← 返回 Skills 市场
1487
总下载
0
收藏
8
当前安装
2
版本数
在 OpenClaw 中安装
/install arc-trust-verifier
功能描述
Verify skill provenance and build trust scores for ClawHub skills. Checks publisher history, version consistency, dependency trust chains, and generates trus...
使用说明 (SKILL.md)
Trust Verifier
Trust, but verify. Assess the trustworthiness of a ClawHub skill by analyzing its publisher, history, dependencies, and consistency.
Why This Exists
Security scanning catches known malicious patterns. But what about skills that are technically clean but published by unknown authors, have inconsistent version histories, or depend on untrusted packages? Trust Verifier fills the gap between "no vulnerabilities detected" and "safe to install."
Commands
Assess trust for a skill directory
python3 {baseDir}/scripts/trust_verifier.py assess --path ~/.openclaw/skills/some-skill/
Generate a trust attestation
python3 {baseDir}/scripts/trust_verifier.py attest --path ~/.openclaw/skills/some-skill/ --output trust.json
Verify an existing attestation
python3 {baseDir}/scripts/trust_verifier.py verify --attestation trust.json --path ~/.openclaw/skills/some-skill/
Check dependency trust chain
python3 {baseDir}/scripts/trust_verifier.py deps --path ~/.openclaw/skills/some-skill/
Trust Signals
- Publisher reputation: Known vs unknown publisher, account age, skill count
- Version consistency: Do updates match expected patterns? Sudden permission changes?
- Content integrity: SHA-256 hashes of all files, reproducible builds
- Dependency chain: Are dependencies from trusted sources?
- Community signals: Moltbook mentions, upvotes, known endorsements
Trust Levels
- VERIFIED — Meets all trust criteria, attestation valid
- TRUSTED — Most signals positive, minor gaps
- UNKNOWN — Insufficient data to assess trust
- SUSPICIOUS — One or more trust signals failed
- UNTRUSTED — Multiple trust failures, do not install
安全使用建议
What to consider before installing or running:
- The SKILL.md promises external reputation/community signals, but the visible script performs local file checks only; don't assume it fetches publisher history or third‑party reputation data unless you inspect the truncated check_deps implementation.
- The script's path validation is lax: it will operate on any directory you pass it. Only run it against explicit skill directories (e.g., under ~/.openclaw/skills/) and never point it at home, /etc, or other sensitive locations.
- Attestations are unsigned SHA-256 manifests (the code warns about this). They detect accidental file changes but are not tamper-proof — if you need secure attestations, require HMAC or digital signatures with keys stored outside the skill filesystem.
- Review the remainder of scripts/trust_verifier.py (the truncated check_deps and any network/HTTP calls) before use; if those functions perform network requests or send attestation data externally, re-evaluate risks and consider sandboxing the tool.
- As a precaution: run the script in a restricted environment or container, and inspect/read the code fully. If you want the documented external signals, request or inspect an implementation that explicitly and safely queries those sources (with clear hostnames and no opaque endpoints).
功能分析
Type: OpenClaw Skill
Name: arc-trust-verifier
Version: 1.1.0
The skill `arc-trust-verifier` is suspicious due to a critical path traversal vulnerability in `scripts/trust_verifier.py`. The `_validate_skill_path` function uses `os.path.realpath` but fails to verify that the resolved path remains within the intended `~/.openclaw/skills/` directory. This allows an attacker to supply arbitrary filesystem paths (e.g., `/etc`, `~/.ssh`) via the `--path` argument, leading to local file disclosure as the skill will then read, hash, and potentially analyze the content of files in these unintended locations. While the skill's purpose is to verify other skills, this flaw allows it to be weaponized for unauthorized access to sensitive system files.
能力评估
Purpose & Capability
The SKILL.md describes multi-source trust signals (publisher reputation, community mentions, dependency trust chains). The included script implements local checks (manifest, hashes, file-size, simple suspicious-pattern scanning, unsigned attestation) but does not implement network-based reputation or community lookups in the visible code, so the documented capability set is overstated.
Instruction Scope
Runtime instructions tell the agent to run the script against a skill path (e.g., ~/.openclaw/skills/some-skill/), which is reasonable. However, the script's _validate_skill_path only checks that the path is a directory (it comments it must be under ~/.openclaw/skills but does not enforce that), so the tool can be pointed at and will read/hash any directory the invoking user grants it access to. That increases risk of accidental exposure of sensitive files if misused. The script reads all files (and prints/writes hashes) and will write attestations to arbitrary output paths, which could overwrite files.
Install Mechanism
Instruction-only with a Python script and no install spec — requires only python3 on PATH. No external installers or archive downloads observed in the provided files.
Credentials
The skill requires no environment variables or credentials. The data it needs (skill filesystem contents) is proportional to its stated local analysis purpose. No unrelated secrets are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent elevated privileges or modify other skills. Autonomous invocation is allowed by default but not combined here with broad credential access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install arc-trust-verifier - 安装完成后,直接呼叫该 Skill 的名称或使用
/arc-trust-verifier触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
arc-trust-verifier 1.1.0
- Updated scripts/trust_verifier.py with new changes.
- No updates to documentation or user-facing commands.
- Core functionality and trust criteria remain unchanged.
v1.0.0
Initial release of trust-verifier skill.
- Assess trustworthiness of ClawHub skills based on publisher, version history, content integrity, and dependencies.
- Generate, verify, and manage trust attestations for skills.
- Inspect dependency trust chains for enhanced security analysis.
- Provides clear trust levels: VERIFIED, TRUSTED, UNKNOWN, SUSPICIOUS, UNTRUSTED.
- User-invocable; requires Python 3 on Darwin or Linux.
元数据
常见问题
Trust Verifier 是什么?
Verify skill provenance and build trust scores for ClawHub skills. Checks publisher history, version consistency, dependency trust chains, and generates trus... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1487 次。
如何安装 Trust Verifier?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install arc-trust-verifier」即可一键安装,无需额外配置。
Trust Verifier 是免费的吗?
是的,Trust Verifier 完全免费(开源免费),可自由下载、安装和使用。
Trust Verifier 支持哪些平台?
Trust Verifier 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Trust Verifier?
由 ArcSelf(@trypto1019)开发并维护,当前版本 v1.1.0。
推荐 Skills