跳至主要内容
小龙虾小龙虾AI
🤖

Trust Verifier

Verify skill provenance and build trust scores for ClawHub skills. Checks publisher history, version consistency, dependency trust chains, and generates trus...

下载551
星标0
版本1.1.0
安全合规
安全通过
⚙️脚本

技能说明

name: trust-verifier description: Verify skill provenance and build trust scores for ClawHub skills. Checks publisher history, version consistency, dependency trust chains, and generates trust attestations. user-invocable: true metadata: {"openclaw": {"emoji": "🔑", "os": ["darwin", "linux"], "requires": {"bins": ["python3"]}}}

Trust Verifier

Trust, but verify. Assess the trustworthiness of a ClawHub skill by analyzing its publisher, history, dependencies, and consistency.

Why This Exists

Security scanning catches known malicious patterns. But what about skills that are technically clean but published by unknown authors, have inconsistent version histories, or depend on untrusted packages? Trust Verifier fills the gap between "no vulnerabilities detected" and "safe to install."

Commands

Assess trust for a skill directory

python3 {baseDir}/scripts/trust_verifier.py assess --path ~/.openclaw/skills/some-skill/

Generate a trust attestation

python3 {baseDir}/scripts/trust_verifier.py attest --path ~/.openclaw/skills/some-skill/ --output trust.json

Verify an existing attestation

python3 {baseDir}/scripts/trust_verifier.py verify --attestation trust.json --path ~/.openclaw/skills/some-skill/

Check dependency trust chain

python3 {baseDir}/scripts/trust_verifier.py deps --path ~/.openclaw/skills/some-skill/

Trust Signals

  • Publisher reputation: Known vs unknown publisher, account age, skill count
  • Version consistency: Do updates match expected patterns? Sudden permission changes?
  • Content integrity: SHA-256 hashes of all files, reproducible builds
  • Dependency chain: Are dependencies from trusted sources?
  • Community signals: Moltbook mentions, upvotes, known endorsements

Trust Levels

  • VERIFIED — Meets all trust criteria, attestation valid
  • TRUSTED — Most signals positive, minor gaps
  • UNKNOWN — Insufficient data to assess trust
  • SUSPICIOUS — One or more trust signals failed
  • UNTRUSTED — Multiple trust failures, do not install

如何使用「Trust Verifier」?

  1. 打开小龙虾AI(Web 或 iOS App)
  2. 点击上方「立即使用」按钮,或在对话框中输入任务描述
  3. 小龙虾AI 会自动匹配并调用「Trust Verifier」技能完成任务
  4. 结果即时呈现,支持继续对话优化

相关技能

🤖
Skill Security Scanner

Scan OpenClaw skills for security risks, suspicious permissions, and provide a trust score to help evaluate skill safety before use or installation.

364 下载general🔗 API
🤖
security-skiil-scanner

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...

49 下载安全合规🔗 API
🤖
Skill Vetting

Vet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing w...

6.1k 下载安全合规⚙️ 脚本
🤖
ClawScan

Security scanner for ClawHub skills. Vet third-party skills before installation — detect dangerous patterns, suspicious code, and risky dependencies.

2.4k 下载general⚙️ 脚本
🤖
Skill Auditor Pro

审查 ClawHub skills 的安全性,检测恶意代码、可疑模式和社工攻击。在安装任何第三方 skill 前使用此工具进行安全检查。

1.3k 下载安全合规
🤖
Clawhub Search & Verify

Safely search and review Clawhub skills by keyword, showing details and risk before asking for explicit approval to install.

407 下载效率工具💬 Prompt