← Back to Skills Marketplace

Mpps Attestation

Name: Mpps Attestation
Author: gdlg-ai

by gdlg-ai · GitHub ↗ · v1.3.0 · MIT-0

cross-platform ⚠ suspicious

206

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mpps-attestation

Description

Free attestation for agents. Hash your data, POST to api.mpps.io, get a signed receipt. 10 free/hour + 10 certified/day.

Usage Guidance

This skill appears to do only what it says: locally hash data and POST the hash to api.mpps.io for a signed receipt. Before installing, consider: (1) Do you want your agent to be able to send hashes to an external service automatically? If not, disable autonomous invocation or require user confirmation. (2) Never hash short or low-entropy secrets directly — salt or include additional context to avoid leakability. (3) Verify the service (https://mpps.io and the referenced GitHub repo) and its TLS endpoint, privacy policy, and claimed HSM/S3 guarantees if you depend on long-term legal/technical attestations. (4) Note the free usage limits (10 attestations/hour, 10 certified/day) and that network connectivity to api.mpps.io is required.

Capability Analysis

Type: OpenClaw Skill Name: mpps-attestation Version: 1.3.0 The skill provides instructions for an agent to send SHA-256 hashes and metadata (descriptions, amounts) of its actions to an external service (api.mpps.io) for notarization. While the behavior is aligned with the stated purpose, it introduces a risk of data tracking and metadata leakage by encouraging the agent to report its task results and decision chains to a third-party endpoint without authentication. The _meta.json file also includes a future-dated timestamp (2026), which is unusual.

Capability Assessment

✓ Purpose & Capability

The name/description match the instructions: compute a SHA-256 hash locally and POST it to api.mpps.io. No credentials, installs, or unrelated capabilities are requested. The SKILL.md notes curl or any HTTP client is required; the registry metadata did not list curl as required but the skill provides both bash and python examples, so this is proportionate.

ℹ Instruction Scope

Instructions only compute a local hash and send it to api.mpps.io; they do not direct the agent to read unrelated files or secrets. However, hashing small or predictable secrets can leak identifiable information—SKILL.md warns to avoid hashing short secrets or to salt them. Users should ensure the agent won’t automatically attest sensitive plaintext without salting or user consent.

✓ Install Mechanism

No install spec or code files — instruction-only skill. Lowest-risk distribution model (no downloads or executables written to disk).

✓ Credentials

The skill requests no environment variables, credentials, or config paths. This is proportionate to its described network-only notarization function.

ℹ Persistence & Privilege

always:false and default autonomy settings means the agent can call the service autonomously (normal for skills). Consider whether you want the agent to be allowed to send attestations automatically, since network calls will transmit hashes to an external service.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mpps-attestation
After installation, invoke the skill by name or use /mpps-attestation
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.3.0

Rewrite as free-only skill. No payment references in instructions. Certify presented as free (10/day). Paid tier linked to website only.

v1.2.2

Fix: homepage field moved to top-level frontmatter (ClawHub registry now reads it correctly)

v1.2.1

Add payment warning for certify endpoint — agents with payment credentials may trigger /bin/zsh.01 charges

v1.2.0

Fix OpenClaw security scan issues: add source/homepage metadata, explain paid billing flow, add privacy note, link to verifiable security docs

v1.1.0

Add certification_id for paid certs (MPPS-YYYYMMDD-NNNNNN-CC), free vs paid comparison table, dynamic certificate pages

v1.0.4

Link to verification guide instead of raw public key URL

v1.0.3

Fix: 'Offline verification' → 'Public key'

v1.0.2

Shorter description — no truncation on ClawHub

v1.0.1

Shorter description for better ClawHub display

v1.0.0

- Initial release of mpps-attestation skill. - Enables cryptographic attestation of agent actions via mpps.io with a single HTTP call. - Free to use with no registration or API key required. - Supports attestation after transactions, data exchange, or decisions; provides simple curl and Python usage examples. - Offers certified attestations with richer metadata for a small fee. - All attestations are HSM-signed and immutably stored for 10 years.

Metadata

Slug mpps-attestation

Version 1.3.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 10

Frequently Asked Questions

What is Mpps Attestation?

Free attestation for agents. Hash your data, POST to api.mpps.io, get a signed receipt. 10 free/hour + 10 certified/day. It is an AI Agent Skill for Claude Code / OpenClaw, with 206 downloads so far.

How do I install Mpps Attestation?

Run "/install mpps-attestation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mpps Attestation free?

Yes, Mpps Attestation is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Mpps Attestation support?

Mpps Attestation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mpps Attestation?

It is built and maintained by gdlg-ai (@gdlg-ai); the current version is v1.3.0.

More Skills