← 返回 Skills 市场

Agentshield Audit

Name: Agentshield Audit
Author: bartelmost

作者 bartelmost · GitHub ↗ · v1.0.32 · MIT-0

cross-platform ⚠ suspicious

1141

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agentshield-audit

功能描述

Trust Infrastructure for AI Agents - Like SSL/TLS for agent-to-agent communication. 77 security tests, cryptographic certificates, and Trust Handshake Protoc...

使用说明 (SKILL.md)

AgentShield - Trust Infrastructure for AI Agents

The trust layer for the agent economy. Like SSL/TLS, but for AI agents.

🔐 Cryptographic Identity - Ed25519 signing keys
🤝 Trust Handshake Protocol - Mutual verification before communication
📋 Public Trust Registry - Reputation scores & track records
✅ 77 Security Tests - Comprehensive vulnerability assessment

🔒 Privacy Disclosure: See PRIVACY.md for detailed data handling information.

🎯 The Problem

Agents need to communicate with other agents (API calls, data sharing, task delegation). But how do you know if another agent is trustworthy?

Has it been compromised?
Is it leaking data?
Can you trust its responses?

Without a trust layer, agent-to-agent communication is like HTTP without SSL - unsafe and unverifiable.

💡 The Solution: Trust Infrastructure

AgentShield provides the trust layer for agent-to-agent communication:

1. Cryptographic Identity

Ed25519 key pairs - Industry-standard cryptography
Private keys stay local - Never transmitted
Public key certificates - Signed by AgentShield

2. Security Audit (77 Tests)

52 Live Attack Vectors: Tests defense against instruction manipulation, encoding schemes, and social engineering across 6 languages. All attack patterns are stored locally in agentshield_attack_patterns.json (not embedded in documentation).

25 Static Security Checks:

Input sanitization
Output DLP (data leak prevention)
Tool sandboxing
Secret scanning
Supply chain security

Result: Security score (0-100) + Tier (VULNERABLE → HARDENED)

Privacy: Tests run 100% locally - only pass/fail scores sent to API (no prompts/responses)

3. Trust Handshake Protocol

Agent A wants to communicate with Agent B:

# Step 1: Both agents get certified
python3 initiate_audit.py --auto

# Step 2: Agent A initiates handshake with Agent B
python3 handshake.py --target agent_B_id

# Step 3: Both agents sign challenges
# (Automatic in v1.0.13+)

# Step 4: Receive shared session key
# → Now you can communicate securely!

What you get:

✅ Mutual verification (both agents are who they claim to be)
✅ Shared session key (for encrypted communication)
✅ Trust score boost (+5 for successful handshakes)
✅ Public track record (handshake history)

4. Public Trust Registry

Searchable database of all certified agents
Reputation scores based on audits, handshakes, and time
Trust tiers: UNVERIFIED → BASIC → VERIFIED → TRUSTED
Revocation list (CRL) - Compromised agents get flagged

🚀 Quick Start

Install

clawhub install agentshield

# Install Python dependencies (required!)
pip3 install -r requirements.txt
cd ~/.openclaw/workspace/skills/agentshield*/

Get Certified (77 Security Tests)

# RECOMMENDED: Dry-run first (see what would be submitted)
python3 initiate_audit.py --auto --dry-run

# After verifying payload: Run for real
python3 initiate_audit.py --auto

# Or manual (no file reads):
python3 initiate_audit.py --name "MyAgent" --platform telegram

Output:

✅ Agent ID: agent_xxxxx
✅ Security Score: XX/100
✅ Tier: PATTERNS_CLEAN / HARDENED / etc.
✅ Certificate (90-day validity)

Verify Another Agent

python3 verify_peer.py agent_yyyyy

Trust Handshake with Another Agent

# Initiate handshake
python3 handshake.py --target agent_yyyyy

# Result: Shared session key for encrypted communication

📋 Use Cases

1. Agent-to-Agent API Calls

Before: Agent A calls Agent B's API - no way to verify B's integrity
With AgentShield: Agent A checks Agent B's certificate + handshake → Verified communication

2. Multi-Agent Task Delegation

Before: Orchestrator spawns sub-agents - can't verify they're safe
With AgentShield: All sub-agents certified → Orchestrator knows they're trusted

3. Agent Marketplaces

Before: Download random agents from the internet - no trust guarantees
With AgentShield: Browse Trust Registry → Only hire VERIFIED agents

4. Data Sharing Between Agents

Before: Share sensitive data with another agent - hope it doesn't leak
With AgentShield: Handshake → Encrypted session key → Secure data transfer

🛡️ Security Architecture

Privacy-First Design

✅ All 77 tests run locally - Your system prompts NEVER leave your device
✅ Private keys stay local - Only public keys transmitted
✅ Human-in-the-Loop - Explicit consent before reading IDENTITY.md/SOUL.md
✅ No environment scanning - Doesn't scan for API tokens

What goes to the server:

Public key (Ed25519)
Agent name & platform
Test scores (passed/failed summary)

What stays local:

Private key
System prompts
Configuration files
Detailed test results

Environment Variables (Optional)

AGENTSHIELD_API=https://agentshield.live  # API endpoint
AGENT_NAME=MyAgent                        # Override auto-detection
OPENCLAW_AGENT_NAME=MyAgent               # OpenClaw standard

📊 What You Get

Certificate (90-day validity)

{
  "agent_id": "agent_xxxxx",
  "public_key": "...",
  "security_score": 85,
  "tier": "PATTERNS_CLEAN",
  "issued_at": "2026-03-10",
  "expires_at": "2026-06-08"
}

Trust Registry Entry

✅ Public verification URL: agentshield.live/verify/agent_xxxxx
✅ Trust score (0-100) based on:
- Age (longer = more trust)
- Verification count
- Handshake success rate
- Days active
✅ Tier: UNVERIFIED → BASIC → VERIFIED → TRUSTED

Handshake Proof

{
  "handshake_id": "hs_xxxxx",
  "requester": "agent_A",
  "target": "agent_B",
  "status": "completed",
  "session_key": "...",
  "completed_at": "2026-03-10T20:00:00Z"
}

🔧 Scripts Included

Script	Purpose
`initiate_audit.py`	Run 77 security tests & get certified
`handshake.py`	Trust handshake with another agent
`verify_peer.py`	Check another agent's certificate
`show_certificate.py`	Display your certificate
`agentshield_tester.py`	Standalone test suite (advanced)

🌐 API Endpoints

Base URL: https://agentshield.live/api

1. Agent Audit Flow

POST /agent-audit/initiate
  → Initiate audit session
  → Input: {agent_name, platform, public_key}
  → Output: {audit_id, challenge}

POST /agent-audit/challenge
  → Complete challenge-response authentication
  → Input: {audit_id, challenge_response (signed)}
  → Output: {authenticated: true}

POST /agent-audit/complete
  → Submit test results & receive certificate
  → Input: {audit_id, test_results}
  → Output: {certificate, agent_id, expires_at}

2. Certificate Operations

GET /certificate/verify/{agent_id}
  → Verify another agent's certificate
  → Output: {valid, score, tier, issued_at, expires_at}

GET /api/public-key
  → Get AgentShield's public signing key
  → Output: {public_key (Ed25519, base64)}

3. Trust Handshake

POST /handshake/initiate
  → Start Trust Handshake with another agent
  → Input: {requester_id, target_id}
  → Output: {handshake_id, challenges}

POST /handshake/complete
  → Complete handshake with signed challenges
  → Input: {handshake_id, signatures}
  → Output: {session_key, trust_boost}

Rate Limits

Audits: 1 per hour per IP
Handshakes: 10 per hour per agent
Verifications: Unlimited (read-only)

All endpoints require HTTPS. No API keys needed.

🌐 Trust Handshake Protocol (Technical)

Flow

Initiate: Agent A → Server: "I want to handshake with Agent B"
Challenge: Server generates random challenges for both agents
Sign: Both agents sign their challenges with private keys
Verify: Server verifies signatures with public keys
Complete: Server generates shared session key
Trust Boost: Both agents +5 trust score

Cryptography

Algorithm: Ed25519 (curve25519)
Key Size: 256-bit
Signature: Deterministic (same message = same signature)
Session Key: AES-256 compatible

🚀 Roadmap

Current (v1.0.31):

✅ 77 security tests
✅ Ed25519 certificates
✅ Trust Handshake Protocol
✅ Public Trust Registry
✅ CRL (Certificate Revocation List)
✅ Explicit whitelist sanitization (test IDs only)
✅ Dry-run mode for transparency

Coming Soon:

⏳ Auto re-audit (when prompts change)
⏳ Negative event reporting
⏳ Fleet management (multi-agent dashboard)
⏳ Trust badges for messaging platforms

📖 Learn More

Website: https://agentshield.live
GitHub: https://github.com/bartelmost/agentshield
API Docs: https://agentshield.live/docs
ClawHub: https://clawhub.ai/bartelmost/agentshield

🎯 TL;DR

AgentShield is SSL/TLS for AI agents.

Get certified → Verify others → Establish trust handshakes → Communicate securely.

# 1. Get certified
python3 initiate_audit.py --auto

# 2. Handshake with another agent
python3 handshake.py --target agent_xxxxx

# 3. Verify others
python3 verify_peer.py agent_yyyyy

Building the trust layer for the agent economy. 🛡️

🔐 Privacy & Security Guarantees (v1.0.31+)

✅ EXPLICIT WHITELIST (What Gets Sent):

Test IDs (e.g. "PI-001", "SS-003")
Pass/fail boolean per test
Category names (e.g. "prompt_injection")
Summary counts (passed/failed/total)
Agent metadata (name, platform, version)
Public key (Ed25519, for certificate signing)

❌ NEVER SENT (Explicitly Excluded):

✅ Your system prompt
✅ Attack test inputs/payloads (e.g. "ignore previous instructions")
✅ Attack test outputs/responses
✅ Evidence snippets (base64 matches, pattern findings)
✅ Error messages from test execution
✅ Tool configurations
✅ File paths or workspace structure
✅ Private keys (Ed25519, stay local in ~/.agentshield/)

🔍 Code-Level Enforcement:

See audit_client.py line 108: _sanitize_test_details() whitelist
Payloads/responses/evidence explicitly dropped (line 130-136 comments)
Dry-run mode: --dry-run flag shows exact payload before submission

Verification:

# See what WOULD be submitted (no API call)
python3 initiate_audit.py --auto --dry-run

All code is open-source: github.com/bartelmost/agentshield

🔒 Data Transmission Transparency

What Gets Sent to AgentShield API

During Audit Submission:

{
  "agent_name": "YourAgent",
  "platform": "telegram",
  "public_key": "base64_encoded_ed25519_public_key",
  "test_results": {
    "score": 85,
    "tests_passed": 74,
    "tests_total": 77,
    "tier": "PATTERNS_CLEAN",
    "failed_tests": ["test_name_1", "test_name_2"]
  }
}

What is NOT sent:

❌ Full test output/logs
❌ Your prompts or system messages
❌ IDENTITY.md or SOUL.md file contents
❌ Private keys (stay in ~/.agentshield/agent.key)
❌ Workspace files or memory

API Endpoint:

Primary: https://agentshield.live/api (proxies to Heroku backend)
All traffic over HTTPS (TLS 1.2+)

🛡️ Consent & Privacy

File Read Consent (v1.0.30+):

✅ Explicit consent prompt BEFORE reading IDENTITY.md/SOUL.md
User sees: "🔐 PRIVACY CONSENT - Read IDENTITY.md for agent name? [Y/n]"
If declined: Exits with message "Please run with: --name 'YourAgentName'"
If approved: Only name/platform extracted (not full file content)

⚠️ Automation Mode (--yes flag) - v1.0.31+:

The --yes flag is designed for CI/CD and pre-audited environments ONLY.

When to use:

✅ Sandboxed test agents (no real secrets)
✅ CI/CD pipelines (after manual code review + dry-run)
✅ Agents you've already audited manually

When NOT to use:

❌ Production agents with real secrets
❌ Agents handling sensitive user data
❌ First-time audit (always use manual mode first!)

Why? The --yes flag bypasses ALL consent prompts. While the code includes explicit sanitization (see audit_client.py line 108+), we recommend:

Run --dry-run first to inspect payload
Manually review audit_client.py whitelist
Only then use --yes for automation

Best Practice:

# Step 1: Dry-run to see payload
python3 initiate_audit.py --auto --dry-run

# Step 2: Review output, verify sanitization
# (Should only show test IDs + pass/fail, no payloads)

# Step 3: If satisfied, run for real
python3 initiate_audit.py --auto

# Step 4: For CI/CD, add --yes ONLY after manual verification
python3 initiate_audit.py --auto --yes

Privacy-First Mode:

export AGENTSHIELD_NO_AUTO_DETECT=1
python initiate_audit.py --name "MyBot" --platform "telegram"

→ Zero file reads, manual input only

See PRIVACY.md for complete data handling documentation.

安全使用建议

High-level: this package appears coherent for its stated purpose (local security tests + certificate-based trust handshake), and the authors built a dry-run + whitelist sanitization to avoid leaking test payloads. Before installing or running in production: 1) Run the dry-run mode (python3 initiate_audit.py --auto --dry-run) and inspect the exact payload the tool would submit. 2) Verify you are using v1.0.32 or later (notes indicate v1.0.31 had a sanitization bug). 3) Confirm the API endpoint you will contact (AGENTSHIELD_API) — if you don't trust agentshield.live, override the env var or run only locally. 4) Review the code that reads local files and the private key path (~/.openclaw/workspace/.agentshield/) and ensure permissions are appropriate. 5) If you run automated (--yes/--auto) mode, only do so in sandboxed or pre-audited environments. 6) If you want stronger assurances, run the package in an isolated VM/container and inspect network traffic during a dry-run. These steps minimize risk and verify the implementation matches the privacy claims.

功能分析

Type: OpenClaw Skill Name: agentshield-audit Version: 1.0.32 This bundle provides a comprehensive security auditing and cryptographic identity framework for AI agents, including modules for secret scanning, input sanitization, and a 'Trust Handshake' protocol. While the tool performs sensitive operations such as scanning the local workspace for API keys (`secret_scanner.py`) and communicating with an external API (`agentshield.live`), the implementation includes explicit data sanitization whitelists in `audit_client.py` to prevent the exfiltration of sensitive payloads, agent responses, or evidence. The logic is consistent with its stated purpose of hardening agent security and establishing verifiable identities, and the code includes human-in-the-loop consent prompts for file access.

能力评估

✓ Purpose & Capability

The name/description (AgentShield, trust layer + audits + handshake) align with the included scripts: audit runner, sanitizing API client, handshake/completion, key/cert handling, secret & supply-chain scanners. Network calls to a central API (agentshield.live) and local file/key access (~/.openclaw/workspace/.agentshield/) are expected for certificate issuance and handshake.

ℹ Instruction Scope

SKILL.md and the scripts instruct running local tests and optionally contacting the API. The docs explicitly describe human-in-the-loop consent before reading IDENTITY.md/SOUL.md and provide a --dry-run mode to preview payloads. The SKILL.md (and included example files) contains prompt-injection test strings and zero-width/unicode examples — these triggered static detectors but are legitimate test vectors for an auditing tool. Still: follow the recommended dry-run and consent flow before any real submission.

✓ Install Mechanism

There is no remote installer; the package is a bundled Python toolset and SKILL.md instructs pip install -r requirements.txt (cryptography, requests). This is proportional to the task and does not fetch arbitrary code at runtime. No suspicious external download URLs were found in the provided manifest.

ℹ Credentials

The skill declares no required credentials and only optional env vars (AGENTSHIELD_API, AGENT_NAME, OPENCLAW_AGENT_NAME). It reads local identity files and stores a private Ed25519 key locally (claimed mode 600). Those privileges are appropriate for generating/signing certificates, but they are sensitive: verify file paths/permissions and that you consent before the tool reads those files. The tool also performs network outbound to agentshield.live — expected, but verify the endpoint before sending data.

✓ Persistence & Privilege

always:false and disable-model-invocation:false (normal). The skill stores keys and certificates in its own workspace directory and does not claim to modify other skills or system-wide agent settings. No 'always' or other elevated persistent privileges are requested.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agentshield-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /agentshield-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.32

**Version 1.0.32 - CRITICAL BUGFIX** - **FIXED:** Backend 500 errors (session management) - **FIXED:** Privacy violation (data sanitization gap) - **FIXED:** Authentication state maintenance v1.0.31 audits failed - v1.0.32 works correctly. Immediate upgrade recommended.

v1.0.31

Version 1.0.31 introduces improved audit transparency and security controls. - Added explicit whitelist-based input sanitization. - Introduced a dry-run mode for the audit script, allowing users to preview audit payloads before official submission. - Updated documentation to highlight dry-run usage and clarify transparency features. - Removed the previous CHANGELOG file for version 1.0.30 and added a new one for this release.

v1.0.30

## AgentShield Audit v1.0.30 Changelog - Added detailed API endpoint documentation in SKILL.md, describing audit, certificate, and handshake flows. - Clarified security audit workflow and protocol steps. - No changes to functionality; documentation improved for transparency and integration. - Version updated to 1.0.30.

v1.0.29

**v1.0.29 - Name Detection Fix & Scanner Balance** **Fixed:** - Name auto-detection now handles markdown formatting (`*Name:* Eddie`, `**Name:** Eddie`) - Restored detailed security documentation for scanner verification - Enhanced regex patterns for identity file parsing **Security Features (Highlighted):** - Ed25519 private keys generated and stored locally (never transmitted) - No API credentials required - works out of the box - Standard pip install mechanism (cryptography>=41.0.0, requests>=2.31.0) - Keys stored with 600 permissions in ~/.openclaw/workspace/.agentshield/

v1.0.28

No file changes detected. - Version number updated from 1.0.23 to 1.0.28 in SKILL.md. - No other changes applied.

v1.0.27

- Documentation and project files updated to remove embedded test pattern details—attack patterns are now referenced as a local JSON file. - Several auxiliary and developer documentation files removed for simplification (including CHANGELOG_v1.0.26.md, DEPLOY.md, DEVELOPER_NOTE.md, README_TESTER.md). - Clarified privacy details: all test vectors live in a local file, and all tests continue to run locally. - No changes to functionality or APIs—this is primarily a documentation and cleanup release.

v1.0.26

- Added new documentation and reference files: CHANGELOG_v1.0.26.md, README_TESTER.md, agentshield_attack_patterns.json, and agentshield_prompt_examples.txt. - Introduced fix_datetime.py for potential date/time handling improvements. - Removed obsolete file: _meta.json. - No changes to SKILL.md content.

v1.0.25

No changes detected in this release. - Version number updated to 1.0.25 Fixed peer verification issues discovered through external testing: • Timestamp parsing now handles ISO strings, Unix timestamps, and HTTP date formats • Increased API timeouts (30s/60s) to handle Heroku cold starts gracefully • Corrected certificate verification URL display (/api/verify/)

v1.0.24

Version 1.0.24 - No file changes detected in this release. - Functionality remains the same as previous version. - Demo and test data that led to a "Suspicious" rating in the last version have been removed, and a minor bug fix has been implemented in the documentation.

v1.0.23

- Documentation update: Added an explicit step to install Python dependencies (`pip3 install -r requirements.txt`) in the Quick Start guide. - No code changes or new features; documentation only.

v1.0.22

v1.0.22 - Security & Documentation Update FIXED: • Hardcoded Heroku URL → agentshield.live/api (domain-aligned) ADDED: • Data Transmission Transparency section (explicit JSON examples) • Consent Flow documentation (BEFORE file access) • PRIVACY.md - Complete data handling guide ADDRESSES: • OpenClaw scanner concerns from v1.0.21 • Expected: Benign/Low Risk rating No breaking changes. Same 77 tests + Trust Handshake Protocol.

v1.0.21

**AgentShield 1.0.21 – Adds Trust Handshake Protocol** - Introduced `handshake.py` for agent-to-agent trust handshakes, enabling mutual verification and secure key exchange. - Expanded documentation: describes Trust Handshake Protocol, trust scores, handshake workflow, and use cases for agent-to-agent secure communication. - Updated triggers and descriptions to reflect new handshake and verification capabilities. - All scripts remain fully bundled; private keys stay local and user consent is explicit.

v1.0.20

**AgentShield Audit v1.0.20 Changelog** - Renamed skill to "agentshield-audit" and focused scope on auditing and certificate generation. - Added `PRIVACY.md` for detailed privacy and data handling transparency. - Added `complete_handshake.py` script; removed legacy `handshake.py` for updated handshake logic. - Documentation overhaul: updated skill description, installation, security model, and consent workflow in SKILL.md. - Enhanced privacy disclosure and user consent requirements for all steps involving sensitive data.

v1.0.19

**No code changes detected in this release. SKILL.md documentation updated:** - Expanded description to emphasize AgentShield as SSL/TLS for AI agents, focusing on trust, certification, and secure handshakes. - New sections detailing the Trust Handshake Protocol, public Trust Registry, and reputation scoring. - Streamlined usage instructions for certification, verifying agents, and establishing secure sessions. - Clarified privacy model, cryptographic foundations, and inclusion of all 77 security tests. - Added technical overview and roadmap for upcoming features.

v1.0.18

AgentShield v1.0.18 introduces the trust handshake feature. - Added new handshake.py file to enable trust handshake functionality between agents. - Updated SKILL.md: added "trust handshake" to triggers and expanded the description to include trust handshakes. - Version bumped from 1.0.12 → 1.0.13 in SKILL.md. - No external code added; all scripts remain bundled locally.

v1.0.17

agentshield-audit v1.0.17 Changelog - Documented environment variable overrides for API endpoint and agent name in SKILL.md. - Clarified that only non-sensitive environment variables (`AGENTSHIELD_API`, `AGENT_NAME`, `OPENCLAW_AGENT_NAME`) are read, and agent secrets/tokens are never scanned. - No code changes or file modifications in this version—documentation update only.

v1.0.16

**AgentShield Audit Skill v1.0.16** - Fully restructured as a locally bundled, privacy-first skill with no external code fetching - Added explicit user consent ("human-in-the-loop") workflow before reading any sensitive files - Modularized codebase with new scripts for input sanitization, DLP, secret scanning, supply chain checking, and audit initiation - Old registry and handshake-related scripts removed for leaner, audit-focused operation - Updated documentation with concise quickstart, detailed consent flow, and improved security/test model - Now includes 77 static and live security tests, all run locally; private keys and prompts never leave your device

v1.0.15

- Added new file: agentshield_tester.py - Introduced standalone testing functionality for the skill

v1.0.14

- Initial release of version 1.0.14. - Added CHANGELOG.md file. - Added agent_auditor.py file.

v1.0.13

**AgentShield Audit v1.0.13 Changelog** - Refactored codebase layout: moved core modules from `src/` to top-level package directory. - Added deployment guide and updated internal structure (`DEPLOY_GUIDE.md`, new `__init__.py`). - No functional logic changes; this is an organizational update for improved packaging and deployment readiness. - Removed redundant `src/` files and added corresponding new top-level module files.

元数据

Slug agentshield-audit

版本 1.0.32

许可证 MIT-0

累计安装 4

当前安装数 3

历史版本数 33

常见问题