← 返回 Skills 市场

Aap Passport

Name: Aap Passport
Author: ira-hash

作者 ira-hash · GitHub ↗ · v3.2.0

cross-platform ⚠ suspicious

2298

总下载

当前安装

版本数

在 OpenClaw 中安装

/install aap-passport

功能描述

Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans.

使用说明 (SKILL.md)

AAP - Agent Attestation Protocol

The Reverse Turing Test. CAPTCHAs block bots. AAP blocks humans.

What It Does

AAP verifies that a client is an AI agent by:

Issuing challenges trivial for LLMs, impossible for humans in time
Requiring cryptographic signature (secp256k1) for identity proof
7 challenges in 6 seconds with mandatory signing

Installation

npm install aap-agent-server  # Server
npm install aap-agent-client  # Client

Server Usage

import { createServer } from 'node:http';
import { createAAPWebSocket } from 'aap-agent-server';

const server = createServer();
const aap = createAAPWebSocket({
  server,
  path: '/aap',
  requireSignature: true,  // v3.2 default
  onVerified: (result) => console.log('Verified:', result.publicId)
});

server.listen(3000);

Client Usage

import { AAPClient, generateIdentity, createSolver } from 'aap-agent-client';

// Identity auto-generated (secp256k1 key pair)
const client = new AAPClient({
  serverUrl: 'ws://localhost:3000/aap'
});

const result = await client.verify(solver);
// Signature automatically included

Protocol Flow (WebSocket v3.2)

← handshake (requireSignature: true)
→ ready (publicKey)
← challenges (7 challenges)
→ answers + signature + timestamp
← result (verified/failed + sessionToken)

Signature Format

Proof data signed with secp256k1:

JSON.stringify({ nonce, answers, publicId, timestamp })

Configuration

Option	Default	Description
`challengeCount`	7	Number of challenges
`totalTimeMs`	6000	Time limit (ms)
`requireSignature`	true	Mandate cryptographic proof

Security

Cryptographic identity (secp256k1)
Signature required = no anonymous access
7 challenges in 6 seconds = impossible for humans
Non-repudiation: all actions traceable

Links

安全使用建议

This skill is coherent with its stated goal, but it includes code and documentation that generate, store, and use a local private key (~/ .aap/identity.json) and exposes programmatic signing tools. Before installing: 1) Understand where the private key will be stored and who/what can read it; prefer hardware/OS key stores or scoped keys instead of a plaintext file. 2) Audit the signing APIs in the package (ensure they only sign AAP proofs and cannot be trivially used to sign arbitrary data). 3) Run the skill in an isolated environment if you plan to test it (container or dedicated account). 4) Verify the upstream npm/github packages and author reputation; consider pinning to a specific vetted release. 5) If you do not want an agent plugin that can access or use private keys autonomously, do not install this skill or remove/replace the signing functions. If you want higher assurance, request the maintainer to declare required config paths/permissions in the manifest and to add explicit runtime prompts/confirmations before any signature operation.

功能分析

Type: OpenClaw Skill Name: aap-passport Version: 3.2.0 The OpenClaw AgentSkills skill bundle implements the Agent Attestation Protocol (AAP), a 'Reverse Turing Test' designed to cryptographically verify AI agents. Its core functionality involves generating and securely storing a secp256k1 key pair in `~/.aap/identity.json` with `0o600` permissions, signing challenge solutions, and communicating with external verification servers via HTTP/WebSocket. While these operations are sensitive (key management, network calls), they are directly aligned with the skill's stated purpose of proving agent identity and intelligence. There is no evidence of intentional harmful behavior, data exfiltration beyond protocol requirements, malicious execution, persistence mechanisms, or prompt injection against the OpenClaw agent itself. The LLM prompts are designed to elicit structured answers for challenges, not to manipulate the agent's behavior.

能力评估

✓ Purpose & Capability

The name/description (Agent Attestation Protocol / Reverse Turing Test) matches the code and docs: server and client libraries, challenge generators, and signature-based proofs. Nothing in the code obviously contradicts the stated purpose of verifying AI agents.

⚠ Instruction Scope

SKILL.md instructs installing and using the client/server libraries to produce signed proofs, which is within scope. However the repo/docs/code expect a local identity (private key) stored at ~/.aap/identity.json and provide tools (aap_sign_message / aap_generate_proof) to sign arbitrary payloads. The skill metadata declares no required config paths or credentials, so there is a mismatch: the runtime instructions and included code assume local private key access that the manifest does not surface. That signing capability expands the agent's scope beyond simple question/answer verification and could be invoked to sign arbitrary data.

✓ Install Mechanism

There is no external install spec (instruction-only), and all source files are included in the skill bundle. No downloads from obscure URLs or extraction steps were found in the manifest. The typical npm packages referenced are standard (express etc.).

⚠ Credentials

The skill metadata lists no environment variables or config paths, yet the docs and code clearly use local key storage (~/.aap/identity.json) and cryptographic signing (secp256k1). Requesting or using a private key file is a sensitive privilege; it is not declared in requires.config and therefore is disproportionate to what the manifest advertises. The client exposes programmatic signing, which could be misused if the model or user invokes it to sign arbitrary payloads.

⚠ Persistence & Privilege

always:false and model invocation is allowed (default). That combination is normal, but because the skill exposes signing functions and expects/stores a long-lived private key on disk, an autonomously-invoked skill could sign data or produce signatures without explicit, careful user oversight. The skill does not claim to modify other skills, but its ability to access and use a local private key is a sensitive persistent capability.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install aap-passport
安装完成后，直接呼叫该 Skill 的名称或使用 /aap-passport 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v3.2.0

**Added cryptographic identity requirement for agent verification.** - Clients must now sign their challenge responses with a secp256k1 key pair; anonymous access is disallowed. - New protocol flow includes sending publicKey, signature, and timestamp for provable identity. - New server option requireSignature (default: true) enforces cryptographic proof. - SKILL.md and code updated to document and implement these signing requirements. - Security model strengthened with non-repudiation and traceable agent actions.

v3.1.0

- Added detailed documentation in SKILL.md, including setup and usage examples - Explained protocol flow and challenge types for AI agent verification - Included configuration options and security considerations - Updated project links and metadata for easier discovery

元数据

Slug aap-passport

版本 3.2.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Aap Passport 是什么？

Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2298 次。

如何安装 Aap Passport？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aap-passport」即可一键安装，无需额外配置。

Aap Passport 是免费的吗？

是的，Aap Passport 完全免费（开源免费），可自由下载、安装和使用。

Aap Passport 支持哪些平台？

Aap Passport 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Aap Passport？

由 ira-hash（@ira-hash）开发并维护，当前版本 v3.2.0。