← Back to Skills Marketplace
Arc Security - Agent Trust Protocol
by
Shaishav Pidadi
· GitHub ↗
· v1.0.1
2731
Downloads
2
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install arc-security
Description
Manage skill trust by staking USDC bonds, paying micro-fees for verified skills, reporting malicious skills, and participating in decentralized governance vi...
README (SKILL.md)
Arc Security - Agent Trust Protocol
Chain-agnostic security infrastructure for OpenClaw skills. Auditors stake USDC to vouch for skill safety, users pay micro-fees to access verified skills, and malicious skills get slashed through decentralized governance -- all powered by CCTP on Arc.
Installation
clawhub install arc-security
Configuration
Set the following environment variables:
| Variable | Required | Description |
|---|---|---|
ARC_RPC_URL |
Yes | Arc testnet RPC endpoint (default: https://testnet-rpc.arc.network) |
CONTRACT_ADDRESS |
Yes | Deployed SkillSecurityRegistry contract address |
PRIVATE_KEY |
Yes | Wallet private key (for signing transactions) |
X402_SERVER_URL |
Yes | x402 payment server URL |
ETH_RPC_URL |
No | Ethereum Sepolia RPC (for cross-chain operations) |
BASE_RPC_URL |
No | Base Sepolia RPC (default: https://sepolia.base.org) |
ARB_RPC_URL |
No | Arbitrum Sepolia RPC (default: https://sepolia-rollup.arbitrum.io/rpc) |
Commands
check -- Check skill trust status
Query on-chain bond status, auditor count, usage stats, and computed trust score for any skill.
clawhub arc-security check \x3Cskill_id>
Example output:
Skill: youtube-downloader
├─ Bonded: 100.00 USDC by 3 auditors
├─ Used: 1,250 times
├─ Trust Score: 75/100
├─ Status: Safe to use
└─ Created: 2025-06-15 14:30:00
Trust Score is calculated as:
- 40% from bond amount (capped at 100 USDC = full weight)
- 40% from usage count (capped at 1,000 uses = full weight)
- 20% from auditor count (5 points per auditor)
- Flagged skills receive a -50 penalty
use -- Pay and download a skill
Pays the 0.10 USDC usage fee via x402 and downloads the skill package. Automatically selects the cheapest payment path based on your wallet balances.
clawhub arc-security use \x3Cskill_id>
Payment chain selection priority:
- Arc Testnet (direct -- no bridging fees)
- Base Sepolia (via CCTP)
- Arbitrum Sepolia (via CCTP)
- Ethereum Sepolia (via CCTP)
bond -- Stake USDC to vouch for a skill
Stake USDC as a security bond to vouch for a skill's safety. If the skill is found malicious, 50% of your stake is slashed.
clawhub arc-security bond \x3Cskill_id> \x3Camount> \x3Csource_chain>
Arguments:
skill_id-- Skill identifieramount-- Amount of USDC to stake (e.g.50)source_chain-- Chain to pay from (ethereum-sepolia,base-sepolia,arbitrum-sepolia,arc-testnet)
Example:
clawhub arc-security bond youtube-downloader 50 base-sepolia
report -- Report a malicious skill
Submit a claim that a skill is malicious. Requires a 1 USDC anti-spam deposit (refunded if the claim is validated).
clawhub arc-security report \x3Cskill_id> --evidence \x3Cipfs_hash>
Example:
clawhub arc-security report bad-skill --evidence QmXyz123...
Opens a 72-hour voting window for auditors.
vote-claim -- Vote on a pending claim
Cast a vote on whether a reported skill is malicious. Only wallets that have staked on any skill are eligible to vote. Vote weight is based on total stake and audit track record.
clawhub arc-security vote-claim \x3Cclaim_id> \x3Csupport|oppose>
Vote weight formula: sqrt(totalStaked) * (successfulAudits / totalAudits)
claim-earnings -- Withdraw accumulated fees
Withdraw your share of usage fees earned as an auditor. Fees are split 70% to auditors (proportional to stake) and 30% to the insurance pool.
clawhub arc-security claim-earnings \x3Cdestination_chain>
Supported destination chains:
arc-testnet(direct transfer)ethereum-sepolia,base-sepolia,arbitrum-sepolia(via CCTP)
Supported Chains
| Chain | CCTP Domain | Payment | Bonding | Earnings |
|---|---|---|---|---|
| Arc Testnet | 100 | Direct | Direct | Direct |
| Ethereum Sepolia | 0 | CCTP | CCTP | CCTP |
| Base Sepolia | 6 | CCTP | CCTP | CCTP |
| Arbitrum Sepolia | 3 | CCTP | CCTP | CCTP |
Fee Structure
| Action | Cost | Distribution |
|---|---|---|
| Use a skill | 0.10 USDC | 70% auditors, 30% insurance pool |
| Submit a claim | 1.00 USDC deposit | Refunded if claim validated |
| Guilty verdict | 50% of bond slashed | 80% to victim, 20% to insurance |
Architecture
User (any chain)
│
├── CCTP burn ──► Arc Testnet ──► SkillSecurityRegistry (bonds, fees, claims)
│ │
└── x402 GET ──► Payment Server ◄────────┘ (verifies payment on-chain)
│
└──► Skill package (ZIP)
- SkillSecurityRegistry (Solidity on Arc) -- Holds bonds, processes fees, manages claims/votes/slashing
- x402 Payment Server (Node.js) -- Serves skill packages behind HTTP 402 paywall, verifies on-chain payments
- This skill (Python CLI) -- User-facing commands that orchestrate CCTP transfers and contract calls
License
MIT
Usage Guidance
What to consider before installing:
- This skill needs a wallet private key (PRIVATE_KEY) and will sign/send transactions (bonding, voting, claiming, authorizing usage). Only use a key with minimal funds and no long‑term access to critical assets (prefer a throwaway/test wallet or hardware wallet where possible).
- The x402 server you configure will be able to serve ZIP packages that this skill will download and extract locally. Only point X402_SERVER_URL at servers you trust; inspect downloaded ZIPs before executing any installed code.
- The package metadata is inconsistent: skill.json does not list PRIVATE_KEY as a required config even though SKILL.md and the code expect it. That mismatch suggests the metadata or packaging may be incomplete — proceed cautiously and review the code yourself.
- The CCTP attestation flow in the client contains placeholders (simulated attestation) and many testnet zero-addresses; the implementation may be incomplete or non-production. Do not rely on it for real mainnet funds without auditing.
- If you decide to test: use testnet or a disposable environment, verify CONTRACT_ADDRESS and RPC endpoints, and monitor outbound network calls. Prefer to review / vet the x402 server and SkillSecurityRegistry contract code before trusting bond/vote flows.
If you want, I can extract and highlight the exact lines that (a) read PRIVATE_KEY and sign transactions, and (b) download+extract ZIPs so you can quickly audit the dangerous spots.
Capability Analysis
Type: OpenClaw Skill
Name: arc-security
Version: 1.0.1
This skill is classified as suspicious due to two major security risks, despite its stated benign purpose. Firstly, it explicitly requires the user's `PRIVATE_KEY` as an environment variable for signing blockchain transactions (mentioned in `SKILL.md`, `README.md`, and used in `arc_contract.py` and `cctp_client.py`). This exposes a critical secret to the agent's environment, making it highly vulnerable to theft or misuse. Secondly, the `x402_client.py` module is designed to download and extract arbitrary ZIP files from a remote `X402_SERVER_URL`, posing a significant supply chain risk where a compromised server could deliver malicious payloads to the agent.
Capability Assessment
Purpose & Capability
Name/description and code align: the skill implements an on‑chain SkillSecurityRegistry client, CCTP transfers and an x402 paywall client to download skill packages. Requiring RPC URLs, CONTRACT_ADDRESS and a signing key (PRIVATE_KEY) is consistent with on‑chain write operations. However, skill.json's config omits PRIVATE_KEY even though SKILL.md and the code require it — this manifest mismatch is a red flag that the metadata and runtime requirements are not fully synchronized.
Instruction Scope
Runtime instructions and code perform sensitive actions outside simple queries: the CLI will sign and send on‑chain transactions using PRIVATE_KEY, and the x402 client downloads arbitrary ZIP packages from the configured x402 server and extracts them into the current working directory. Automatically extracting remote archives without validation (and installing other skills) increases risk because a malicious x402 server can deliver arbitrary code. SKILL.md requires PRIVATE_KEY and contract config which the code uses; the instruction scope matches the purpose but includes high‑impact operations (key usage + arbitrary code installation).
Install Mechanism
No install spec (instruction+code only), dependencies are standard (web3, requests, python-dotenv). The highest installation risk comes from runtime behavior: request_skill downloads a zip and extracts it locally (extract all). The code does not validate or sandbox downloaded packages. The package itself was delivered with source files included (no external archive downloads during install).
Credentials
The skill legitimately needs RPC endpoints and a private key for signing transactions and cross‑chain transfers. That said, PRIVATE_KEY is highly sensitive and the manifest (skill.json) fails to declare it as a required config item, while SKILL.md and the code require it — an inconsistency. Also the skill will use that key to sign arbitrary transactions (bond, vote, authorize usage), so you must only use a key you control and limit funds on it. The default x402 server URL is a placeholder (skills.example.com) — using an untrusted x402 server would allow it to control what gets downloaded.
Persistence & Privilege
The skill is not marked always:true and does not request platform‑wide persistence. It will, however, write downloaded skill packages to disk and extract them (installing other skills), which is expected for a skill installer but increases attack surface. It does not modify other skills' configurations directly in the code shown, but installing arbitrary packages can effectively modify agent behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install arc-security - After installation, invoke the skill by name or use
/arc-security - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Major documentation overhaul with expanded usage instructions and protocol details
- Added comprehensive command reference for skill trust checking, usage payment, bonding, reporting, voting, and earnings withdrawal
- Updated environment variable configuration table with default values and optional cross-chain support
- Detailed architecture, fee structure, and supported chains documentation
- Improved trust score and governance process explanations
v1.0.0
Arc Security 1.0.0 initial release
- Introduces chain-agnostic Agent Trust Protocol for OpenClaw skills.
- Provides installation instructions with Clawhub.
- Details configuration using environment variables for Arc integration.
- Released under the MIT license.
Metadata
Frequently Asked Questions
What is Arc Security - Agent Trust Protocol?
Manage skill trust by staking USDC bonds, paying micro-fees for verified skills, reporting malicious skills, and participating in decentralized governance vi... It is an AI Agent Skill for Claude Code / OpenClaw, with 2731 downloads so far.
How do I install Arc Security - Agent Trust Protocol?
Run "/install arc-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Arc Security - Agent Trust Protocol free?
Yes, Arc Security - Agent Trust Protocol is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Arc Security - Agent Trust Protocol support?
Arc Security - Agent Trust Protocol is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Arc Security - Agent Trust Protocol?
It is built and maintained by Shaishav Pidadi (@shaivpidadi); the current version is v1.0.1.
More Skills