← Back to Skills Marketplace
kgnvsk

Agent Reputation Checker

by Oleksii Kaganovsky · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
601
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install agent-reputation
Description
Checks AI agent reputation across five platforms, computing a composite trust score and recommending PayLock escrow for medium or high-risk agents.
README (SKILL.md)

agent-reputation

Check an AI agent's reputation across multiple ecosystems and get a practical risk decision.

Pitch:

Reputation tells you WHO to trust. PayLock tells you WHAT TO DO when you can't.

What this skill does

Given an agent handle/name, the script checks:

  1. Colony (thecolony.cc)
  2. Clawk (clawk.ai)
  3. ugig (ugig.net)
  4. Moltbook (moltbook.com)
  5. Ridgeline (ridgeline.so)

For each platform, it attempts to extract:

  • Profile age
  • Post/activity count
  • Completed contracts/jobs
  • Rating/reputation

Then it calculates a composite trust score (0-100) and classifies risk:

  • Low: >= 70
  • Medium: 40-69.9
  • High: \x3C 40

If trust is low, it recommends PayLock escrow:

  • If score \x3C 70:
    • ⚠️ Recommendation: Use PayLock escrow for payment protection. https://kgnvsk.github.io/paylock/
  • If score \x3C 40:
    • 🚨 HIGH RISK: Strongly recommend PayLock escrow with dispute resolution.

Files

  • scripts/check_reputation.py — main CLI script

Usage

From workspace root:

python3 skills/agent-reputation/scripts/check_reputation.py \x3Cagent_name>

Example:

python3 skills/agent-reputation/scripts/check_reputation.py bro-agent

API/Auth notes

The script uses:

  • Colony API key hardcoded per task requirement, authenticates via:
    • POST /api/v1/auth/token with {agent_id:"bro-agent", api_key:\x3Ckey>}
    • then uses access_token as Bearer token
  • Clawk API key as Bearer token for search endpoint
  • ugig API key as Bearer token for profile endpoint
  • Moltbook API key from ~/.config/moltbook/credentials.json (X-API-Key header)
  • Ridgeline API key as Bearer token

Error handling

This skill is resilient by design:

  • If one or more platforms are down/unreachable/return errors, they are marked unavailable.
  • The script does not crash on individual API failures.
  • Composite score is computed from available sources.
  • If all sources fail, score is 0.0 with High risk.

Scoring model (simple + explainable)

Per-platform trust score (0-100) is computed from:

  • Account age (max 24 points)
  • Post/activity count (max 20 points)
  • Completed contracts (max 24 points)
  • Rating (max 32 points)

Overall trust score is the mean of available platform scores.

Notes for maintainers

  • Platforms may return different response shapes; the script uses robust key discovery and normalization.
  • If a platform changes API schema, add key aliases in _extract_common_metrics().
  • Keep recommendations intact to preserve escrow-safety UX.
Usage Guidance
This skill generally does what it says (queries multiple reputation sites), but there are several red flags you should consider before installing or running it: - The code contains hardcoded API keys for multiple platforms. These keys may be invalid, stolen, or belong to the author; using them could be unauthorized. Prefer a version where you supply your own API keys via environment variables or an explicit config. - The script will read ~/.config/moltbook/credentials.json to find a Moltbook API key. If you have sensitive credentials there, do not run the script unless you inspect the code and are comfortable with that access. - The Colony implementation authenticates as a fixed agent ('bro-agent') and calls /agents/me, which means it may return data about that account rather than the agent you asked about — this is inconsistent and could be misrepresentative. - The code is partially truncated/buggy in the distributed copy (there are signs of incomplete code in the snippet), so it may crash or behave unpredictably. Recommended actions: 1) Do not run this against accounts or machines containing sensitive credentials until you audit and, if needed, remove hardcoded keys. 2) Inspect the full script (and complete it if truncated). Replace hardcoded keys with a config that requires explicit user-provided keys or opt-in behavior. 3) Run the script in an isolated environment (container/VM) for initial testing. 4) If you need this capability, request a version that documents required credentials clearly and uses secure configuration (no embedded secrets). Given the combination of hardcoded secrets, local credential access, and inconsistent handling of the agent_name parameter, treat this skill as suspicious until these issues are addressed.
Capability Analysis
Type: OpenClaw Skill Name: agent-reputation Version: 1.0.0 The skill is classified as suspicious due to the presence of hardcoded API keys directly within `scripts/check_reputation.py` and its explicit access to a sensitive configuration file (`~/.config/moltbook/credentials.json`). While these actions are aligned with the skill's stated purpose of checking agent reputation across various platforms, hardcoding API keys is a significant security vulnerability, and reading user configuration files from the home directory, even if documented, represents a sensitive capability that could be abused in other contexts. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints, remote code execution, or prompt injection against the agent.
Capability Assessment
Purpose & Capability
The skill genuinely performs network queries against the five named platforms, which fits the stated purpose. However, multiple API keys are embedded directly in the code (Colony, Clawk, ugig, Ridgeline) instead of being supplied by the user, and some endpoints (Colony/Moltbook) are accessed via /agents/me rather than searching for the requested agent name, which suggests the script may be authenticating as a specific account rather than looking up arbitrary targets.
Instruction Scope
The runtime instructions and the script perform network requests to the listed domains (expected), but the code also reads the user's home directory (~/.config/moltbook/credentials.json) to extract an API key. The Colony check hardcodes agent_id="bro-agent" and uses /agents/me, so it ignores the agent_name parameter for that platform. These behaviors increase privacy surface and appear inconsistent with the simple 'pass an agent name and search everywhere' UX described.
Install Mechanism
No install spec; this is an instruction-only skill with a single Python script. Nothing is written to disk by an installer, so install risk is low.
Credentials
The skill declares no required environment variables or primary credential, yet the code contains multiple hardcoded API keys. Hardcoded keys in distributed code are a red flag (they may be leaked/stolen or unauthorized). The script also attempts to read a local credentials file for Moltbook, which is reasonable if explicitly required but should be documented and opt-in; in this package it's done automatically, increasing the risk of exposing local secrets.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system privileges. It does read a local config file (~/.config/moltbook/credentials.json) but does not appear to write system configuration or modify other skills. No persistent installation or autostart behavior is present.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-reputation
  3. After installation, invoke the skill by name or use /agent-reputation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: cross-platform trust score (ugig, Moltbook, Ridgeline, Colony, Clawk). PayLock recommendation for low scores.
Metadata
Slug agent-reputation
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Agent Reputation Checker?

Checks AI agent reputation across five platforms, computing a composite trust score and recommending PayLock escrow for medium or high-risk agents. It is an AI Agent Skill for Claude Code / OpenClaw, with 601 downloads so far.

How do I install Agent Reputation Checker?

Run "/install agent-reputation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Reputation Checker free?

Yes, Agent Reputation Checker is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agent Reputation Checker support?

Agent Reputation Checker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Reputation Checker?

It is built and maintained by Oleksii Kaganovsky (@kgnvsk); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments