Aport Standup
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: aport-standup Version: 0.1.0 The skill is a legitimate utility designed to generate standup reports by fetching cryptographically signed task records from the APort API (aport.io). It uses the APORT_AGENT_ID environment variable to retrieve the user's own decision history and provides instructions for formatting this data into daily or weekly summaries. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use an APort agent identifier to look up decision records associated with that identity.
The skill relies on an agent identity value to retrieve APort records. This is expected for the stated purpose, but it is still identity-linked access the user should recognize.
You need `APORT_AGENT_ID` in your environment.
Confirm the APORT_AGENT_ID belongs to the intended agent or workspace before using the skill.
Standup output may include signed decision IDs, timestamps, policy IDs, and blocker reasons from APort.
The skill instructs the agent to call an external APort API to retrieve decision history. This external provider flow is clearly disclosed and central to the skill, but the returned history may contain work or audit details.
GET https://aport.io/api/verify/decisions/YOUR_AGENT_ID
Use this only for APort decision records you are comfortable summarizing in the current chat or standup context.
If a user does not already have an APort passport, setup may involve running or following external APort tooling outside this reviewed artifact.
The prerequisite setup references an external npm-executed CLI and an external skill URL that are not part of the provided artifact set. The setup is disclosed and optional, but users should treat those external instructions as separate trust decisions.
CLI: `npx aport-id` ... Agent skill: Read https://aport.id/skill and follow the instructions
Review the external APort CLI or skill before running setup steps, especially in sensitive environments.