๐Ÿ”
12917 skills
โ† All skills
Tencent SkillHub ยท Developer Tools

Agentshield Audit

Initiate and manage AgentShield security audits for AI agents. Use when a user wants to audit their agent's security posture, generate cryptographic identity...

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

Initiate and manage AgentShield security audits for AI agents. Use when a user wants to audit their agent's security posture, generate cryptographic identity...

โฌ‡ 0 downloads โ˜… 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
agentshield_tester.py, audit_client.py, CHANGELOG.md, clawhub.json, complete_handshake.py, DEPLOY.md

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
1.0.22

Documentation

ClawHub primary doc Primary doc: SKILL.md 28 sections Open source page

AgentShield - Trust Infrastructure for AI Agents

The trust layer for the agent economy. Like SSL/TLS, but for AI agents. ๐Ÿ” Cryptographic Identity - Ed25519 signing keys ๐Ÿค Trust Handshake Protocol - Mutual verification before communication ๐Ÿ“‹ Public Trust Registry - Reputation scores & track records โœ… 77 Security Tests - Comprehensive vulnerability assessment ๐Ÿ”’ Privacy Disclosure: See PRIVACY.md for detailed data handling information.

๐ŸŽฏ The Problem

Agents need to communicate with other agents (API calls, data sharing, task delegation). But how do you know if another agent is trustworthy? Has it been compromised? Is it leaking data? Can you trust its responses? Without a trust layer, agent-to-agent communication is like HTTP without SSL - unsafe and unverifiable.

๐Ÿ’ก The Solution: Trust Infrastructure

AgentShield provides the trust layer for agent-to-agent communication:

1. Cryptographic Identity

Ed25519 key pairs - Industry-standard cryptography Private keys stay local - Never transmitted Public key certificates - Signed by AgentShield

2. Security Audit (77 Tests)

52 Live Attack Vectors: Prompt injection (15 variants) Encoding exploits (Base64, ROT13, Hex, Unicode) Multi-language attacks (Chinese, Russian, Arabic, Japanese, German, Korean) Social engineering (emotional appeals, authority pressure, flattery) System prompt extraction attempts 25 Static Security Checks: Input sanitization Output DLP (data leak prevention) Tool sandboxing Secret scanning Supply chain security Result: Security score (0-100) + Tier (VULNERABLE โ†’ HARDENED)

3. Trust Handshake Protocol

Agent A wants to communicate with Agent B: # Step 1: Both agents get certified python3 initiate_audit.py --auto # Step 2: Agent A initiates handshake with Agent B python3 handshake.py --target agent_B_id # Step 3: Both agents sign challenges # (Automatic in v1.0.13+) # Step 4: Receive shared session key # โ†’ Now you can communicate securely! What you get: โœ… Mutual verification (both agents are who they claim to be) โœ… Shared session key (for encrypted communication) โœ… Trust score boost (+5 for successful handshakes) โœ… Public track record (handshake history)

4. Public Trust Registry

Searchable database of all certified agents Reputation scores based on audits, handshakes, and time Trust tiers: UNVERIFIED โ†’ BASIC โ†’ VERIFIED โ†’ TRUSTED Revocation list (CRL) - Compromised agents get flagged

Install

clawhub install agentshield cd ~/.openclaw/workspace/skills/agentshield*/

Get Certified (77 Security Tests)

# Auto-detect agent name from IDENTITY.md/SOUL.md python3 initiate_audit.py --auto # Or manual: python3 initiate_audit.py --name "MyAgent" --platform telegram Output: โœ… Agent ID: agent_xxxxx โœ… Security Score: XX/100 โœ… Tier: PATTERNS_CLEAN / HARDENED / etc. โœ… Certificate (90-day validity)

Verify Another Agent

python3 verify_peer.py agent_yyyyy

Trust Handshake with Another Agent

# Initiate handshake python3 handshake.py --target agent_yyyyy # Result: Shared session key for encrypted communication

1. Agent-to-Agent API Calls

Before: Agent A calls Agent B's API - no way to verify B's integrity With AgentShield: Agent A checks Agent B's certificate + handshake โ†’ Verified communication

2. Multi-Agent Task Delegation

Before: Orchestrator spawns sub-agents - can't verify they're safe With AgentShield: All sub-agents certified โ†’ Orchestrator knows they're trusted

3. Agent Marketplaces

Before: Download random agents from the internet - no trust guarantees With AgentShield: Browse Trust Registry โ†’ Only hire VERIFIED agents

4. Data Sharing Between Agents

Before: Share sensitive data with another agent - hope it doesn't leak With AgentShield: Handshake โ†’ Encrypted session key โ†’ Secure data transfer

Privacy-First Design

โœ… All 77 tests run locally - Your system prompts NEVER leave your device โœ… Private keys stay local - Only public keys transmitted โœ… Human-in-the-Loop - Explicit consent before reading IDENTITY.md/SOUL.md โœ… No environment scanning - Doesn't scan for API tokens What goes to the server: Public key (Ed25519) Agent name & platform Test scores (passed/failed summary) What stays local: Private key System prompts Configuration files Detailed test results

Environment Variables (Optional)

AGENTSHIELD_API=https://agentshield.live # API endpoint AGENT_NAME=MyAgent # Override auto-detection OPENCLAW_AGENT_NAME=MyAgent # OpenClaw standard

Certificate (90-day validity)

{ "agent_id": "agent_xxxxx", "public_key": "...", "security_score": 85, "tier": "PATTERNS_CLEAN", "issued_at": "2026-03-10", "expires_at": "2026-06-08" }

Trust Registry Entry

โœ… Public verification URL: agentshield.live/verify/agent_xxxxx โœ… Trust score (0-100) based on: Age (longer = more trust) Verification count Handshake success rate Days active โœ… Tier: UNVERIFIED โ†’ BASIC โ†’ VERIFIED โ†’ TRUSTED

Handshake Proof

{ "handshake_id": "hs_xxxxx", "requester": "agent_A", "target": "agent_B", "status": "completed", "session_key": "...", "completed_at": "2026-03-10T20:00:00Z" }

๐Ÿ”ง Scripts Included

ScriptPurposeinitiate_audit.pyRun 77 security tests & get certifiedhandshake.pyTrust handshake with another agentverify_peer.pyCheck another agent's certificateshow_certificate.pyDisplay your certificateagentshield_tester.pyStandalone test suite (advanced)

Flow

Initiate: Agent A โ†’ Server: "I want to handshake with Agent B" Challenge: Server generates random challenges for both agents Sign: Both agents sign their challenges with private keys Verify: Server verifies signatures with public keys Complete: Server generates shared session key Trust Boost: Both agents +5 trust score

Cryptography

Algorithm: Ed25519 (curve25519) Key Size: 256-bit Signature: Deterministic (same message = same signature) Session Key: AES-256 compatible

๐Ÿš€ Roadmap

Current (v1.0.13): โœ… 77 security tests โœ… Ed25519 certificates โœ… Trust Handshake Protocol โœ… Public Trust Registry โœ… CRL (Certificate Revocation List) Coming Soon: โณ Auto re-audit (when prompts change) โณ Negative event reporting โณ Fleet management (multi-agent dashboard) โณ Trust badges for messaging platforms

๐Ÿ“– Learn More

Website: https://agentshield.live GitHub: https://github.com/bartelmost/agentshield API Docs: https://agentshield.live/docs ClawHub: https://clawhub.ai/bartelmost/agentshield

๐ŸŽฏ TL;DR

AgentShield is SSL/TLS for AI agents. Get certified โ†’ Verify others โ†’ Establish trust handshakes โ†’ Communicate securely. # 1. Get certified python3 initiate_audit.py --auto # 2. Handshake with another agent python3 handshake.py --target agent_xxxxx # 3. Verify others python3 verify_peer.py agent_yyyyy Building the trust layer for the agent economy. ๐Ÿ›ก๏ธ

What Gets Sent to AgentShield API

During Audit Submission: { "agent_name": "YourAgent", "platform": "telegram", "public_key": "base64_encoded_ed25519_public_key", "test_results": { "score": 85, "tests_passed": 74, "tests_total": 77, "tier": "PATTERNS_CLEAN", "failed_tests": ["test_name_1", "test_name_2"] } } What is NOT sent: โŒ Full test output/logs โŒ Your prompts or system messages โŒ IDENTITY.md or SOUL.md file contents โŒ Private keys (stay in ~/.agentshield/agent.key) โŒ Workspace files or memory API Endpoint: Primary: https://agentshield.live/api (proxies to Heroku backend) All traffic over HTTPS (TLS 1.2+)

๐Ÿ›ก๏ธ Consent & Privacy

File Read Consent: Skill requests permission BEFORE reading IDENTITY.md/SOUL.md User sees: "Read IDENTITY.md for agent name? [Y/n]" If declined: Manual mode (--name flag) If approved: Only name/platform extracted (not full file content) Privacy-First Mode: export AGENTSHIELD_NO_AUTO_DETECT=1 python initiate_audit.py --name "MyBot" --platform "telegram" โ†’ Zero file reads, manual input only See PRIVACY.md for complete data handling documentation.

Category context

Code helpers, APIs, CLIs, browser automation, testing, and developer operations.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
3 Scripts2 Docs1 Config
  • CHANGELOG.md Docs
  • DEPLOY.md Docs
  • agentshield_tester.py Scripts
  • audit_client.py Scripts
  • complete_handshake.py Scripts
  • clawhub.json Config

Related skills

readyClaw Free
Featured

API Architect

Design contracts before code

Designs contracts before implementation and treats REST, GraphQL, and gRPC as tools rather than dogma.

Developer Tools agent claude
souls.zip $149
Featured

The Dev Team

A four-agent engineering squad for shipping products

Four-agent engineering team spanning CTO, frontend, backend, and design roles, built to mirror the stack behind souls.zip.

Developer Tools team openclaw
readyClaw Free
Featured

Web Platform Engineer

Build for the open web with strong fundamentals

A web engineering agent grounded in HTML semantics, CSS layout systems, and browser-native resilience.

Developer Tools agent claude