Vouch

Signs, verifies, and manages cryptographic identity for AI agents using the Vouch CLI on Base. Use when an agent needs to: set up identity and register an ac...

This instruction bundle describes a legitimate CLI for onchain agent identity, but there are red flags you should address before installing or enabling it. What to check before installing: - Do not blindly run curl | bash. Inspect https://vouch.directory/install.sh and verify its contents and provenance; prefer a release tarball with checksum or an official package manager if available. - Metadata mismatch: the skill's registry entry lists no required binaries or env vars, but the instructions require the vouch binary and jq and describe using API keys and private keys. Ask the publisher to update metadata so you can enforce policy (e.g., require vouch/jq, declare primary credential). - Secret handling: the CLI stores keys at ~/.vouch/keys and supports passing keys/API tokens on the CLI. Avoid embedding long-lived private keys or API keys in agent-generated commands or logs. Prefer short-lived delegated runtime keys and restrict agent allowed_commands in config.json. - Least privilege: run the CLI and the agent in an isolated environment (dedicated VM/container) with strict filesystem permissions if you must allow signing keys on-host. - Configuration: restrict config.json allowed_commands to only the subcommands you trust the agent to run; consider removing commands that accept raw private keys (e.g., flags like --wallet-key or --api-key) from allowed_commands. If you cannot verify the install script or are uncomfortable with local key storage, do not install this on production hosts. If you want to proceed, do a manual install/inspection, confirm network endpoints, and audit the install script and the vouch binary before granting the agent permission to execute vouch commands.

Type: OpenClaw Skill Name: vouch-cli Version: 1.0.1 The skill bundle is classified as suspicious due to the inclusion of high-risk capabilities that, while potentially legitimate for the stated purpose of managing agent identity, present significant attack surfaces. Specifically, the `SKILL.md` instructs the agent to install the `vouch` CLI via `curl -fsSL https://vouch.directory/install.sh | bash`, which is a supply chain risk. More critically, the `vouch receive --handler ./process.sh` command allows the agent to execute arbitrary scripts as handlers for incoming messages, creating a potential Remote Code Execution (RCE) vulnerability if the agent is later prompted to create or modify `process.sh` with malicious content. Additionally, the `vouch agent deploy` command grants the agent the ability to deploy code to platforms like Vercel, which is a powerful and high-privilege operation. While there is no direct evidence of malicious intent within the provided files (e.g., no explicit instructions for data exfiltration or backdoor installation), these capabilities are inherently risky and could be exploited by a compromised agent or through prompt injection.