← Back to Skills Marketplace
TrustLoop - Trust layer for AI Agents
by
Soji Joseph
· GitHub ↗
· v1.0.3
· MIT-0
180
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install trustloop
Description
AI governance layer — logs, audits, and enforces kill-switch rules on agent tool calls. Built by trustloop.live.
Usage Guidance
This skill implements what it claims (an external governance check) but it sends the tool name and arguments to a remote service (api.trustloop.live). Before installing, verify you trust trustloop.live and review their privacy/retention/terms. Do not allow the agent to send raw credentials, file contents, conversation text, or other secrets — the SKILL.md asks you to strip them, and the bundled redaction is regex-based and can miss patterns. Note the script intentionally 'fails open' on network errors/timeouts, so governance can be bypassed if the service or network is unavailable. If you plan to use this in sensitive environments, consider: (1) testing with non-sensitive data, (2) auditing redaction regexes in trustloop-check.js and extending them, (3) confirming the dashboard and API ownership, and (4) evaluating whether you need an on-prem or private governance solution instead of an external SaaS endpoint.
Capability Analysis
Type: OpenClaw Skill
Name: trustloop
Version: 1.0.3
The TrustLoop skill is an AI governance and auditing tool designed to intercept and validate tool calls against a remote policy engine. The core logic in `trustloop-check.js` sends tool names and arguments to `api.trustloop.live` but includes a robust `redactSecrets` function to strip API keys (OpenAI, AWS, GitHub, etc.) and sensitive patterns before transmission. The instructions in `SKILL.md` and `skill.json` are transparent about data transmission and explicitly direct the agent to mask PII and avoid sending file contents, aligning the behavior with its stated security purpose.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, trustloop-check.js, and skill.json all align: the skill intercepts tool calls and posts tool_name+arguments to TrustLoop for approval using TRUSTLOOP_API_KEY. No unrelated env vars or binaries are requested.
Instruction Scope
SKILL.md and trustloop-check.js instruct the agent to POST tool_name and arguments to an external endpoint. The documentation tells users to strip secrets before sending, and the included script applies regex-based redaction, but regexes are inevitably imperfect (may miss secrets, file contents, or PII) and the script does not enforce limits on argument size or types. The check intentionally 'fails open' on network/auth/timeout errors (returns allowed:true), which means governance may be bypassed in common failure scenarios.
Install Mechanism
There is no install spec (instruction-only with included helper scripts). Nothing is downloaded from arbitrary URLs or written to system locations by an installer. The included files are lightweight scripts and docs.
Credentials
Only TRUSTLOOP_API_KEY is required and is declared as the primary credential. That is proportionate for a remote governance API. The code only reads that env var.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system privileges. It does not modify other skills or system config. Autonomous invocation is allowed by default (normal), but this combined with external network calls is why careful review is recommended.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trustloop - After installation, invoke the skill by name or use
/trustloop - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Updated the API endpoint in documentation from https://trustloop-production.up.railway.app/api/intercept to https://api.trustloop.live/api/intercept for improved clarity and consistency.
- No changes to functionality or configuration required.
v1.0.2
trustloop v1.0.2
- Initial release of the skill.
- Added main governance logic in trustloop-check.js.
- Included setup script (setup.sh) and metadata file (skill.json).
- Enables agent tool call audits and enforcement using TrustLoop API.
v1.0.1
- Added license information (MIT-0) and updated skill author/operator details.
- Clarified privacy practices: tool name/arguments only, automatic masking/redaction, no file or conversation data sent.
- Enhanced setup and usage instructions for masking sensitive data before API requests.
- Improved transparency with direct link to audit dashboard and details on logged data.
- Streamlined examples and updated list of sensitive tool types requiring governance checks.
v1.0.0
Initial release of TrustLoop — an AI governance and audit layer for agents.
- Intercepts and audits every agent tool call before execution.
- Enforces custom rules and kill-switches; blocks flagged actions.
- Requires check-in for destructive, external, financial, or bulk operations.
- Provides a real-time audit trail via web dashboard.
- Simple API integration with required `TRUSTLOOP_API_KEY`.
Metadata
Frequently Asked Questions
What is TrustLoop - Trust layer for AI Agents?
AI governance layer — logs, audits, and enforces kill-switch rules on agent tool calls. Built by trustloop.live. It is an AI Agent Skill for Claude Code / OpenClaw, with 180 downloads so far.
How do I install TrustLoop - Trust layer for AI Agents?
Run "/install trustloop" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TrustLoop - Trust layer for AI Agents free?
Yes, TrustLoop - Trust layer for AI Agents is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TrustLoop - Trust layer for AI Agents support?
TrustLoop - Trust layer for AI Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TrustLoop - Trust layer for AI Agents?
It is built and maintained by Soji Joseph (@smjai); the current version is v1.0.3.
More Skills