{ "schemaVersion": "1.0", "item": { "slug": "credence", "name": "Credence", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/pestafford/credence", "canonicalUrl": "https://clawhub.ai/pestafford/credence", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/credence", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=credence", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "_meta.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/credence" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/credence", "agentPageUrl": "https://openagent3.xyz/skills/credence/agent", "manifestUrl": "https://openagent3.xyz/skills/credence/agent.json", "briefUrl": "https://openagent3.xyz/skills/credence/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Credence", "body": "Check MCP servers and AI tools against the Credence trust registry before you install them." }, { "title": "When to use this skill", "body": "Before installing any MCP server\nWhen a user asks you to add an MCP server or AI tool\nWhen you want to verify whether a tool is safe\nWhen the user asks /credence" }, { "title": "How it works", "body": "Credence scans MCP servers and AI tools for security issues, verifies their provenance, and checks behavioral risk. Every scanned tool gets a trust score from 0 to 100 and a verdict:\n\nScoreVerdictMeaning90-100APPROVEDSafe to install70-89CONDITIONALReview the flagged items before installing40-69FLAGGEDSignificant concerns — install only if you understand the risks0-39REJECTEDDo not install" }, { "title": "Check a server by name or URL", "body": "Fetch the Credence registry and look up the server:\n\ncurl -s \"https://raw.githubusercontent.com/pestafford/credence-registry/main/registry/index.json\"\n\nSearch the servers array for a match on server_id, server_name, canonical_name, or repo_url. The match does not need to be exact — partial matches on the repo URL or server name are fine.\n\nIf found, report:\n\nCredence: \n Score: /100\n Verdict: \n Scanned: \n Registry: https://credence.securingthesingularity.com/registry.html\n\nThen give your recommendation:\n\nAPPROVED (90+): Safe to install. Proceed.\nCONDITIONAL (70-89): Mention the score and suggest the user review the registry page for details before installing.\nFLAGGED (40-69): Warn the user. Do not install without explicit confirmation.\nREJECTED (0-39): Do not install. Explain that Credence found serious issues.\n\nIf not found, say:\n\nThis tool has not been scanned by Credence yet.\nSubmit it for scanning at: https://credence.securingthesingularity.com/#submit\n\nThen let the user decide whether to proceed." }, { "title": "Check before installing", "body": "Whenever you are about to install or connect to an MCP server (via claude mcp add, editing claude_desktop_config.json, or any other method), check it against Credence first. If the server is not in the registry, tell the user it hasn't been scanned and ask if they want to proceed anyway." }, { "title": "Get full details", "body": "For more detail on a specific server, fetch its attestation file. The attestation_file path from the index entry is relative to:\n\nhttps://raw.githubusercontent.com/pestafford/credence-registry/main/registry/\n\nThe attestation includes the full score breakdown (security, provenance, behavioral), scan metadata, and the deliberation verdict." }, { "title": "Examples", "body": "User says: \"Add the filesystem MCP server\"\n\nFetch the registry index\nFind modelcontextprotocol/servers/filesystem — score 88, APPROVED\nReport: \"Credence score: 88/100 (APPROVED). Safe to install.\"\nProceed with the install\n\nUser says: \"Install some-unknown-server\"\n\nFetch the registry index\nNot found\nReport: \"This server hasn't been scanned by Credence yet. You can submit it at https://credence.securingthesingularity.com/#submit — want to install anyway?\"\n\nUser says: /credence modelcontextprotocol/servers/memory\n\nFetch the registry index\nFind it — score 98, APPROVED\nReport the full status" }, { "title": "Notes", "body": "The registry is public and requires no authentication\nScores are based on automated scanning plus adversarial AI deliberation\nA missing entry does not mean a tool is dangerous — it just hasn't been scanned yet\nFor the full methodology, see https://credence.securingthesingularity.com/faq.html" } ], "body": "Credence\n\nCheck MCP servers and AI tools against the Credence trust registry before you install them.\n\nWhen to use this skill\nBefore installing any MCP server\nWhen a user asks you to add an MCP server or AI tool\nWhen you want to verify whether a tool is safe\nWhen the user asks /credence\nHow it works\n\nCredence scans MCP servers and AI tools for security issues, verifies their provenance, and checks behavioral risk. Every scanned tool gets a trust score from 0 to 100 and a verdict:\n\nScore\tVerdict\tMeaning\n90-100\tAPPROVED\tSafe to install\n70-89\tCONDITIONAL\tReview the flagged items before installing\n40-69\tFLAGGED\tSignificant concerns — install only if you understand the risks\n0-39\tREJECTED\tDo not install\nInstructions\nCheck a server by name or URL\n\nFetch the Credence registry and look up the server:\n\ncurl -s \"https://raw.githubusercontent.com/pestafford/credence-registry/main/registry/index.json\"\n\n\nSearch the servers array for a match on server_id, server_name, canonical_name, or repo_url. The match does not need to be exact — partial matches on the repo URL or server name are fine.\n\nIf found, report:\n\nCredence: \n Score: /100\n Verdict: \n Scanned: \n Registry: https://credence.securingthesingularity.com/registry.html\n\n\nThen give your recommendation:\n\nAPPROVED (90+): Safe to install. Proceed.\nCONDITIONAL (70-89): Mention the score and suggest the user review the registry page for details before installing.\nFLAGGED (40-69): Warn the user. Do not install without explicit confirmation.\nREJECTED (0-39): Do not install. Explain that Credence found serious issues.\n\nIf not found, say:\n\nThis tool has not been scanned by Credence yet.\nSubmit it for scanning at: https://credence.securingthesingularity.com/#submit\n\n\nThen let the user decide whether to proceed.\n\nCheck before installing\n\nWhenever you are about to install or connect to an MCP server (via claude mcp add, editing claude_desktop_config.json, or any other method), check it against Credence first. If the server is not in the registry, tell the user it hasn't been scanned and ask if they want to proceed anyway.\n\nGet full details\n\nFor more detail on a specific server, fetch its attestation file. The attestation_file path from the index entry is relative to:\n\nhttps://raw.githubusercontent.com/pestafford/credence-registry/main/registry/\n\n\nThe attestation includes the full score breakdown (security, provenance, behavioral), scan metadata, and the deliberation verdict.\n\nExamples\n\nUser says: \"Add the filesystem MCP server\"\n\nFetch the registry index\nFind modelcontextprotocol/servers/filesystem — score 88, APPROVED\nReport: \"Credence score: 88/100 (APPROVED). Safe to install.\"\nProceed with the install\n\nUser says: \"Install some-unknown-server\"\n\nFetch the registry index\nNot found\nReport: \"This server hasn't been scanned by Credence yet. You can submit it at https://credence.securingthesingularity.com/#submit — want to install anyway?\"\n\nUser says: /credence modelcontextprotocol/servers/memory\n\nFetch the registry index\nFind it — score 98, APPROVED\nReport the full status\nNotes\nThe registry is public and requires no authentication\nScores are based on automated scanning plus adversarial AI deliberation\nA missing entry does not mean a tool is dangerous — it just hasn't been scanned yet\nFor the full methodology, see https://credence.securingthesingularity.com/faq.html" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/pestafford/credence", "publisherUrl": "https://clawhub.ai/pestafford/credence", "owner": "pestafford", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/credence", "downloadUrl": "https://openagent3.xyz/downloads/credence", "agentUrl": "https://openagent3.xyz/skills/credence/agent", "manifestUrl": "https://openagent3.xyz/skills/credence/agent.json", "briefUrl": "https://openagent3.xyz/skills/credence/agent.md" } }