# Send Credence to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "credence",
    "name": "Credence",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/pestafford/credence",
    "canonicalUrl": "https://clawhub.ai/pestafford/credence",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/credence",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=credence",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "_meta.json"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "credence",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-02T04:33:02.063Z",
      "expiresAt": "2026-05-09T04:33:02.063Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=credence",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=credence",
        "contentDisposition": "attachment; filename=\"credence-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "credence"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/credence"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/credence",
    "downloadUrl": "https://openagent3.xyz/downloads/credence",
    "agentUrl": "https://openagent3.xyz/skills/credence/agent",
    "manifestUrl": "https://openagent3.xyz/skills/credence/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/credence/agent.md"
  }
}
```
## Documentation

### Credence

Check MCP servers and AI tools against the Credence trust registry before you install them.

### When to use this skill

Before installing any MCP server
When a user asks you to add an MCP server or AI tool
When you want to verify whether a tool is safe
When the user asks /credence

### How it works

Credence scans MCP servers and AI tools for security issues, verifies their provenance, and checks behavioral risk. Every scanned tool gets a trust score from 0 to 100 and a verdict:

ScoreVerdictMeaning90-100APPROVEDSafe to install70-89CONDITIONALReview the flagged items before installing40-69FLAGGEDSignificant concerns — install only if you understand the risks0-39REJECTEDDo not install

### Check a server by name or URL

Fetch the Credence registry and look up the server:

curl -s "https://raw.githubusercontent.com/pestafford/credence-registry/main/registry/index.json"

Search the servers array for a match on server_id, server_name, canonical_name, or repo_url. The match does not need to be exact — partial matches on the repo URL or server name are fine.

If found, report:

Credence: <server_name>
  Score: <trust_score>/100
  Verdict: <thinktank_verdict>
  Scanned: <attested_at>
  Registry: https://credence.securingthesingularity.com/registry.html

Then give your recommendation:

APPROVED (90+): Safe to install. Proceed.
CONDITIONAL (70-89): Mention the score and suggest the user review the registry page for details before installing.
FLAGGED (40-69): Warn the user. Do not install without explicit confirmation.
REJECTED (0-39): Do not install. Explain that Credence found serious issues.

If not found, say:

This tool has not been scanned by Credence yet.
Submit it for scanning at: https://credence.securingthesingularity.com/#submit

Then let the user decide whether to proceed.

### Check before installing

Whenever you are about to install or connect to an MCP server (via claude mcp add, editing claude_desktop_config.json, or any other method), check it against Credence first. If the server is not in the registry, tell the user it hasn't been scanned and ask if they want to proceed anyway.

### Get full details

For more detail on a specific server, fetch its attestation file. The attestation_file path from the index entry is relative to:

https://raw.githubusercontent.com/pestafford/credence-registry/main/registry/

The attestation includes the full score breakdown (security, provenance, behavioral), scan metadata, and the deliberation verdict.

### Examples

User says: "Add the filesystem MCP server"

Fetch the registry index
Find modelcontextprotocol/servers/filesystem — score 88, APPROVED
Report: "Credence score: 88/100 (APPROVED). Safe to install."
Proceed with the install

User says: "Install some-unknown-server"

Fetch the registry index
Not found
Report: "This server hasn't been scanned by Credence yet. You can submit it at https://credence.securingthesingularity.com/#submit — want to install anyway?"

User says: /credence modelcontextprotocol/servers/memory

Fetch the registry index
Find it — score 98, APPROVED
Report the full status

### Notes

The registry is public and requires no authentication
Scores are based on automated scanning plus adversarial AI deliberation
A missing entry does not mean a tool is dangerous — it just hasn't been scanned yet
For the full methodology, see https://credence.securingthesingularity.com/faq.html
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: pestafford
- Version: 1.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-02T04:33:02.063Z
- Expires at: 2026-05-09T04:33:02.063Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/credence)
- [Send to Agent page](https://openagent3.xyz/skills/credence/agent)
- [JSON manifest](https://openagent3.xyz/skills/credence/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/credence/agent.md)
- [Download page](https://openagent3.xyz/downloads/credence)