← Back to Skills Marketplace
pestafford

Credence

by Phil Stafford · GitHub ↗ · v1.0.0
darwinlinuxwin32 ✓ Security Clean
565
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install credence
Description
Check any MCP server or AI tool against the Credence trust registry before installing it. Scores security, provenance, and behavioral risk on a 0-100 scale.
README (SKILL.md)

Credence

Check MCP servers and AI tools against the Credence trust registry before you install them.

When to use this skill

  • Before installing any MCP server
  • When a user asks you to add an MCP server or AI tool
  • When you want to verify whether a tool is safe
  • When the user asks /credence

How it works

Credence scans MCP servers and AI tools for security issues, verifies their provenance, and checks behavioral risk. Every scanned tool gets a trust score from 0 to 100 and a verdict:

Score Verdict Meaning
90-100 APPROVED Safe to install
70-89 CONDITIONAL Review the flagged items before installing
40-69 FLAGGED Significant concerns — install only if you understand the risks
0-39 REJECTED Do not install

Instructions

Check a server by name or URL

Fetch the Credence registry and look up the server:

curl -s "https://raw.githubusercontent.com/pestafford/credence-registry/main/registry/index.json"

Search the servers array for a match on server_id, server_name, canonical_name, or repo_url. The match does not need to be exact — partial matches on the repo URL or server name are fine.

If found, report:

Credence: \x3Cserver_name>
  Score: \x3Ctrust_score>/100
  Verdict: \x3Cthinktank_verdict>
  Scanned: \x3Cattested_at>
  Registry: https://credence.securingthesingularity.com/registry.html

Then give your recommendation:

  • APPROVED (90+): Safe to install. Proceed.
  • CONDITIONAL (70-89): Mention the score and suggest the user review the registry page for details before installing.
  • FLAGGED (40-69): Warn the user. Do not install without explicit confirmation.
  • REJECTED (0-39): Do not install. Explain that Credence found serious issues.

If not found, say:

This tool has not been scanned by Credence yet.
Submit it for scanning at: https://credence.securingthesingularity.com/#submit

Then let the user decide whether to proceed.

Check before installing

Whenever you are about to install or connect to an MCP server (via claude mcp add, editing claude_desktop_config.json, or any other method), check it against Credence first. If the server is not in the registry, tell the user it hasn't been scanned and ask if they want to proceed anyway.

Get full details

For more detail on a specific server, fetch its attestation file. The attestation_file path from the index entry is relative to:

https://raw.githubusercontent.com/pestafford/credence-registry/main/registry/

The attestation includes the full score breakdown (security, provenance, behavioral), scan metadata, and the deliberation verdict.

Examples

User says: "Add the filesystem MCP server"

  1. Fetch the registry index
  2. Find modelcontextprotocol/servers/filesystem — score 88, APPROVED
  3. Report: "Credence score: 88/100 (APPROVED). Safe to install."
  4. Proceed with the install

User says: "Install some-unknown-server"

  1. Fetch the registry index
  2. Not found
  3. Report: "This server hasn't been scanned by Credence yet. You can submit it at https://credence.securingthesingularity.com/#submit — want to install anyway?"

User says: /credence modelcontextprotocol/servers/memory

  1. Fetch the registry index
  2. Find it — score 98, APPROVED
  3. Report the full status

Notes

  • The registry is public and requires no authentication
  • Scores are based on automated scanning plus adversarial AI deliberation
  • A missing entry does not mean a tool is dangerous — it just hasn't been scanned yet
  • For the full methodology, see https://credence.securingthesingularity.com/faq.html
Usage Guidance
This skill is coherent and low-risk: it only fetches public JSON and attestation files from a GitHub repo and references a public website. Before installing, verify the registry sources yourself (visit the GitHub repo and the credence.securingthesingularity.com pages) to confirm they are legitimate and unchanged. Be aware that the SKILL.md permits partial matching of names/URLs (which can yield false matches), and examples imply proceeding with installs for high scores — you should configure the agent to ask for explicit user confirmation before performing any installation. If you rely on Credence for critical security decisions, review its attestation files and methodology on the referenced site and confirm the GitHub repo contents match the expected registry.
Capability Analysis
Type: OpenClaw Skill Name: credence Version: 1.0.0 The skill is designed to check MCP servers and AI tools against a public trust registry. It uses `curl` to fetch JSON data from `https://raw.githubusercontent.com/pestafford/credence-registry/main/registry/index.json`. The instructions in `SKILL.md` guide the AI agent to parse this data, report trust scores, and provide recommendations. All network calls are to a specific, public GitHub repository consistent with the skill's purpose. There is no evidence of data exfiltration, unauthorized command execution, persistence, or any other malicious intent. The prompt injection instructions are aligned with the stated, benign security-checking functionality.
Capability Assessment
Purpose & Capability
Name/description say it checks a public Credence registry. The only required binary is curl, which is appropriate for fetching the index/attestation files from raw.githubusercontent.com. OS restrictions and lack of credentials/config paths are consistent with a read-only registry lookup tool.
Instruction Scope
Instructions are narrowly scoped to fetching a public index.json from a known GitHub raw URL and reading attestation files from the same repo. Two minor notes: (1) the SKILL.md allows partial matching on repo URLs/server names which can produce false positives if multiple entries share substrings; (2) some examples state 'Proceed with the install' for APPROVED entries — that could be interpreted as automatically performing installs. The skill text does not itself run installs or ask for credentials, but operators should ensure the agent asks for user confirmation before performing any installation action.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself. This is the lowest-risk install model.
Credentials
No environment variables, credentials, or config paths are required. The registry is public and the URLs referenced are consistent with the declared purpose. No disproportionate access requested.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent privileges or modify other skills or system configuration. Autonomous invocation is allowed by default but not problematic here given the skill's read-only behavior.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install credence
  3. After installation, invoke the skill by name or use /credence
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Credence skill. - Check any MCP server or AI tool against the Credence trust registry before installing. - Provides a 0–100 trust score with clear verdicts: APPROVED, CONDITIONAL, FLAGGED, or REJECTED. - Fetches and parses registry data to verify security, provenance, and behavioral risk. - Guides users on recommended actions based on trust score. - Offers clear instructions and sample interactions for safe server/tool management.
Metadata
Slug credence
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Credence?

Check any MCP server or AI tool against the Credence trust registry before installing it. Scores security, provenance, and behavioral risk on a 0-100 scale. It is an AI Agent Skill for Claude Code / OpenClaw, with 565 downloads so far.

How do I install Credence?

Run "/install credence" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Credence free?

Yes, Credence is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Credence support?

Credence is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Credence?

It is built and maintained by Phil Stafford (@pestafford); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments