Arc Security - Agent Trust Protocol

# Arc Security - Agent Trust Protocol

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Arc Security - Agent Trust Protocol" with this command: npx skills add shaivpidadi/arc-security

Arc Security - Agent Trust Protocol

Chain-agnostic security infrastructure for OpenClaw skills. Auditors stake USDC to vouch for skill safety, users pay micro-fees to access verified skills, and malicious skills get slashed through decentralized governance -- all powered by CCTP on Arc.

Installation

clawhub install arc-security

Configuration

Set the following environment variables:

VariableRequiredDescription
ARC_RPC_URLYesArc testnet RPC endpoint (default: https://testnet-rpc.arc.network)
CONTRACT_ADDRESSYesDeployed SkillSecurityRegistry contract address
PRIVATE_KEYYesWallet private key (for signing transactions)
X402_SERVER_URLYesx402 payment server URL
ETH_RPC_URLNoEthereum Sepolia RPC (for cross-chain operations)
BASE_RPC_URLNoBase Sepolia RPC (default: https://sepolia.base.org)
ARB_RPC_URLNoArbitrum Sepolia RPC (default: https://sepolia-rollup.arbitrum.io/rpc)

Commands

check -- Check skill trust status

Query on-chain bond status, auditor count, usage stats, and computed trust score for any skill.

clawhub arc-security check <skill_id>

Example output:

Skill: youtube-downloader
├─ Bonded: 100.00 USDC by 3 auditors
├─ Used: 1,250 times
├─ Trust Score: 75/100
├─ Status: Safe to use
└─ Created: 2025-06-15 14:30:00

Trust Score is calculated as:

  • 40% from bond amount (capped at 100 USDC = full weight)
  • 40% from usage count (capped at 1,000 uses = full weight)
  • 20% from auditor count (5 points per auditor)
  • Flagged skills receive a -50 penalty

use -- Pay and download a skill

Pays the 0.10 USDC usage fee via x402 and downloads the skill package. Automatically selects the cheapest payment path based on your wallet balances.

clawhub arc-security use <skill_id>

Payment chain selection priority:

  1. Arc Testnet (direct -- no bridging fees)
  2. Base Sepolia (via CCTP)
  3. Arbitrum Sepolia (via CCTP)
  4. Ethereum Sepolia (via CCTP)

bond -- Stake USDC to vouch for a skill

Stake USDC as a security bond to vouch for a skill's safety. If the skill is found malicious, 50% of your stake is slashed.

clawhub arc-security bond <skill_id> <amount> <source_chain>

Arguments:

  • skill_id -- Skill identifier
  • amount -- Amount of USDC to stake (e.g. 50)
  • source_chain -- Chain to pay from (ethereum-sepolia, base-sepolia, arbitrum-sepolia, arc-testnet)

Example:

clawhub arc-security bond youtube-downloader 50 base-sepolia

report -- Report a malicious skill

Submit a claim that a skill is malicious. Requires a 1 USDC anti-spam deposit (refunded if the claim is validated).

clawhub arc-security report <skill_id> --evidence <ipfs_hash>

Example:

clawhub arc-security report bad-skill --evidence QmXyz123...

Opens a 72-hour voting window for auditors.

vote-claim -- Vote on a pending claim

Cast a vote on whether a reported skill is malicious. Only wallets that have staked on any skill are eligible to vote. Vote weight is based on total stake and audit track record.

clawhub arc-security vote-claim <claim_id> <support|oppose>

Vote weight formula: sqrt(totalStaked) * (successfulAudits / totalAudits)

claim-earnings -- Withdraw accumulated fees

Withdraw your share of usage fees earned as an auditor. Fees are split 70% to auditors (proportional to stake) and 30% to the insurance pool.

clawhub arc-security claim-earnings <destination_chain>

Supported destination chains:

  • arc-testnet (direct transfer)
  • ethereum-sepolia, base-sepolia, arbitrum-sepolia (via CCTP)

Supported Chains

ChainCCTP DomainPaymentBondingEarnings
Arc Testnet100DirectDirectDirect
Ethereum Sepolia0CCTPCCTPCCTP
Base Sepolia6CCTPCCTPCCTP
Arbitrum Sepolia3CCTPCCTPCCTP

Fee Structure

ActionCostDistribution
Use a skill0.10 USDC70% auditors, 30% insurance pool
Submit a claim1.00 USDC depositRefunded if claim validated
Guilty verdict50% of bond slashed80% to victim, 20% to insurance

Architecture

User (any chain)
  │
  ├── CCTP burn ──► Arc Testnet ──► SkillSecurityRegistry (bonds, fees, claims)
  │                                        │
  └── x402 GET ──► Payment Server ◄────────┘ (verifies payment on-chain)
                       │
                       └──► Skill package (ZIP)
  1. SkillSecurityRegistry (Solidity on Arc) -- Holds bonds, processes fees, manages claims/votes/slashing
  2. x402 Payment Server (Node.js) -- Serves skill packages behind HTTP 402 paywall, verifies on-chain payments
  3. This skill (Python CLI) -- User-facing commands that orchestrate CCTP transfers and contract calls

License

MIT

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Miaoji Bid Guard Pro

亚马逊广告护城河Pro版,90天ROI预测+多活动协同+季节性出价+关键词攻防矩阵。 从单次调价建议升级为完整的广告战役规划。基础功能可使用 miaoji-bid-guard 免费版。

Registry SourceRecently Updated
00wangm-a3
General

Miaoji Compliance Copy Pro

亚马逊合规文案Pro版,多市场监管+法律风险评估+Rufus深度优化+季节性合规文案。 从单次文案检测升级为多市场合规体系。基础功能可使用 miaoji-compliance-copy 免费版。

Registry SourceRecently Updated
00wangm-a3
General

Miaoji Model Shot Pro

亚马逊模特拍摄Pro版,完整拍摄计划+季节性拍摄日历+多场景组合+同类视觉反超方案。 从单次拍摄建议升级为完整视觉战役。基础功能可使用 miaoji-model-shot 免费版。

Registry SourceRecently Updated
00wangm-a3
General

Miaoji Scene Studio Pro

亚马逊场景工作室Pro版,A/B测试方案+平台适配规格+季节性场景库+同类产品视觉差距分析。 从单次场景建议升级为完整视觉策略。基础功能可使用 miaoji-scene-studio 免费版。

Registry SourceRecently Updated
00wangm-a3