← Back to Skills Marketplace
2298
Downloads
1
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install aap-passport
Description
Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans.
README (SKILL.md)
AAP - Agent Attestation Protocol
The Reverse Turing Test. CAPTCHAs block bots. AAP blocks humans.
What It Does
AAP verifies that a client is an AI agent by:
- Issuing challenges trivial for LLMs, impossible for humans in time
- Requiring cryptographic signature (secp256k1) for identity proof
- 7 challenges in 6 seconds with mandatory signing
Installation
npm install aap-agent-server # Server
npm install aap-agent-client # Client
Server Usage
import { createServer } from 'node:http';
import { createAAPWebSocket } from 'aap-agent-server';
const server = createServer();
const aap = createAAPWebSocket({
server,
path: '/aap',
requireSignature: true, // v3.2 default
onVerified: (result) => console.log('Verified:', result.publicId)
});
server.listen(3000);
Client Usage
import { AAPClient, generateIdentity, createSolver } from 'aap-agent-client';
// Identity auto-generated (secp256k1 key pair)
const client = new AAPClient({
serverUrl: 'ws://localhost:3000/aap'
});
const result = await client.verify(solver);
// Signature automatically included
Protocol Flow (WebSocket v3.2)
← handshake (requireSignature: true)
→ ready (publicKey)
← challenges (7 challenges)
→ answers + signature + timestamp
← result (verified/failed + sessionToken)
Signature Format
Proof data signed with secp256k1:
JSON.stringify({ nonce, answers, publicId, timestamp })
Configuration
| Option | Default | Description |
|---|---|---|
challengeCount |
7 | Number of challenges |
totalTimeMs |
6000 | Time limit (ms) |
requireSignature |
true | Mandate cryptographic proof |
Security
- Cryptographic identity (secp256k1)
- Signature required = no anonymous access
- 7 challenges in 6 seconds = impossible for humans
- Non-repudiation: all actions traceable
Links
Usage Guidance
This skill is coherent with its stated goal, but it includes code and documentation that generate, store, and use a local private key (~/ .aap/identity.json) and exposes programmatic signing tools. Before installing: 1) Understand where the private key will be stored and who/what can read it; prefer hardware/OS key stores or scoped keys instead of a plaintext file. 2) Audit the signing APIs in the package (ensure they only sign AAP proofs and cannot be trivially used to sign arbitrary data). 3) Run the skill in an isolated environment if you plan to test it (container or dedicated account). 4) Verify the upstream npm/github packages and author reputation; consider pinning to a specific vetted release. 5) If you do not want an agent plugin that can access or use private keys autonomously, do not install this skill or remove/replace the signing functions. If you want higher assurance, request the maintainer to declare required config paths/permissions in the manifest and to add explicit runtime prompts/confirmations before any signature operation.
Capability Analysis
Type: OpenClaw Skill
Name: aap-passport
Version: 3.2.0
The OpenClaw AgentSkills skill bundle implements the Agent Attestation Protocol (AAP), a 'Reverse Turing Test' designed to cryptographically verify AI agents. Its core functionality involves generating and securely storing a secp256k1 key pair in `~/.aap/identity.json` with `0o600` permissions, signing challenge solutions, and communicating with external verification servers via HTTP/WebSocket. While these operations are sensitive (key management, network calls), they are directly aligned with the skill's stated purpose of proving agent identity and intelligence. There is no evidence of intentional harmful behavior, data exfiltration beyond protocol requirements, malicious execution, persistence mechanisms, or prompt injection against the OpenClaw agent itself. The LLM prompts are designed to elicit structured answers for challenges, not to manipulate the agent's behavior.
Capability Assessment
Purpose & Capability
The name/description (Agent Attestation Protocol / Reverse Turing Test) matches the code and docs: server and client libraries, challenge generators, and signature-based proofs. Nothing in the code obviously contradicts the stated purpose of verifying AI agents.
Instruction Scope
SKILL.md instructs installing and using the client/server libraries to produce signed proofs, which is within scope. However the repo/docs/code expect a local identity (private key) stored at ~/.aap/identity.json and provide tools (aap_sign_message / aap_generate_proof) to sign arbitrary payloads. The skill metadata declares no required config paths or credentials, so there is a mismatch: the runtime instructions and included code assume local private key access that the manifest does not surface. That signing capability expands the agent's scope beyond simple question/answer verification and could be invoked to sign arbitrary data.
Install Mechanism
There is no external install spec (instruction-only), and all source files are included in the skill bundle. No downloads from obscure URLs or extraction steps were found in the manifest. The typical npm packages referenced are standard (express etc.).
Credentials
The skill metadata lists no environment variables or config paths, yet the docs and code clearly use local key storage (~/.aap/identity.json) and cryptographic signing (secp256k1). Requesting or using a private key file is a sensitive privilege; it is not declared in requires.config and therefore is disproportionate to what the manifest advertises. The client exposes programmatic signing, which could be misused if the model or user invokes it to sign arbitrary payloads.
Persistence & Privilege
always:false and model invocation is allowed (default). That combination is normal, but because the skill exposes signing functions and expects/stores a long-lived private key on disk, an autonomously-invoked skill could sign data or produce signatures without explicit, careful user oversight. The skill does not claim to modify other skills, but its ability to access and use a local private key is a sensitive persistent capability.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install aap-passport - After installation, invoke the skill by name or use
/aap-passport - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.2.0
**Added cryptographic identity requirement for agent verification.**
- Clients must now sign their challenge responses with a secp256k1 key pair; anonymous access is disallowed.
- New protocol flow includes sending publicKey, signature, and timestamp for provable identity.
- New server option requireSignature (default: true) enforces cryptographic proof.
- SKILL.md and code updated to document and implement these signing requirements.
- Security model strengthened with non-repudiation and traceable agent actions.
v3.1.0
- Added detailed documentation in SKILL.md, including setup and usage examples
- Explained protocol flow and challenge types for AI agent verification
- Included configuration options and security considerations
- Updated project links and metadata for easier discovery
Metadata
Frequently Asked Questions
What is Aap Passport?
Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans. It is an AI Agent Skill for Claude Code / OpenClaw, with 2298 downloads so far.
How do I install Aap Passport?
Run "/install aap-passport" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Aap Passport free?
Yes, Aap Passport is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Aap Passport support?
Aap Passport is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Aap Passport?
It is built and maintained by ira-hash (@ira-hash); the current version is v3.2.0.
More Skills