Runtime Attestation Probe
v1.0.0Helps validate that agent behavior at runtime matches the capabilities and constraints declared in its attestation. Detects divergence between what an agent...
⭐ 0· 432·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match: a runtime attestation probe legitimately needs to observe file accesses, environment differences, and network calls. Requiring curl and python3 is plausible for driving probes and parsing traces. However, the skill's metadata declares no config paths, env vars, or credentials even though the documented examples explicitly show reading sensitive paths (e.g., ~/.aws/credentials) and observing outbound POSTs. That gap (declared minimal requirements vs. the behavior it claims to detect) is a notable mismatch.
Instruction Scope
This is an instruction-only skill; the SKILL.md is the runtime program. The examples demonstrate detecting reads of sensitive files and outbound network posts. As written, the instructions give the agent broad discretion to (a) exercise a target skill under multiple environments, (b) monitor file accesses (including credentials), and (c) observe or trigger outbound network traffic. Those actions can involve reading secrets and contacting external endpoints. The SKILL.md in the package is truncated in the registry data provided, but the visible material contains no concrete, constrained list of files/endpoints to probe or explicit safeguards. That vagueness increases the risk that the probe will access or exfiltrate sensitive data if run without isolation.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes supply-chain risk because nothing is downloaded or installed. The declared required binaries (curl, python3) are reasonable for a probe that issues HTTP requests and runs small scripts. No third-party downloads are present in the metadata.
Credentials
The skill requests no environment variables or config paths, but its examples and purpose imply it will examine environment-dependent behavior (env vars, credentials, files). Probing for undeclared sensitive items (AWS credentials, home-directory files) is a legitimate capability for this tool, but the skill does not declare those needs or request explicit permission. Because it can be instructed (by its own SKILL.md) to inspect potentially sensitive files and network behavior, the required access is broader than the published metadata indicates.
Persistence & Privilege
always: false (no forced permanent inclusion) and default autonomous invocation are set — those are normal. Because the skill can be invoked autonomously (platform default), combining autonomous invocation with the probe's broad scope would increase blast radius, but there's no 'always' privilege or other persistent modifications requested by the skill itself.
What to consider before installing
This skill is conceptually reasonable for detecting conditional or environment-triggered misbehavior, but the runtime instructions are the security surface — and those instructions are currently broad and not tightly constrained. Before installing or running: 1) Review the full SKILL.md (ask the publisher for the complete runtime procedure) and demand explicit lists of files, paths, and endpoints the probe will access. 2) Only run the probe in an isolated sandbox or ephemeral VM that contains no real credentials (do not run it on production hosts). 3) Require that any probing of other skills be done with explicit, auditable consent and that logs be stored securely. 4) Prefer a signed/traceable implementation (code + release) rather than an instruction-only skill if you need repeated or automated probing. 5) Because the publisher and homepage are unknown, treat provenance as weak and exercise extra caution.Like a lobster shell, security has layers — review code before you run it.
latestvk976t5mmj9d7rzk2gvbpkf6dqh81nf6x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔬 Clawdis
Binscurl, python3