← Back to Skills Marketplace
1487
Downloads
0
Stars
8
Active Installs
2
Versions
Install in OpenClaw
/install arc-trust-verifier
Description
Verify skill provenance and build trust scores for ClawHub skills. Checks publisher history, version consistency, dependency trust chains, and generates trus...
README (SKILL.md)
Trust Verifier
Trust, but verify. Assess the trustworthiness of a ClawHub skill by analyzing its publisher, history, dependencies, and consistency.
Why This Exists
Security scanning catches known malicious patterns. But what about skills that are technically clean but published by unknown authors, have inconsistent version histories, or depend on untrusted packages? Trust Verifier fills the gap between "no vulnerabilities detected" and "safe to install."
Commands
Assess trust for a skill directory
python3 {baseDir}/scripts/trust_verifier.py assess --path ~/.openclaw/skills/some-skill/
Generate a trust attestation
python3 {baseDir}/scripts/trust_verifier.py attest --path ~/.openclaw/skills/some-skill/ --output trust.json
Verify an existing attestation
python3 {baseDir}/scripts/trust_verifier.py verify --attestation trust.json --path ~/.openclaw/skills/some-skill/
Check dependency trust chain
python3 {baseDir}/scripts/trust_verifier.py deps --path ~/.openclaw/skills/some-skill/
Trust Signals
- Publisher reputation: Known vs unknown publisher, account age, skill count
- Version consistency: Do updates match expected patterns? Sudden permission changes?
- Content integrity: SHA-256 hashes of all files, reproducible builds
- Dependency chain: Are dependencies from trusted sources?
- Community signals: Moltbook mentions, upvotes, known endorsements
Trust Levels
- VERIFIED — Meets all trust criteria, attestation valid
- TRUSTED — Most signals positive, minor gaps
- UNKNOWN — Insufficient data to assess trust
- SUSPICIOUS — One or more trust signals failed
- UNTRUSTED — Multiple trust failures, do not install
Usage Guidance
What to consider before installing or running:
- The SKILL.md promises external reputation/community signals, but the visible script performs local file checks only; don't assume it fetches publisher history or third‑party reputation data unless you inspect the truncated check_deps implementation.
- The script's path validation is lax: it will operate on any directory you pass it. Only run it against explicit skill directories (e.g., under ~/.openclaw/skills/) and never point it at home, /etc, or other sensitive locations.
- Attestations are unsigned SHA-256 manifests (the code warns about this). They detect accidental file changes but are not tamper-proof — if you need secure attestations, require HMAC or digital signatures with keys stored outside the skill filesystem.
- Review the remainder of scripts/trust_verifier.py (the truncated check_deps and any network/HTTP calls) before use; if those functions perform network requests or send attestation data externally, re-evaluate risks and consider sandboxing the tool.
- As a precaution: run the script in a restricted environment or container, and inspect/read the code fully. If you want the documented external signals, request or inspect an implementation that explicitly and safely queries those sources (with clear hostnames and no opaque endpoints).
Capability Analysis
Type: OpenClaw Skill
Name: arc-trust-verifier
Version: 1.1.0
The skill `arc-trust-verifier` is suspicious due to a critical path traversal vulnerability in `scripts/trust_verifier.py`. The `_validate_skill_path` function uses `os.path.realpath` but fails to verify that the resolved path remains within the intended `~/.openclaw/skills/` directory. This allows an attacker to supply arbitrary filesystem paths (e.g., `/etc`, `~/.ssh`) via the `--path` argument, leading to local file disclosure as the skill will then read, hash, and potentially analyze the content of files in these unintended locations. While the skill's purpose is to verify other skills, this flaw allows it to be weaponized for unauthorized access to sensitive system files.
Capability Assessment
Purpose & Capability
The SKILL.md describes multi-source trust signals (publisher reputation, community mentions, dependency trust chains). The included script implements local checks (manifest, hashes, file-size, simple suspicious-pattern scanning, unsigned attestation) but does not implement network-based reputation or community lookups in the visible code, so the documented capability set is overstated.
Instruction Scope
Runtime instructions tell the agent to run the script against a skill path (e.g., ~/.openclaw/skills/some-skill/), which is reasonable. However, the script's _validate_skill_path only checks that the path is a directory (it comments it must be under ~/.openclaw/skills but does not enforce that), so the tool can be pointed at and will read/hash any directory the invoking user grants it access to. That increases risk of accidental exposure of sensitive files if misused. The script reads all files (and prints/writes hashes) and will write attestations to arbitrary output paths, which could overwrite files.
Install Mechanism
Instruction-only with a Python script and no install spec — requires only python3 on PATH. No external installers or archive downloads observed in the provided files.
Credentials
The skill requires no environment variables or credentials. The data it needs (skill filesystem contents) is proportional to its stated local analysis purpose. No unrelated secrets are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent elevated privileges or modify other skills. Autonomous invocation is allowed by default but not combined here with broad credential access.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install arc-trust-verifier - After installation, invoke the skill by name or use
/arc-trust-verifier - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
arc-trust-verifier 1.1.0
- Updated scripts/trust_verifier.py with new changes.
- No updates to documentation or user-facing commands.
- Core functionality and trust criteria remain unchanged.
v1.0.0
Initial release of trust-verifier skill.
- Assess trustworthiness of ClawHub skills based on publisher, version history, content integrity, and dependencies.
- Generate, verify, and manage trust attestations for skills.
- Inspect dependency trust chains for enhanced security analysis.
- Provides clear trust levels: VERIFIED, TRUSTED, UNKNOWN, SUSPICIOUS, UNTRUSTED.
- User-invocable; requires Python 3 on Darwin or Linux.
Metadata
Frequently Asked Questions
What is Trust Verifier?
Verify skill provenance and build trust scores for ClawHub skills. Checks publisher history, version consistency, dependency trust chains, and generates trus... It is an AI Agent Skill for Claude Code / OpenClaw, with 1487 downloads so far.
How do I install Trust Verifier?
Run "/install arc-trust-verifier" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Trust Verifier free?
Yes, Trust Verifier is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Trust Verifier support?
Trust Verifier is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Trust Verifier?
It is built and maintained by ArcSelf (@trypto1019); the current version is v1.1.0.
More Skills