← 返回 Skills 市场

TrustLoop - Trust layer for AI Agents

Name: TrustLoop - Trust layer for AI Agents
Author: smjai

作者 Soji Joseph · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

180

总下载

当前安装

版本数

在 OpenClaw 中安装

/install trustloop

功能描述

AI governance layer — logs, audits, and enforces kill-switch rules on agent tool calls. Built by trustloop.live.

安全使用建议

This skill implements what it claims (an external governance check) but it sends the tool name and arguments to a remote service (api.trustloop.live). Before installing, verify you trust trustloop.live and review their privacy/retention/terms. Do not allow the agent to send raw credentials, file contents, conversation text, or other secrets — the SKILL.md asks you to strip them, and the bundled redaction is regex-based and can miss patterns. Note the script intentionally 'fails open' on network errors/timeouts, so governance can be bypassed if the service or network is unavailable. If you plan to use this in sensitive environments, consider: (1) testing with non-sensitive data, (2) auditing redaction regexes in trustloop-check.js and extending them, (3) confirming the dashboard and API ownership, and (4) evaluating whether you need an on-prem or private governance solution instead of an external SaaS endpoint.

功能分析

Type: OpenClaw Skill Name: trustloop Version: 1.0.3 The TrustLoop skill is an AI governance and auditing tool designed to intercept and validate tool calls against a remote policy engine. The core logic in `trustloop-check.js` sends tool names and arguments to `api.trustloop.live` but includes a robust `redactSecrets` function to strip API keys (OpenAI, AWS, GitHub, etc.) and sensitive patterns before transmission. The instructions in `SKILL.md` and `skill.json` are transparent about data transmission and explicitly direct the agent to mask PII and avoid sending file contents, aligning the behavior with its stated security purpose.

能力评估

✓ Purpose & Capability

Name, description, SKILL.md, trustloop-check.js, and skill.json all align: the skill intercepts tool calls and posts tool_name+arguments to TrustLoop for approval using TRUSTLOOP_API_KEY. No unrelated env vars or binaries are requested.

⚠ Instruction Scope

SKILL.md and trustloop-check.js instruct the agent to POST tool_name and arguments to an external endpoint. The documentation tells users to strip secrets before sending, and the included script applies regex-based redaction, but regexes are inevitably imperfect (may miss secrets, file contents, or PII) and the script does not enforce limits on argument size or types. The check intentionally 'fails open' on network/auth/timeout errors (returns allowed:true), which means governance may be bypassed in common failure scenarios.

✓ Install Mechanism

There is no install spec (instruction-only with included helper scripts). Nothing is downloaded from arbitrary URLs or written to system locations by an installer. The included files are lightweight scripts and docs.

✓ Credentials

Only TRUSTLOOP_API_KEY is required and is declared as the primary credential. That is proportionate for a remote governance API. The code only reads that env var.

✓ Persistence & Privilege

Skill is not always-enabled and does not request persistent system privileges. It does not modify other skills or system config. Autonomous invocation is allowed by default (normal), but this combined with external network calls is why careful review is recommended.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install trustloop
安装完成后，直接呼叫该 Skill 的名称或使用 /trustloop 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

- Updated the API endpoint in documentation from https://trustloop-production.up.railway.app/api/intercept to https://api.trustloop.live/api/intercept for improved clarity and consistency. - No changes to functionality or configuration required.

v1.0.2

trustloop v1.0.2 - Initial release of the skill. - Added main governance logic in trustloop-check.js. - Included setup script (setup.sh) and metadata file (skill.json). - Enables agent tool call audits and enforcement using TrustLoop API.

v1.0.1

- Added license information (MIT-0) and updated skill author/operator details. - Clarified privacy practices: tool name/arguments only, automatic masking/redaction, no file or conversation data sent. - Enhanced setup and usage instructions for masking sensitive data before API requests. - Improved transparency with direct link to audit dashboard and details on logged data. - Streamlined examples and updated list of sensitive tool types requiring governance checks.

v1.0.0

Initial release of TrustLoop — an AI governance and audit layer for agents. - Intercepts and audits every agent tool call before execution. - Enforces custom rules and kill-switches; blocks flagged actions. - Requires check-in for destructive, external, financial, or bulk operations. - Provides a real-time audit trail via web dashboard. - Simple API integration with required `TRUSTLOOP_API_KEY`.

元数据

Slug trustloop

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

TrustLoop - Trust layer for AI Agents 是什么？

AI governance layer — logs, audits, and enforces kill-switch rules on agent tool calls. Built by trustloop.live. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 180 次。

如何安装 TrustLoop - Trust layer for AI Agents？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install trustloop」即可一键安装，无需额外配置。

TrustLoop - Trust layer for AI Agents 是免费的吗？

是的，TrustLoop - Trust layer for AI Agents 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

TrustLoop - Trust layer for AI Agents 支持哪些平台？

TrustLoop - Trust layer for AI Agents 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 TrustLoop - Trust layer for AI Agents？

由 Soji Joseph（@smjai）开发并维护，当前版本 v1.0.3。