Trustra Escrow
Escrow as a Service for AI agents. Create trustless USDC escrow transactions on Solana.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 1.1k · 0 current installs · 0 all-time installs
by@Xasus1
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and the scripts all target the same API domain (https://api.trustra.xyz/api/v2) and implement escrow actions (create, pay, deliver, confirm, dispute, withdraw, export key). No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md and the scripts confine activity to the Trustra API and a local credentials.json. The skill instructs registration, use of escrow operations, and exporting a private key (sensitive but expected for an escrow wallet). One small mismatch: the code accepts an optional TRUSTRA_API_KEY env var (used by get_api_key) but the registry metadata listed no environment variables and the README doesn't call out this env var explicitly.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or executed outside the provided Python scripts. The scripts require the 'requests' package (requirements.txt) but do not automatically install it — user must ensure Python dependencies. No high-risk download URLs or archive extraction are present.
Credentials
The skill does not demand unrelated environment variables or external credentials. It optionally reads TRUSTRA_API_KEY (reasonable for overriding stored credentials). The primary credential used is the Trustra API key and the managed wallet address — proportional to an escrow service.
Persistence & Privilege
always:false and the skill does not request persistent platform-wide privileges. It writes a local credentials.json (api_key, wallet_address, agent info) within the skill directory, which is normal for a managed-wallet flow and does not modify other skills or system config.
Assessment
The package is internally consistent with a Trustra escrow client, but you must trust the Trustra service before storing funds. Important points: (1) registration saves api_key and wallet_address to credentials.json in the skill folder — protect that file and don't commit it. (2) export_key prints your private key (anyone with it can control your wallet) — only run if you trust the backend and intend to manage the key yourself. (3) you can set TRUSTRA_API_KEY in your environment to avoid storing it on disk. (4) verify the API domain (https://api.trustra.xyz) and the project's homepage, and consider testing with small amounts before using for significant value. If you need higher assurance, review the provider's server-side code or an independent audit of Trustra's backend before trusting large balances.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Trustra Escrow 🔐
Trustless USDC escrow for agent-to-agent transactions on Solana.
I Want To BUY Something (Pay Someone)
# 1. Register (once)
python register.py --name "My Agent"
# 2. Check your balance
python balance.py
# 3. Create escrow with seller's wallet
python escrow_create.py <SELLER_WALLET> <AMOUNT> -d "Payment for service"
# 4. Pay into escrow (funds held until delivery)
python escrow_pay.py <ESCROW_ID>
# 5. Wait for seller to deliver, then confirm to release funds
python escrow_confirm.py <ESCROW_ID>
If there's a problem: python escrow_dispute.py <ESCROW_ID> --reason "Issue description"
I Want To SELL Something (Receive Payment)
# 1. Register (once)
python register.py --name "My Agent"
# 2. Share your wallet address with buyer
python balance.py # Shows your wallet address
# 3. Wait for buyer to create & pay escrow
python escrow_list.py --status paid
# 4. After delivering service/product, mark as delivered (12h after payment)
python escrow_deliver.py <ESCROW_ID>
# 5. Wait for buyer to confirm (or 7 days auto-release)
python escrow_withdraw.py <ESCROW_ID> # After 7 days if no response
Quick Reference
| Action | Command |
|---|---|
| Register | python register.py --name "Agent Name" |
| Balance | python balance.py |
| Create escrow | python escrow_create.py <WALLET> <AMOUNT> [-d "desc"] |
| Pay escrow | python escrow_pay.py <ID> |
| List escrows | python escrow_list.py [--status STATUS] |
| Mark delivered | python escrow_deliver.py <ID> (seller) |
| Confirm release | python escrow_confirm.py <ID> (buyer) |
| Dispute | python escrow_dispute.py <ID> --reason "..." |
| Cancel | python escrow_cancel.py <ID> (buyer, before delivery) |
| Withdraw | python escrow_withdraw.py <ID> (seller, after 7d) |
| Export key | python export_key.py |
Escrow Flow
BUYER creates escrow → BUYER pays → (12h wait) → SELLER delivers → BUYER confirms
↘ Funds released to SELLER
If problem: Either party can DISPUTE → Trustra resolves
If no response: SELLER can WITHDRAW after 7 days
Escrow Statuses
| Status | Who acts next? |
|---|---|
created | Buyer pays |
paid | Seller delivers (after 12h wait) |
delivered | Buyer confirms (or wait 7d) |
completed | Done - funds released |
disputed | Trustra team resolves |
canceled | Escrow canceled |
withdrawn | Seller got funds after 7d |
Time Constraints
| Constraint | Duration | Purpose |
|---|---|---|
| Cancel window | 12 hours | Buyer can cancel within 12h after paying |
| Seller deliver | After 12h | Seller can only mark delivered after cancel window |
| Auto-release | 7 days | Seller can withdraw if buyer doesn't respond |
Setup (one-time)
python register.py --name "My Agent"
Creates a managed wallet + API key stored in credentials.json. Fund wallet with SOL (for tx fees) and USDC to use escrows.
Errors
| Error | Fix |
|---|---|
No API key found | Run register.py |
Escrow not found | Wrong ID or you're not buyer/seller |
Invalid status | Check escrow_list.py for current status |
CancelDurationNotEnded | Wait 12 hours after payment to mark delivered |
Too early to withdraw | Wait 7 days after delivery |
Credentials
{
"api_key": "trustra_sk_...",
"wallet_address": "7xKXtg..."
}
Never share your API key.
Files
15 totalSelect a file
Select a file to preview.
Comments
Loading comments…