{ "schemaVersion": "1.0", "item": { "slug": "agent-passport", "name": "Agent Passport", "source": "tencent", "type": "skill", "category": "效率提升", "sourceUrl": "https://clawhub.ai/markneville/agent-passport", "canonicalUrl": "https://clawhub.ai/markneville/agent-passport", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agent-passport", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-passport", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "TRADEMARK.md", "_meta.json", "agents/openai.yaml", "references/mandates.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agent-passport" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agent-passport", "agentPageUrl": "https://openagent3.xyz/skills/agent-passport/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-passport/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-passport/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "30-Second Setup", "body": "# Initialize and register your agent\n./mandate-ledger.sh init agent:my-assistant \"Your Name\" \"personal assistant\" \"openclaw\"\n\n# Grant dev tool access (git, npm, docker, etc.)\n./mandate-ledger.sh create-from-template dev-tools\n\n# That's it! The agent will now check permissions before sensitive actions.\n\nTemplates available: dev-tools · email-team · file-ops · web-research · safe-browsing · coding · email-assistant · read-only · full-auto\nRun ./mandate-ledger.sh templates to see all options." }, { "title": "⚡ Agent Behavioral Contract", "body": "If you are an agent reading this skill, these are your rules. Follow them." }, { "title": "When to Check", "body": "Before performing ANY of these actions, you MUST call check-action first:\n\nActionCategoryExample targetRunning a shell commandsystem\"git pull\", \"npm install\"Sending a message/emailcommunication\"bob@company.com\"Writing/deleting a filedata\"/path/to/file.txt\"Making an API call with side effectsexternal_api\"api.github.com\"Spending moneyfinancial\"merchant_amazon\" with amountActing publicly as the useridentity\"twitter_post\"\n\nYou do NOT need to check: reading files, web searches, internal reasoning, or anything with no side effects." }, { "title": "How to Check", "body": "SCRIPT_DIR=\"$HOME/.openclaw/skills/agent-passport/scripts\"\n\nresult=$($SCRIPT_DIR/mandate-ledger.sh check-action \"\" \"\" \"\" [amount])\n\nParse the result:\n\nauthorized: true → proceed, then log the action afterward\nauthorized: false → STOP. Ask the user.\nIf response includes kill_switch: true or reason Kill switch engaged → STOP immediately and ask user to run mandate-ledger.sh unlock" }, { "title": "The Flow", "body": "1. You want to do something sensitive\n2. Call check-action\n3. IF authorized:\n a. Do the thing\n b. Log it: mandate-ledger.sh log-action \"\"\n4. IF denied:\n a. Tell the user what you want to do and why\n b. Suggest a mandate (show scope, duration, constraints)\n c. Wait for approval\n d. If approved, create the mandate, then proceed" }, { "title": "How to Ask for Permission", "body": "When denied, present it clearly and concisely:\n\nI need to [ACTION] but don't have a mandate for it.\n\n📋 [CATEGORY]: [what you want to do]\n🎯 Target: [specific target]\n⏰ Suggested duration: [reasonable TTL]\n\nWant me to set this up? I can also create a broader mandate if you'd\nprefer (e.g., all emails to @company.com for 30 days).\n\nDO NOT:\n\nBypass the check and do it anyway\nAsk repeatedly for the same thing if denied\nCreate mandates yourself without user approval\nPretend you checked when you didn't\n\nDO:\n\nSuggest templates when appropriate (\"Want me to set up dev-tools?\")\nBatch similar requests (\"I'll need to run several git commands — want a dev-tools mandate?\")\nLog every action after completion\nMention remaining limits when relevant (\"3/20 daily emails used\")" }, { "title": "First-Time Setup", "body": "If check-action returns \"hint\": \"templates\", the ledger is empty. Guide the user:\n\nAgent Passport isn't set up yet. It takes 30 seconds:\n\n mandate-ledger.sh init agent:me \"Your Name\" \"assistant\" \"openclaw\"\n mandate-ledger.sh create-from-template dev-tools\n\nWant me to run this for you?" }, { "title": "Logging Actions", "body": "After every authorized action, log it:\n\n$SCRIPT_DIR/mandate-ledger.sh log-action \"\" \"\"\n\nFor financial: amount = dollars spent\nFor everything else: amount = 1\nDescription should be human-readable: \"Sent email to bob@company.com re: Q1 report\"" }, { "title": "Kill Switch Behavior", "body": "If the user engages the kill switch, all operations are frozen until unlocked.\n\n./mandate-ledger.sh kill \"user requested freeze\"\n./mandate-ledger.sh unlock\n\nAgent behavior when kill switch is active:\n\nDo not attempt sensitive actions\nDo not retry check-action in a loop\nTell user operations are blocked and request explicit unlock" }, { "title": "Overview", "body": "Agent Passport provides a consent layer for agent autonomy. Instead of all-or-nothing permissions, users grant mandates with specific constraints:\n\n\"I authorize this agent to [ACTION] with [CONSTRAINTS] until [EXPIRY]\"\n\nThis isn't just about purchases — it's consent-gating for all sensitive actions." }, { "title": "Action Categories", "body": "CategoryExamplesTypical ConstraintsfinancialPurchases, transfers, subscriptionsSpending cap, merchant allowlistcommunicationEmails, messages, tweets, postsRecipient allowlist, rate limitdataDelete files, edit docs, DB writesPath allowlist, require backupsystemShell commands, installs, configsCommand allowlist, no sudoexternal_apiThird-party API callsService allowlist, rate limitidentityPublic actions \"as\" the userHuman review required" }, { "title": "Wildcard Patterns", "body": "Allowlists and deny lists support three wildcard styles:\n\nPatternMatchesExampleprefix *Anything starting with prefixgit * → git pull, git status*.suffixAnything ending with suffix*.env → config.env, .env*middle*Anything containing middle*/.git/* → repo/.git/config*@domainEmail domain match*@company.com → bob@company.comexactExact match onlyapi.github.com" }, { "title": "Modes", "body": "Local mode (default): Mandates stored in ~/.openclaw/agent-passport/. Free tier is fully offline. Pro tier makes periodic API calls to api.agentpassportai.com for license validation and threat definition updates.\nPreview mode: No storage, no network. Generates validated payloads and curl templates.\nLive mode (roadmap): Future connection to Agent Bridge backend for multi-agent sync and compliance. Not yet implemented." }, { "title": "Quick Start Commands", "body": "# Initialize with identity\n./mandate-ledger.sh init [scope] [provider]\n\n# Templates (auto-detects agent if registered)\n./mandate-ledger.sh templates\n./mandate-ledger.sh create-from-template dev-tools\n./mandate-ledger.sh create-from-template email-team \n./mandate-ledger.sh create-from-template file-ops \n./mandate-ledger.sh create-from-template web-research\n./mandate-ledger.sh create-from-template safe-browsing\n./mandate-ledger.sh create-from-template coding\n./mandate-ledger.sh create-from-template email-assistant\n./mandate-ledger.sh create-from-template read-only\n./mandate-ledger.sh create-from-template full-auto\n\n# Quick create (human-friendly durations: 7d, 24h, 30m)\n./mandate-ledger.sh create-quick [amount_cap]\n\n# Check & log\n./mandate-ledger.sh check-action [amount]\n./mandate-ledger.sh log-action \"\"\n\n# Audit\n./mandate-ledger.sh audit [limit]\n./mandate-ledger.sh summary\n\n# Threat definitions\n./mandate-ledger.sh init-definitions\n./mandate-ledger.sh update-definitions\n./mandate-ledger.sh definitions-status" }, { "title": "Quick Start", "body": "init [agent_id] [principal] [scope] [provider]\n # Initialize ledger, optionally register agent\ntemplates # List available templates\ncreate-from-template # Create mandate from template\n [agent_id] [args...]\ncreate-quick # Create with positional args\n \n [amount_cap]" }, { "title": "Mandate Lifecycle", "body": "create # Create mandate (include action_type)\ncreate-with-kya # Create with auto-attached agent KYA\nget # Get mandate by ID\nlist [filter] # List mandates (all|active|revoked|)\nrevoke [why] # Revoke a mandate" }, { "title": "Authorization", "body": "check-action [amount]\n # Check if action is authorized\nlog-action [description]\n # Log action against mandate\nkill # Engage kill switch and freeze execution\nunlock # Disengage kill switch" }, { "title": "Audit & Reporting", "body": "audit [limit] # Show recent audit entries\naudit-mandate # Show audit for specific mandate\naudit-summary [since] # Summary by action type\nsummary # Show overall ledger stats\nexport # Export full ledger as JSON" }, { "title": "Threat Definitions", "body": "init-definitions # Write bundled threat-definitions.json to LEDGER_DIR\nupdate-definitions # Refresh definitions (Pro: API pull, Free: bundled copy)\n [--force] [--offline]\ndefinitions-status # Show version, pattern counts, and last update" }, { "title": "KYA (Know Your Agent)", "body": "kya-register [provider]\nkya-get \nkya-list\nkya-revoke [why]" }, { "title": "Mandate Structure", "body": "{\n \"mandate_id\": \"mandate_1770412575_3039e369\",\n \"action_type\": \"communication\",\n \"agent_id\": \"agent:my-assistant\",\n \"scope\": {\n \"allowlist\": [\"*@mycompany.com\", \"bob@partner.com\"],\n \"deny\": [\"*@competitor.com\"],\n \"rate_limit\": \"20/day\",\n \"kya\": { \"status\": \"verified\", \"verified_principal\": \"Mark\" }\n },\n \"amount_cap\": null,\n \"ttl\": \"2026-02-13T00:00:00Z\",\n \"status\": \"active\",\n \"usage\": { \"count\": 5, \"total_amount\": 0 },\n \"created_at\": \"2026-02-06T22:00:00Z\"\n}" }, { "title": "Agent Bridge (Future Roadmap)", "body": "Note: Free tier is fully local with no network calls. Pro tier (AGENT_PASSPORT_LICENSE_KEY set) makes periodic HTTPS calls to api.agentpassportai.com for license validation and threat definition updates. No usage data or scan results are transmitted. Agent Bridge is a planned future service.\n\nLocal mode handles single-user, single-agent scenarios. A future Agent Bridge service would add:\n\nMulti-agent coordination — prevent overlapping mandates\nCross-device sync — same mandates everywhere\nOrganization policies — IT guardrails, user customization within\nCompliance reporting — audit exports for regulatory needs\nMerchant/service registry — verified vendors, trust scores\n\nExport local ledger anytime: ./mandate-ledger.sh export > backup.json" }, { "title": "Configuration (OpenClaw)", "body": "{\n \"skills\": {\n \"entries\": {\n \"agent-passport\": {\n \"env\": {\n \"AGENT_PASSPORT_LOCAL_LEDGER\": \"true\"\n },\n \"config\": {\n \"default_currency\": \"USD\",\n \"default_ttl_minutes\": 60,\n \"confirm_threshold_amount\": 50\n }\n }\n }\n }\n}" }, { "title": "Storage", "body": "All data stored locally in ~/.openclaw/agent-passport/:\n\nmandates.json — mandate ledger\nagents.json — KYA registry\naudit.json — action audit trail\nthreat-definitions.json — active threat pattern definitions\nthreat-definitions.bak — previous definitions backup\n.threat-meta.json — last update/version/source metadata" }, { "title": "Safety", "body": "Never leak secrets into prompts, logs, or outputs\nMandates constrain actions, but don't prevent all misuse\nAudit trail provides accountability, not prevention\nUse KYA to verify agent identity before granting broad mandates" } ], "body": "Agent Passport (OpenClaw)\n30-Second Setup\n# Initialize and register your agent\n./mandate-ledger.sh init agent:my-assistant \"Your Name\" \"personal assistant\" \"openclaw\"\n\n# Grant dev tool access (git, npm, docker, etc.)\n./mandate-ledger.sh create-from-template dev-tools\n\n# That's it! The agent will now check permissions before sensitive actions.\n\n\nTemplates available: dev-tools · email-team · file-ops · web-research · safe-browsing · coding · email-assistant · read-only · full-auto Run ./mandate-ledger.sh templates to see all options.\n\n⚡ Agent Behavioral Contract\n\nIf you are an agent reading this skill, these are your rules. Follow them.\n\nWhen to Check\n\nBefore performing ANY of these actions, you MUST call check-action first:\n\nAction\tCategory\tExample target\nRunning a shell command\tsystem\t\"git pull\", \"npm install\"\nSending a message/email\tcommunication\t\"bob@company.com\"\nWriting/deleting a file\tdata\t\"/path/to/file.txt\"\nMaking an API call with side effects\texternal_api\t\"api.github.com\"\nSpending money\tfinancial\t\"merchant_amazon\" with amount\nActing publicly as the user\tidentity\t\"twitter_post\"\n\nYou do NOT need to check: reading files, web searches, internal reasoning, or anything with no side effects.\n\nHow to Check\nSCRIPT_DIR=\"$HOME/.openclaw/skills/agent-passport/scripts\"\n\nresult=$($SCRIPT_DIR/mandate-ledger.sh check-action \"\" \"\" \"\" [amount])\n\n\nParse the result:\n\nauthorized: true → proceed, then log the action afterward\nauthorized: false → STOP. Ask the user.\nIf response includes kill_switch: true or reason Kill switch engaged → STOP immediately and ask user to run mandate-ledger.sh unlock\nThe Flow\n1. You want to do something sensitive\n2. Call check-action\n3. IF authorized:\n a. Do the thing\n b. Log it: mandate-ledger.sh log-action \"\"\n4. IF denied:\n a. Tell the user what you want to do and why\n b. Suggest a mandate (show scope, duration, constraints)\n c. Wait for approval\n d. If approved, create the mandate, then proceed\n\nHow to Ask for Permission\n\nWhen denied, present it clearly and concisely:\n\nI need to [ACTION] but don't have a mandate for it.\n\n📋 [CATEGORY]: [what you want to do]\n🎯 Target: [specific target]\n⏰ Suggested duration: [reasonable TTL]\n\nWant me to set this up? I can also create a broader mandate if you'd\nprefer (e.g., all emails to @company.com for 30 days).\n\n\nDO NOT:\n\nBypass the check and do it anyway\nAsk repeatedly for the same thing if denied\nCreate mandates yourself without user approval\nPretend you checked when you didn't\n\nDO:\n\nSuggest templates when appropriate (\"Want me to set up dev-tools?\")\nBatch similar requests (\"I'll need to run several git commands — want a dev-tools mandate?\")\nLog every action after completion\nMention remaining limits when relevant (\"3/20 daily emails used\")\nFirst-Time Setup\n\nIf check-action returns \"hint\": \"templates\", the ledger is empty. Guide the user:\n\nAgent Passport isn't set up yet. It takes 30 seconds:\n\n mandate-ledger.sh init agent:me \"Your Name\" \"assistant\" \"openclaw\"\n mandate-ledger.sh create-from-template dev-tools\n\nWant me to run this for you?\n\nLogging Actions\n\nAfter every authorized action, log it:\n\n$SCRIPT_DIR/mandate-ledger.sh log-action \"\" \"\"\n\nFor financial: amount = dollars spent\nFor everything else: amount = 1\nDescription should be human-readable: \"Sent email to bob@company.com re: Q1 report\"\nKill Switch Behavior\n\nIf the user engages the kill switch, all operations are frozen until unlocked.\n\n./mandate-ledger.sh kill \"user requested freeze\"\n./mandate-ledger.sh unlock\n\n\nAgent behavior when kill switch is active:\n\nDo not attempt sensitive actions\nDo not retry check-action in a loop\nTell user operations are blocked and request explicit unlock\nOverview\n\nAgent Passport provides a consent layer for agent autonomy. Instead of all-or-nothing permissions, users grant mandates with specific constraints:\n\n\"I authorize this agent to [ACTION] with [CONSTRAINTS] until [EXPIRY]\"\n\n\nThis isn't just about purchases — it's consent-gating for all sensitive actions.\n\nAction Categories\nCategory\tExamples\tTypical Constraints\nfinancial\tPurchases, transfers, subscriptions\tSpending cap, merchant allowlist\ncommunication\tEmails, messages, tweets, posts\tRecipient allowlist, rate limit\ndata\tDelete files, edit docs, DB writes\tPath allowlist, require backup\nsystem\tShell commands, installs, configs\tCommand allowlist, no sudo\nexternal_api\tThird-party API calls\tService allowlist, rate limit\nidentity\tPublic actions \"as\" the user\tHuman review required\nWildcard Patterns\n\nAllowlists and deny lists support three wildcard styles:\n\nPattern\tMatches\tExample\nprefix *\tAnything starting with prefix\tgit * → git pull, git status\n*.suffix\tAnything ending with suffix\t*.env → config.env, .env\n*middle*\tAnything containing middle\t*/.git/* → repo/.git/config\n*@domain\tEmail domain match\t*@company.com → bob@company.com\nexact\tExact match only\tapi.github.com\nModes\nLocal mode (default): Mandates stored in ~/.openclaw/agent-passport/. Free tier is fully offline. Pro tier makes periodic API calls to api.agentpassportai.com for license validation and threat definition updates.\nPreview mode: No storage, no network. Generates validated payloads and curl templates.\nLive mode (roadmap): Future connection to Agent Bridge backend for multi-agent sync and compliance. Not yet implemented.\nQuick Start Commands\n# Initialize with identity\n./mandate-ledger.sh init [scope] [provider]\n\n# Templates (auto-detects agent if registered)\n./mandate-ledger.sh templates\n./mandate-ledger.sh create-from-template dev-tools\n./mandate-ledger.sh create-from-template email-team \n./mandate-ledger.sh create-from-template file-ops \n./mandate-ledger.sh create-from-template web-research\n./mandate-ledger.sh create-from-template safe-browsing\n./mandate-ledger.sh create-from-template coding\n./mandate-ledger.sh create-from-template email-assistant\n./mandate-ledger.sh create-from-template read-only\n./mandate-ledger.sh create-from-template full-auto\n\n# Quick create (human-friendly durations: 7d, 24h, 30m)\n./mandate-ledger.sh create-quick [amount_cap]\n\n# Check & log\n./mandate-ledger.sh check-action [amount]\n./mandate-ledger.sh log-action \"\"\n\n# Audit\n./mandate-ledger.sh audit [limit]\n./mandate-ledger.sh summary\n\n# Threat definitions\n./mandate-ledger.sh init-definitions\n./mandate-ledger.sh update-definitions\n./mandate-ledger.sh definitions-status\n\nCommands Reference\nQuick Start\ninit [agent_id] [principal] [scope] [provider]\n # Initialize ledger, optionally register agent\ntemplates # List available templates\ncreate-from-template # Create mandate from template\n [agent_id] [args...]\ncreate-quick # Create with positional args\n \n [amount_cap]\n\nMandate Lifecycle\ncreate # Create mandate (include action_type)\ncreate-with-kya # Create with auto-attached agent KYA\nget # Get mandate by ID\nlist [filter] # List mandates (all|active|revoked|)\nrevoke [why] # Revoke a mandate\n\nAuthorization\ncheck-action [amount]\n # Check if action is authorized\nlog-action [description]\n # Log action against mandate\nkill # Engage kill switch and freeze execution\nunlock # Disengage kill switch\n\nAudit & Reporting\naudit [limit] # Show recent audit entries\naudit-mandate # Show audit for specific mandate\naudit-summary [since] # Summary by action type\nsummary # Show overall ledger stats\nexport # Export full ledger as JSON\n\nThreat Definitions\ninit-definitions # Write bundled threat-definitions.json to LEDGER_DIR\nupdate-definitions # Refresh definitions (Pro: API pull, Free: bundled copy)\n [--force] [--offline]\ndefinitions-status # Show version, pattern counts, and last update\n\nKYA (Know Your Agent)\nkya-register [provider]\nkya-get \nkya-list\nkya-revoke [why]\n\nMandate Structure\n{\n \"mandate_id\": \"mandate_1770412575_3039e369\",\n \"action_type\": \"communication\",\n \"agent_id\": \"agent:my-assistant\",\n \"scope\": {\n \"allowlist\": [\"*@mycompany.com\", \"bob@partner.com\"],\n \"deny\": [\"*@competitor.com\"],\n \"rate_limit\": \"20/day\",\n \"kya\": { \"status\": \"verified\", \"verified_principal\": \"Mark\" }\n },\n \"amount_cap\": null,\n \"ttl\": \"2026-02-13T00:00:00Z\",\n \"status\": \"active\",\n \"usage\": { \"count\": 5, \"total_amount\": 0 },\n \"created_at\": \"2026-02-06T22:00:00Z\"\n}\n\nAgent Bridge (Future Roadmap)\n\nNote: Free tier is fully local with no network calls. Pro tier (AGENT_PASSPORT_LICENSE_KEY set) makes periodic HTTPS calls to api.agentpassportai.com for license validation and threat definition updates. No usage data or scan results are transmitted. Agent Bridge is a planned future service.\n\nLocal mode handles single-user, single-agent scenarios. A future Agent Bridge service would add:\n\nMulti-agent coordination — prevent overlapping mandates\nCross-device sync — same mandates everywhere\nOrganization policies — IT guardrails, user customization within\nCompliance reporting — audit exports for regulatory needs\nMerchant/service registry — verified vendors, trust scores\n\nExport local ledger anytime: ./mandate-ledger.sh export > backup.json\n\nConfiguration (OpenClaw)\n{\n \"skills\": {\n \"entries\": {\n \"agent-passport\": {\n \"env\": {\n \"AGENT_PASSPORT_LOCAL_LEDGER\": \"true\"\n },\n \"config\": {\n \"default_currency\": \"USD\",\n \"default_ttl_minutes\": 60,\n \"confirm_threshold_amount\": 50\n }\n }\n }\n }\n}\n\nStorage\n\nAll data stored locally in ~/.openclaw/agent-passport/:\n\nmandates.json — mandate ledger\nagents.json — KYA registry\naudit.json — action audit trail\nthreat-definitions.json — active threat pattern definitions\nthreat-definitions.bak — previous definitions backup\n.threat-meta.json — last update/version/source metadata\nSafety\nNever leak secrets into prompts, logs, or outputs\nMandates constrain actions, but don't prevent all misuse\nAudit trail provides accountability, not prevention\nUse KYA to verify agent identity before granting broad mandates" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/markneville/agent-passport", "publisherUrl": "https://clawhub.ai/markneville/agent-passport", "owner": "markneville", "version": "2.4.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agent-passport", "downloadUrl": "https://openagent3.xyz/downloads/agent-passport", "agentUrl": "https://openagent3.xyz/skills/agent-passport/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-passport/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-passport/agent.md" } }