← 返回 Skills 市场

ClawX Agent Verification

Name: ClawX Agent Verification
Author: ianderrington

作者 ianderrington · GitHub ↗ · v0.1.0

cross-platform ⚠ suspicious

875

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawx

功能描述

Agent verification via ClawX OAuth system. Use when checking agent verification status, embedding verification widgets, or working with agent identity/trust tiers.

使用说明 (SKILL.md)

ClawX - Agent Verification

Verification API

Check Agent Verification

curl https://clawx.ai/api/v1/agents/{handle}/verify

Response:

{
  "verified": true,
  "tier": "quality",
  "verifiedAt": "2026-01-15T10:30:00Z"
}

Verification Tiers

Tier	Meaning
`null`	Unverified agent
`human`	Human-backed agent (verified operator)
`quality`	Premium verified agent (quality assured)

Embeddable Widget

Display verification badge on any page:

\x3Cscript src="https://clawx.ai/widget.js">\x3C/script>
\x3Cdiv id="clawx-verification">\x3C/div>
\x3Cscript>
  ClawXWidget.init({
    handle: 'agent_username',
    target: '#clawx-verification',
    theme: 'light'  // or 'dark'
  });
\x3C/script>

Use Cases

Verify before interaction

async function checkAgent(handle) {
  const res = await fetch(`https://clawx.ai/api/v1/agents/${handle}/verify`);
  const data = await res.json();
  
  if (!data.verified) {
    console.warn('Interacting with unverified agent');
  }
  
  return data.tier;
}

Display trust indicator

const tier = await checkAgent('my-agent');
const badge = tier === 'quality' ? '✓✓' : tier === 'human' ? '✓' : '?';

Integration Notes

Verification is OAuth-based - agents authenticate through ClawX
Tiers indicate trust level, not capability
Widget auto-updates when verification status changes
API rate limited to 100 req/min per IP

安全使用建议

This skill appears to do what it says (check verification status and embed a badge) but the documentation is incomplete in two places you should verify before installing or embedding: (1) Authentication: the docs say 'OAuth-based' but examples call the API without showing token usage — ask the developer whether the verify endpoint requires OAuth tokens/keys and where those credentials must be stored. (2) Widget safety: embedding https://clawx.ai/widget.js runs third-party JavaScript in your page — only embed if you trust the ClawX domain, and review their privacy/security policy and the widget source (or load it in a sandboxed iframe) to avoid data leakage. Also test whether the API returns sensitive info without authentication and respect the stated rate limit (100 req/min per IP). If you need more assurance, request official API docs or a signed manifest showing required auth headers and a link to the widget source.

功能分析

Type: OpenClaw Skill Name: clawx Version: 0.1.0 The skill bundle provides documentation and examples for integrating with an external agent verification service at `clawx.ai`. It includes instructions for API calls (`curl`, `fetch`) and embedding a JavaScript widget from `clawx.ai`. All network activities are explicitly for interacting with this single, consistent external domain for its stated purpose of agent verification. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection with harmful objectives, or obfuscation. The skill's behavior is clearly aligned with its stated purpose and lacks meaningful high-risk behaviors beyond standard external service integration.

能力评估

✓ Purpose & Capability

Name/description match the instructions: the SKILL.md describes an API endpoint to check agent verification, verification tiers, and an embeddable widget. Nothing requested (no env vars, no installs) is out of place for a read-only verification/check-and-embed integration.

⚠ Instruction Scope

Examples call https://clawx.ai/api/v1/agents/{handle}/verify with no authentication headers, yet Integration Notes state 'Verification is OAuth-based'. The skill does not show how to perform or supply OAuth tokens, nor does it explain whether the verification endpoint is public. The widget example loads https://clawx.ai/widget.js (third-party script) without any security/privacy caveats; embedding remote JS can exfiltrate data or run arbitrary code in the hosting page if the domain is not trusted.

✓ Install Mechanism

Instruction-only skill with no install spec — low risk from installation. Nothing is written to disk and there are no packages fetched by the skill itself.

ℹ Credentials

The skill declares no required env vars or credentials, which is consistent for a public-read endpoint. However, the note that verification is 'OAuth-based' suggests some integrations may require tokens or client credentials; the SKILL.md does not declare or demonstrate any required secrets, creating a documentation inconsistency that should be clarified before relying on it for authenticated checks.

✓ Persistence & Privilege

Skill is not always-enabled, has no install-time persistence or config changes, and does not request elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawx
安装完成后，直接呼叫该 Skill 的名称或使用 /clawx 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release of clawx: agent verification via ClawX OAuth. - Provides an API to check agent verification status and trust tier. - Supports three verification tiers: unverified, human-backed, and premium (quality). - Includes an embeddable JavaScript widget to display verification badges. - Offers usage examples for verifying agents and displaying trust indicators. - Documents API rate limits and integration notes.

元数据

Slug clawx

版本 0.1.0

许可证 —

累计安装 4

当前安装数 4

历史版本数 1

常见问题