ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agnic Get Agent Identity

v2.0.2

Check your agent's on-chain ERC-8004 identity, trust score, and KYA credentials. Use when the user wants to see agent identity, check trust score, view crede...

0· 103·0 current·0 all-time
byAgnic.AI@agnicpay-prog

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for agnicpay-prog/get-agent-identity.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agnic Get Agent Identity" (agnicpay-prog/get-agent-identity) from ClawHub.
Skill page: https://clawhub.ai/agnicpay-prog/get-agent-identity
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install get-agent-identity

ClawHub CLI

Package manager switcher

npx clawhub@latest install get-agent-identity
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactionsRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (check on‑chain ERC‑8004 identity, trust score, KYA) lines up with the SKILL.md, which instructs calling the 'agnic' CLI. However the skill metadata declares no required binaries or env vars while the instructions assume use of 'npx' and optionally an AGNIC_TOKEN — so the declared requirements are incomplete.
Instruction Scope
The instructions are narrowly focused: run 'npx agnic@latest status' and 'npx agnic@latest agent-identity' or use interactive auth. They do not instruct reading unrelated files or exfiltrating data to unexpected endpoints. They do, however, reference setting AGNIC_TOKEN and linking to app.agnic.ai for account creation/auth.
Install Mechanism
No install spec is present; instead the runtime uses 'npx agnic@latest', which will fetch and run code from the npm registry at execution time. This is expected for CLI usage but does involve executing remote code on-demand rather than depending only on preinstalled, declared binaries.
!
Credentials
The SKILL.md explicitly mentions AGNIC_TOKEN as a headless auth option, but the skill metadata lists no required environment variables or primary credential. That mismatch is concerning because a token with account privileges may be needed or requested but is not declared in the metadata for user review.
Persistence & Privilege
always is false and disable-model-invocation is false (the platform default). The skill does not request persistent system-wide settings or claim the ability to modify other skills. Autonomous invocation is allowed by default; that increases the importance of the other flagged issues but is not by itself unusual.
What to consider before installing
This skill appears to do what it says (query an Agnic agent identity) but note two practical risks: (1) the documentation refers to an AGNIC_TOKEN env var but the skill metadata doesn't declare it — don't export or paste tokens unless you trust the package and know what the token grants; (2) the commands use 'npx agnic@latest', which will download and execute code from npm at runtime. Before installing/use, confirm the upstream package (npm owner, project homepage/repo), consider running the commands manually first, and only provide an AGNIC_TOKEN with least privilege when required. If you need higher assurance, ask the publisher for a homepage/repository and explicit list of required env vars and capabilities.

Like a lobster shell, security has layers — review code before you run it.

latestvk975qd093xkw5b1d1hstttkfrn85d4bc
103downloads
0stars
2versions
Updated 4d ago
v2.0.2
MIT-0
Agnic.AI@agnicpay-prog
latest
Download

Getting Agent Identity

Check the user's on-chain ERC-8004 agent identity, trust score, and KYA (Know Your Agent) credentials.

Authentication

Run npx agnic@latest status --json to verify. If not authenticated:

  • Headless (CI/server/agent): Set AGNIC_TOKEN env var or pass --token <token>
  • Interactive (has browser): Run npx agnic@latest auth login

See the authenticate-wallet skill for details.

Check Agent Identity

npx agnic@latest agent-identity --json

Returns the agent's on-chain identity including:

  • Agent ID -- The ERC-721 token ID on the ERC-8004 Identity Registry
  • Owner address -- The wallet that owns the agent NFT
  • Trust score -- Reputation score (0-100) based on transaction history
  • Categories -- Authorized action categories (e.g., payment, general, alcohol)
  • Status -- Whether the agent is active or suspended

What is ERC-8004?

ERC-8004 ("Trustless Agents") is an Ethereum standard that gives AI agents:

FeatureDescription
On-chain identityAn ERC-721 NFT representing the agent on the Identity Registry
Reputation scoreTrust score (0-100) based on on-chain transaction history
KYA credentialsSD-JWT verifiable credentials for identity verification
DelegationSpending limits and category permissions via KYA delegation credentials

Contract Addresses

ContractNetworkAddress
Identity RegistryBase Mainnet0x8004A169FB4a3325136EB29fA0ceB6D2e539a432
Identity RegistryBase Sepolia0x8004A818BFB912233c491871b3d84c89A494BD9e
ReputationBase Mainnet0x8004BAa17C55a88189AE136b182e5fdA19dE9b63
ReputationBase Sepolia0x8004B663056A597Dffe9eCcC1965A193B7388713

Expected Output

{
  "agentId": 373,
  "ownerAddress": "0x046906b3cd9d73bf85eb01d795d333b364b75842",
  "status": "active",
  "registeredAt": "2024-12-15T10:30:00Z",
  "trustScore": 85,
  "categories": ["payment", "general"],
  "hasDelegation": true
}

Prerequisites

  • Must be authenticated (npx agnic@latest status to check)
  • Agent identity is automatically created during Agnic sign-up

Error Handling

Common errors:

  • "Not authenticated" -- Run npx agnic@latest auth login or set AGNIC_TOKEN
  • "No agent identity found" -- The user may not have an agent registered; create one at app.agnic.ai
  • "Agent suspended" -- The agent's delegation may have been revoked; contact support

Comments

Loading comments...