🧪 Skills

Arc Security - Agent Trust Protocol

Manage skill trust by staking USDC bonds, paying micro-fees for verified skills, reporting malicious skills, and participating in decentralized governance vi...

v1.0.1
❤️ 2
⬇️ 2.4k
👁 1
Save📁 Collect
Share

Description

Arc Security - Agent Trust Protocol

Chain-agnostic security infrastructure for OpenClaw skills. Auditors stake USDC to vouch for skill safety, users pay micro-fees to access verified skills, and malicious skills get slashed through decentralized governance -- all powered by CCTP on Arc.

Installation

clawhub install arc-security

Configuration

Set the following environment variables:

Variable Required Description
ARC_RPC_URL Yes Arc testnet RPC endpoint (default: https://testnet-rpc.arc.network)
CONTRACT_ADDRESS Yes Deployed SkillSecurityRegistry contract address
PRIVATE_KEY Yes Wallet private key (for signing transactions)
X402_SERVER_URL Yes x402 payment server URL
ETH_RPC_URL No Ethereum Sepolia RPC (for cross-chain operations)
BASE_RPC_URL No Base Sepolia RPC (default: https://sepolia.base.org)
ARB_RPC_URL No Arbitrum Sepolia RPC (default: https://sepolia-rollup.arbitrum.io/rpc)

Commands

check -- Check skill trust status

Query on-chain bond status, auditor count, usage stats, and computed trust score for any skill.

clawhub arc-security check <skill_id>

Example output:

Skill: youtube-downloader
├─ Bonded: 100.00 USDC by 3 auditors
├─ Used: 1,250 times
├─ Trust Score: 75/100
├─ Status: Safe to use
└─ Created: 2025-06-15 14:30:00

Trust Score is calculated as:

  • 40% from bond amount (capped at 100 USDC = full weight)
  • 40% from usage count (capped at 1,000 uses = full weight)
  • 20% from auditor count (5 points per auditor)
  • Flagged skills receive a -50 penalty

use -- Pay and download a skill

Pays the 0.10 USDC usage fee via x402 and downloads the skill package. Automatically selects the cheapest payment path based on your wallet balances.

clawhub arc-security use <skill_id>

Payment chain selection priority:

  1. Arc Testnet (direct -- no bridging fees)
  2. Base Sepolia (via CCTP)
  3. Arbitrum Sepolia (via CCTP)
  4. Ethereum Sepolia (via CCTP)

bond -- Stake USDC to vouch for a skill

Stake USDC as a security bond to vouch for a skill's safety. If the skill is found malicious, 50% of your stake is slashed.

clawhub arc-security bond <skill_id> <amount> <source_chain>

Arguments:

  • skill_id -- Skill identifier
  • amount -- Amount of USDC to stake (e.g. 50)
  • source_chain -- Chain to pay from (ethereum-sepolia, base-sepolia, arbitrum-sepolia, arc-testnet)

Example:

clawhub arc-security bond youtube-downloader 50 base-sepolia

report -- Report a malicious skill

Submit a claim that a skill is malicious. Requires a 1 USDC anti-spam deposit (refunded if the claim is validated).

clawhub arc-security report <skill_id> --evidence <ipfs_hash>

Example:

clawhub arc-security report bad-skill --evidence QmXyz123...

Opens a 72-hour voting window for auditors.

vote-claim -- Vote on a pending claim

Cast a vote on whether a reported skill is malicious. Only wallets that have staked on any skill are eligible to vote. Vote weight is based on total stake and audit track record.

clawhub arc-security vote-claim <claim_id> <support|oppose>

Vote weight formula: sqrt(totalStaked) * (successfulAudits / totalAudits)

claim-earnings -- Withdraw accumulated fees

Withdraw your share of usage fees earned as an auditor. Fees are split 70% to auditors (proportional to stake) and 30% to the insurance pool.

clawhub arc-security claim-earnings <destination_chain>

Supported destination chains:

  • arc-testnet (direct transfer)
  • ethereum-sepolia, base-sepolia, arbitrum-sepolia (via CCTP)

Supported Chains

Chain CCTP Domain Payment Bonding Earnings
Arc Testnet 100 Direct Direct Direct
Ethereum Sepolia 0 CCTP CCTP CCTP
Base Sepolia 6 CCTP CCTP CCTP
Arbitrum Sepolia 3 CCTP CCTP CCTP

Fee Structure

Action Cost Distribution
Use a skill 0.10 USDC 70% auditors, 30% insurance pool
Submit a claim 1.00 USDC deposit Refunded if claim validated
Guilty verdict 50% of bond slashed 80% to victim, 20% to insurance

Architecture

User (any chain)
  │
  ├── CCTP burn ──► Arc Testnet ──► SkillSecurityRegistry (bonds, fees, claims)
  │                                        │
  └── x402 GET ──► Payment Server ◄────────┘ (verifies payment on-chain)
                       │
                       └──► Skill package (ZIP)
  1. SkillSecurityRegistry (Solidity on Arc) -- Holds bonds, processes fees, manages claims/votes/slashing
  2. x402 Payment Server (Node.js) -- Serves skill packages behind HTTP 402 paywall, verifies on-chain payments
  3. This skill (Python CLI) -- User-facing commands that orchestrate CCTP transfers and contract calls

License

MIT

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k