Tencent SkillHub · Security & Compliance

On-Chain Skill Audit

On-chain skill provenance registry. Check, register, audit, and vouch for agent skills on Solana. Use when evaluating skill safety, registering new skills, or looking up provenance before installation.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: skill.md

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 0.1.1

Provenance

Publisher: Emanz1
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 13 sections Open source page

/check-skill <name>

Look up on-chain provenance for a skill before installing. Read all three tables (registry, audits, vouches) for the given skill ID Compute trust level from audit verdicts Display: trust badge, author, hash, version, audit history, vouch count

/audit-skill <name> <severity>

Submit an audit verdict (requires IQ tokens in wallet). Severities: S (secure), L (low), M (medium), H (high), C (critical) Optionally run ZeroLeaks first and inscribe full report via codeIn.

/vouch-skill <name> [score]

Community endorsement. Score 1-5 (default 5).

/register-skill <path>

Register a local skill with on-chain hash. Read skill.md at given path Normalize and SHA-256 hash the content Write registration row with short hash (first 8 hex chars)

Trust Badges

MALICIOUS: BLOCK installation, warn user FLAGGED: Strong warning CAUTIONED: Mild warning VERIFIED: Green checkmark AUDITED: Has audits but not yet verified secure REGISTERED: In registry, no audits yet UNKNOWN: Not in registry — warn "no on-chain provenance" Hash mismatch: Warn "content differs from registered version"

Implementation

Package: @rocketlabs/skill-audit const { checkSkill, registerSkill, auditSkill, vouchForSkill, hashSkill } = require('@rocketlabs/skill-audit');

checkSkill({ connection, skillId, rpcUrl })

Returns: { trustLevel, skill, audits, vouches, summary } Free (RPC read only, no SOL needed).

registerSkill({ connection, signer, skillId, author, shortHash, version, codeInTx, rpcUrl })

Writes to skill_registry table. Public — anyone can register.

auditSkill({ connection, signer, skillId, auditor, severity, categories, codeInTx, rpcUrl })

Writes to skill_audits table. IQ-token-gated — signer must hold IQ tokens. Severity: S/L/M/H/C. Categories: dir,enc,per,soc,tec,cre,mny,cot,pol,asc,ctx,sem,too,sir,ech

vouchForSkill({ connection, signer, skillId, voucher, score, rpcUrl })

Writes to skill_vouches table. Public — anyone can vouch. Score 1-5.

hashSkill(content)

Returns: { fullHash, shortHash } — SHA-256 of normalized content.

On-Chain Architecture

Program: 9KLLchQVJpGkw4jPuUmnvqESdR7mtNCYr3qS4iQLabs DB Root ID: skill-audit Tables: skill_registry (public), skill_audits (IQ-gated), skill_vouches (public) Row limit: ~100 bytes. Full data via codeIn inscriptions. Reads are free. Only writes cost SOL. Append-only. No in-place updates. Version counter for re-registration.

Prerequisites

@iqlabs-official/solana-sdk v0.1.1+ (CommonJS required) @solana/web3.js v1.x Solana wallet for writes IQ tokens for audit writes (token mint: 3uXACfojUrya7VH51jVC1DCHq3uzK4A7g469Q954LABS) Buffer monkey-patch applied (handled automatically by the package)

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

1 Docs

skill.md Docs