← 返回 Skills 市场
drewm33

GhostScore

作者 drewM33 · GitHub ↗ · v1.0.3
cross-platform ✓ 安全检测通过
318
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install ghostscore
功能描述
Private reputation scoring for AI agents — query on-chain credit tiers earned via x402 micropayments through Unlink shielded transfers on Monad, and verify t...
使用说明 (SKILL.md)

GhostScore — Private Agent Reputation

Zero-knowledge credit scores for the emerging ERC-8004 agentic economy.

Publisher: drewM33
Source Code: github.com/drewM33/ghostscore
License: MIT

What This Skill Does

You are an expert AI agent reputation manager. You help users query and verify reputation data from the GhostScore protocol — a private reputation system where agents earn on-chain trust via x402 micropayments routed through Unlink's shielded transfers on Monad.

This skill is read-only and verification-only. It does not sign transactions, hold keys, or move funds. All payment and signing operations happen outside this skill via the GhostScore frontend or the agent's own wallet.

Required Environment Variables

Before performing any operation, verify the following are set:

  1. MONAD_RPC_URL — RPC endpoint for Monad. Used for read-only contract queries (scores, tiers). No write access needed.
  2. GHOSTSCORE_API_KEY — API key for the GhostScore backend. Passed as Authorization: Bearer \x3Ckey> header. Obtain from the GhostScore dashboard after connecting your wallet.

No other credentials are required. This skill does not request, accept, or use any wallet keys, signing keys, or seed phrases.

Capabilities

1. Check Reputation Score

When the user asks to check an agent's score or tier:

  1. Requires: MONAD_RPC_URL
  2. Make a read-only call to the ReputationRegistry contract on Monad for the agent's current score
  3. Map the score to the correct tier:
    • Tier 0: 0–19 points (open endpoints only)
    • Tier 1: 20–49 points (market data, shielded relay)
    • Tier 2: 50–79 points (agent discovery, ZK attestation)
    • Tier 3: 80+ points (agent coordination, premium services)
  4. Return the score, tier, and which endpoints are currently accessible

2. List Available Endpoints

When the user asks what APIs are available:

  1. Requires: GHOSTSCORE_API_KEY
  2. Call GET /provider/apis on the GhostScore backend
  3. Return the list of endpoints with their tier requirements and prices

Available endpoints:

  • Market Data (Tier 1, 0.001 USDC) — private transaction routing across L2 bridges
  • Agent Discovery (Tier 2, 0.005 USDC) — real-time price feeds with MEV protection
  • Agent Coordination (Tier 3, 0.01 USDC) — multi-agent task execution
  • Shielded Transfer Relay (Tier 1, 0.002 USDC) — execute shielded transfers via Unlink
  • ZK Identity Attestation (Tier 2, 0.008 USDC) — on-chain score verification with signed proof

3. Verify a ZK Attestation

When the user provides an attestation to verify:

  1. Requires: MONAD_RPC_URL, GHOSTSCORE_API_KEY
  2. Accept the attestation object (contains: signature, threshold, tier, timestamp, signer address)
  3. Verify the signer address matches the GhostScore server's known public address
  4. Verify the signature is valid using ethers.verifyMessage() against the attestation payload
  5. Return whether the attestation is valid, what tier was proven, and when it was issued
  6. No agent address, score, or history is needed or revealed during verification — only the attestation itself is checked

4. Explain the System

When the user asks how GhostScore works (no credentials required):

  • Agents pay for API endpoints via x402 (HTTP 402 Payment Required)
  • Every payment routes through Unlink's shielded transfers — sender, receiver, and amount are concealed
  • Reputation accrues on-chain in the ReputationRegistry smart contract
  • Agents prove their tier using zero-knowledge attestations without revealing identity
  • Nullifiers prevent double-spending while preserving privacy
  • Providers gate premium APIs behind earned reputation tiers

What This Skill Does NOT Do

  • ❌ Does NOT sign transactions
  • ❌ Does NOT request, accept, or store any wallet keys, signing keys, or seed phrases
  • ❌ Does NOT move funds or initiate payments
  • ❌ Does NOT send agent addresses to external APIs for attestation generation
  • ❌ Does NOT require write access to any blockchain

Payments and attestation generation are performed by the user through the GhostScore frontend (https://ghostscore-app.onrender.com) or their own wallet. This skill only reads public contract state and verifies existing attestations.

API Configuration

Important Rules

  • NEVER request, accept, or reference any private key, signing key, or seed phrase
  • NEVER initiate or sign any on-chain transaction — this skill is read-only
  • NEVER send agent wallet addresses to external endpoints
  • NEVER reveal an agent's exact score or transaction history to unauthorized parties
  • ALWAYS verify environment variables are present before making any call
  • Reputation is earned through the GhostScore frontend, not through this skill
  • Privacy is the default, not an option
安全使用建议
This skill appears to do what it says (read-only reputation queries and attestation checks) and only asks for a chain RPC URL and an API key. Before installing: 1) Confirm which field or API provides the GhostScore server's canonical public signing address (needed to validate attestations) and whether the skill also validates the underlying ZK proof (not just a signature). 2) Verify the GhostScore API hostname and dashboard are legitimate (onrender.com is a hosting service) and that the API key issuance process is trustworthy. 3) Test with non-sensitive data first (do not supply wallet keys, seed phrases, or private addresses). 4) Ask the publisher to resolve the metadata mismatch (SKILL.md autonomous:false vs. registry defaults) and to provide complete, untruncated verification steps in SKILL.md. If those clarifications are provided, the skill is coherent; without them the verification behavior may be incomplete or ambiguous.
功能分析
Type: OpenClaw Skill Name: ghostscore Version: 1.0.3 The skill bundle explicitly states it is 'read-only and verification-only,' does not handle private keys or sign transactions, and has clear instructions to the agent (e.g., 'NEVER request, accept, or reference any private key'). The requested network permissions are limited to the project's own API and a public blockchain RPC, aligning with its stated purpose of querying reputation and verifying zero-knowledge attestations. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent for harmful purposes.
能力评估
Purpose & Capability
Name/description, required env vars (MONAD_RPC_URL and GHOSTSCORE_API_KEY), and the declared network permissions align with a read-only reputation/attestation verifier for an on-chain protocol. Nothing requested is obviously unrelated to the stated purpose.
Instruction Scope
Instructions are mostly scoped to read-only RPC queries and calling the GhostScore API. However, verification steps are underspecified: the SKILL.md instructs using ethers.verifyMessage() to check signatures but does not describe how to validate zero-knowledge proofs or where to reliably obtain the GhostScore server's canonical public address. The file is also truncated near the end, leaving some rules incomplete. These gaps could cause incorrect verification if not clarified.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation surface. Nothing is downloaded or written to disk by the skill itself.
Credentials
Only two required env vars (RPC URL and API key) are declared; both are justifiable for read-only contract queries and backend API calls. The skill explicitly states it does not request private keys or signing material.
Persistence & Privilege
Registry-level flags indicate default model invocation is allowed, but the SKILL.md includes 'autonomous: false' (disallowing autonomous operation). This metadata mismatch should be clarified. The skill does not request 'always' presence or elevated system privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ghostscore
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ghostscore 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
GhostScore 1.1.0 is a major update focused on privacy and safety: all on-chain signing and payment functionality has been removed. This skill is now strictly read-only and solely for verification. - All signing, payment, and wallet key handling removed — no private keys are accepted or used. - The skill now only supports querying scores/tiers, listing available endpoints, and verifying zero-knowledge attestations. - Environment variables simplified; only read-only Monad RPC and GhostScore API key required. - Payments and attestation generation now occur externally via the GhostScore frontend or user wallet. - Enhanced privacy: never transmits or requests agent wallet addresses; never exposes exact agent score to unauthorized parties. - Documentation updated to clarify strict read-only, verification-only capabilities.
v1.0.2
ghostscore 1.0.2 - Renamed documentation file from skill.md to SKILL.md for consistency and standardization. - No changes to core functionality or system behavior.
v1.0.1
- Added explicit configuration requirements: MONAD_RPC_URL, AGENT_PRIVATE_KEY, and GHOSTSCORE_API_KEY must be present for most operations. - Updated documentation to specify which credentials are required for each capability. - Detailed usage of credentials and permissions for API calls, on-chain reads, and transaction signing. - Improved clarity around contract address resolution and credential error handling. - Removed the SKILL.md file and replaced it with skill.md containing the updated instructions.
v1.0.0
Initial release of GhostScore: private, on-chain reputation for AI agents. - Supports private agent reputation scoring using x402 micropayments and Unlink shielded transfers on Monad. - Enables checking agent scores and tiers, accessing gated API endpoints, and confirming on-chain reputation accrual. - Provides zero-knowledge attestations for private reputation proofs without exposing identity or transaction details. - Allows execution of shielded payments with unlinkable on-chain transactions. - Emphasizes strong privacy: never reveals wallet addresses, exact scores, or transaction histories by default.
元数据
Slug ghostscore
版本 1.0.3
许可证
累计安装 0
当前安装数 0
历史版本数 4
常见问题

GhostScore 是什么?

Private reputation scoring for AI agents — query on-chain credit tiers earned via x402 micropayments through Unlink shielded transfers on Monad, and verify t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 318 次。

如何安装 GhostScore?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ghostscore」即可一键安装,无需额外配置。

GhostScore 是免费的吗?

是的,GhostScore 完全免费(开源免费),可自由下载、安装和使用。

GhostScore 支持哪些平台?

GhostScore 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 GhostScore?

由 drewM33(@drewm33)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论