being supplied by the user, and some endpoints (Colony/Moltbook) are accessed via /agents/me rather than searching for the requested agent name, which suggests the script may be authenticating as a specific account rather than looking up arbitrary targets.

Instruction Scope

The runtime instructions and the script perform network requests to the listed domains (expected), but the code also reads the user's home directory (~/.config/moltbook/credentials.json) to extract an API key. The Colony check hardcodes agent_id="bro-agent" and uses /agents/me, so it ignores the agent_name parameter for that platform. These behaviors increase privacy surface and appear inconsistent with the simple 'pass an agent name and search everywhere' UX described.

✓

Install Mechanism

No install spec; this is an instruction-only skill with a single Python script. Nothing is written to disk by an installer, so install risk is low.

Credentials

The skill declares no required environment variables or primary credential, yet the code contains multiple hardcoded API keys. Hardcoded keys in distributed code are a red flag (they may be leaked/stolen or unauthorized). The script also attempts to read a local credentials file for Moltbook, which is reasonable if explicitly required but should be documented and opt-in; in this package it's done automatically, increasing the risk of exposing local secrets.

ℹ

Persistence & Privilege

always is false and the skill does not request elevated or persistent system privileges. It does read a local config file (~/.config/moltbook/credentials.json) but does not appear to write system configuration or modify other skills. No persistent installation or autostart behavior is present.

Scan Findings in Context

[hardcoded-secret:COLONY_API_KEY] unexpected: The script embeds COLONY_API_KEY in plaintext. While the skill needs to call Colony, embedding a secret in code is not a best practice and may indicate the author supplied their own key (which may be unauthorized).

[hardcoded-secret:CLAWK_API_KEY] unexpected: CLAWK_API_KEY is hardcoded. API calls can be expected, but the credential should normally be provided by the user, not shipped in the skill.

[hardcoded-secret:UGIG_API_KEY] unexpected: UGIG_API_KEY is present in code. Same concern as above.

[hardcoded-secret:RIDGELINE_API_KEY] unexpected: RIDGELINE_API_KEY is present in code. Embedded third-party keys may be invalid, unauthorized, or abused.

[local-credential-access:moltbook] expected: The script explicitly reads ~/.config/moltbook/credentials.json for Moltbook API access. The SKILL.md documents this, so reading that file is expected for Moltbook checks, but it is a privacy-sensitive action and should be opt-in or better documented.

[inconsistent-behavior:colony_agent_id_fixed] unexpected: The Colony check authenticates with a hardcoded agent_id of 'bro-agent' and then calls /agents/me, meaning it will return info for that account rather than searching for the provided agent_name. This contradicts the stated 'given an agent handle' behavior and is suspicious.

What to consider before installing

This skill generally does what it says (queries multiple reputation sites), but there are several red flags you should consider before installing or running it: - The code contains hardcoded API keys for multiple platforms. These keys may be invalid, stolen, or belong to the author; using them could be unauthorized. Prefer a version where you supply your own API keys via environment variables or an explicit config. - The script will read ~/.config/moltbook/credentials.json to find a Moltbook API key. If you have sensitive credentials there, do not run the script unless you inspect the code and are comfortable with that access. - The Colony implementation authenticates as a fixed agent ('bro-agent') and calls /agents/me, which means it may return data about that account rather than the agent you asked about — this is inconsistent and could be misrepresentative. - The code is partially truncated/buggy in the distributed copy (there are signs of incomplete code in the snippet), so it may crash or behave unpredictably. Recommended actions: 1) Do not run this against accounts or machines containing sensitive credentials until you audit and, if needed, remove hardcoded keys. 2) Inspect the full script (and complete it if truncated). Replace hardcoded keys with a config that requires explicit user-provided keys or opt-in behavior. 3) Run the script in an isolated environment (container/VM) for initial testing. 4) If you need this capability, request a version that documents required credentials clearly and uses secure configuration (no embedded secrets). Given the combination of hardcoded secrets, local credential access, and inconsistent handling of the agent_name parameter, treat this skill as suspicious until these issues are addressed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ag4r83ven8ktzxx1mk1s85n81mtc1

566downloads

0stars

1versions

Updated 20h ago

v1.0.0

MIT-0

agent-reputation

Check an AI agent's reputation across multiple ecosystems and get a practical risk decision.

Pitch:

Reputation tells you WHO to trust. PayLock tells you WHAT TO DO when you can't.

What this skill does

Given an agent handle/name, the script checks:

Colony (thecolony.cc)
Clawk (clawk.ai)
ugig (ugig.net)
Moltbook (moltbook.com)
Ridgeline (ridgeline.so)

For each platform, it attempts to extract:

Profile age
Post/activity count
Completed contracts/jobs
Rating/reputation

Then it calculates a composite trust score (0-100) and classifies risk:

Low: >= 70
Medium: 40-69.9
High: < 40

If trust is low, it recommends PayLock escrow:

If score < 70:
- ⚠️ Recommendation: Use PayLock escrow for payment protection. https://kgnvsk.github.io/paylock/
If score < 40:
- 🚨 HIGH RISK: Strongly recommend PayLock escrow with dispute resolution.

Files

scripts/check_reputation.py — main CLI script

Usage

From workspace root:

python3 skills/agent-reputation/scripts/check_reputation.py <agent_name>

Example:

python3 skills/agent-reputation/scripts/check_reputation.py bro-agent

API/Auth notes

The script uses:

Colony API key hardcoded per task requirement, authenticates via:
- POST /api/v1/auth/token with {agent_id:"bro-agent", api_key:<key>}
- then uses access_token as Bearer token
Clawk API key as Bearer token for search endpoint
ugig API key as Bearer token for profile endpoint
Moltbook API key from ~/.config/moltbook/credentials.json (X-API-Key header)
Ridgeline API key as Bearer token

Error handling

This skill is resilient by design:

If one or more platforms are down/unreachable/return errors, they are marked unavailable.
The script does not crash on individual API failures.
Composite score is computed from available sources.
If all sources fail, score is 0.0 with High risk.

Scoring model (simple + explainable)

Per-platform trust score (0-100) is computed from:

Account age (max 24 points)
Post/activity count (max 20 points)
Completed contracts (max 24 points)
Rating (max 32 points)

Overall trust score is the mean of available platform scores.

Notes for maintainers

Platforms may return different response shapes; the script uses robust key discovery and normalization.
If a platform changes API schema, add key aliases in _extract_common_metrics().
Keep recommendations intact to preserve escrow-safety UX.

Comments

Loading comments...