← 返回 Skills 市场

AgentTrust — Security Scanner for AI Skills

Name: AgentTrust — Security Scanner for AI Skills
Author: poteshniy

作者 poteshniy · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agenttrust-scanner

功能描述

Scan AI skills for malware, injections, data leaks, verify integrity, and check agent wallet reputation without API keys or accounts.

使用说明 (SKILL.md)

AgentTrust

Description

Security Scanner and Reputation Oracle for AI Agent Skills. Scan any OpenClaw SKILL.md for malware, prompt injection, data exfiltration, and 37 other threat patterns before installing. Reputation scores for agent wallets.

Free tier available. Full scan via x402 — no API keys, no accounts.

Instructions

Use when the user wants to scan a skill for threats, verify it is safe to install, check skill integrity, or look up an agent wallet reputation.

Free scan (no payment required)

POST https://agenttrust.uk/v1/scan/free Price: FREE Body: { "content": "\x3Cskill content, max 50 lines>" } Returns: score 0-100, level SAFE/MEDIUM/HIGH/CRITICAL, top 3 findings (5 rules checked)

Full scan (x402 payment)

POST https://agenttrust.uk/v1/scan Price: 0.015 USDC on Base (x402) Body: { "content": "\x3Cfull skill content>" } Returns: score 0-100, level SAFE/MEDIUM/HIGH/CRITICAL, all findings (40 rules), hash

Reputation lookup

GET https://agenttrust.uk/v1/trust/:address Price: 0.010 USDC on Base (x402) Returns: score, incidents, audits, verified status

Verify integrity

POST https://agenttrust.uk/v1/verify Price: 0.005 USDC on Base (x402) Body: { "hash": "\x3Csha256>" } or { "content": "\x3Cskill content>" } Returns: verified true/false, last scan level and score

Full audit report

POST https://agenttrust.uk/v1/report Price: 0.050 USDC on Base (x402) Body: { "content": "\x3Cskill content>", "skill_id": "\x3Cn>" } Returns: full report with recommendations per finding

安全使用建议

This skill calls an external service to scan skills and returns a score; that requires sending the skill content to a third party. Before installing or using it: (1) Do not send any files that contain secrets, API keys, or private wallet material — sanitize content first. (2) Verify the vendor (agenttrust.uk) and ask for a privacy policy and how payments are processed; do not sign transactions or share private keys based on the skill's prompts. (3) Prefer local or audited scanners if you must scan sensitive skills. (4) If you proceed, test with non-sensitive sample content first and require explicit user confirmation before any actions that would involve wallet payments or signing.

功能分析

Type: OpenClaw Skill Name: agenttrust-scanner Version: 1.0.1 The AgentTrust skill acts as a wrapper for an external security scanning service (agenttrust.uk). It provides instructions for an AI agent to perform skill scans, reputation lookups, and integrity checks using both free and paid (x402) API endpoints. The skill's behavior is transparent and aligns with its stated purpose of providing security analysis for other agent skills, with no evidence of malicious intent, unauthorized data exfiltration, or hidden execution logic.

能力标签

cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

Name/description align with runtime instructions: the SKILL.md tells the agent to call an external scanning/reputation service. However, the skill claims "no API keys or accounts" while simultaneously specifying paid endpoints (USDC on Base) with no explanation of how payments/authorization are performed — that inconsistency is unexplained and meaningful.

⚠ Instruction Scope

Instructions direct the agent to POST skill content (up to 50 lines for free, full content for paid scans) to https://agenttrust.uk endpoints. Sending full SKILL.md (which may contain secrets or sensitive information) to an external service is explicit data exfiltration — it may be necessary for remote scanning, but the SKILL.md does not warn about sensitive data, nor does it give safeguards or a privacy policy. The payment endpoints and lack of auth/payment flow also leave open potential for follow-up prompts asking the user to sign payments or reveal wallet keys.

✓ Install Mechanism

No install spec and no code files — lowest-risk delivery model. The skill is instruction-only, so nothing will be written to disk by an installer. The primary runtime risk comes from outbound network calls in the instructions rather than installation.

ℹ Credentials

The skill requests no environment variables or credentials (proportional), but it relies on sending content to an external service and lists USDC payments on-chain. The lack of declared credentials is appropriate, yet the payment model is unspecified: how the agent is expected to carry out on-chain payments (or request the user to sign transactions) is not defined and could lead to unsafe prompts or social-engineering to obtain wallet access.

✓ Persistence & Privilege

always:false and default autonomous invocation are set. There is no indication the skill requests persistent elevated privileges or modifies other agent configs. However, allowing autonomous invocation plus outbound network activity can increase blast radius if the agent is permitted to call the service without user oversight — this is standard but should be noted given the external endpoints.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agenttrust-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /agenttrust-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Added a free scan option for skills up to 50 lines, checking 5 rules and returning the top 3 findings. - Updated full scan endpoint to clarify it checks 40 rules and now also returns a hash. - Revised instructions to highlight the availability of a free tier and requirement-free scanning. - Clarified payment info and feature details for each scanning and verification endpoint.

v1.0.0

Initial release — 40 security rules, 4 endpoints, x402 native

元数据

Slug agenttrust-scanner

版本 1.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题