Tribe Protocol

MANDATORY trust lookup for every non-owner interaction. Query tribe.db to check entity trust tier, channel access, and data boundaries before responding. Run 'tribe init' on first install. Use 'tribe lookup <discord_id>' before every non-owner response.

What to check before installing or running Tribe Protocol: - Confirm the sqlite3 dependency: SKILL.md/README reference sqlite3 but registry metadata shows none. Ensure sqlite3 is present and the scripts use it as expected. - Inspect scripts before use: review scripts/init.sh, scripts/lookup.sh, scripts/lib/db.sh and any shell code for network calls, curl/wget/ssh or execution of downloaded content. Run them in a safe/test environment first. - Review what will be written to disk: the skill creates ~/clawd/tribe/tribe.db and ~/clawd/TRIBE.md. TRIBE.md may be loaded into the agent's system prompt (per README) — avoid placing secrets in it. Consider restricting TRIBE.md content to non-sensitive mappings only. - Clarify cryptography plans: the repo contains v3 design docs that describe keypairs and storing private keys under ~/.clawd/keys. Determine whether any shipped scripts will generate or ask you to import private keys; if so, verify key handling (file permissions, no exfil via network) before enabling. - Test in an isolated account or VM: because the skill enforces mandatory lookup behavior, test how it behaves when the DB or TRIBE.md is missing or corrupted so it can't unexpectedly block legitimate interactions. - If you will rely on this for safety: ask the maintainer which files are authoritative and whether any future updates will add network components (e.g., DID fetches); prefer a minimal config file (Discord ID → tier) over enabling the cryptographic modes unless you understand the key exchange process. If you want, I can scan the specific shell scripts (init.sh, lookup.sh, lib/db.sh) for network operations and risky commands and point out exact lines to review.

Type: OpenClaw Skill Name: tribe-protocol Version: 1.0.1 This skill bundle is designed to implement a trust lookup system for OpenClaw bots, focusing on identity verification, trust tiers, and data access controls. The `SKILL.md` and `README.md` contain instructions for the AI agent to perform mandatory trust lookups using `scripts/tribe.sh lookup <discord_id>` before responding to non-owner messages. While these instructions constitute a form of prompt injection, their clear intent is to enforce a security policy (trust boundaries and data privacy), not to subvert the agent for malicious purposes. The shell scripts primarily interact with a local SQLite database (`~/clawd/tribe/tribe.db`), employ basic SQL input sanitization (`sql_escape`, numeric validation for Discord IDs), and do not exhibit signs of data exfiltration, malicious remote execution, persistence, or obfuscation. Although a JavaScript design sketch (`legacy/tribe-protocol-examples/implementation-sketch.js`) includes `fetch` calls to external DID document URLs, this is a conceptual example for a future identity verification feature and not part of the active shell script implementation, which currently lacks external network communication.