TrustLayer Sybil Scanner — ERC-8004 Feedback Forensics

Detects fake reviews, Sybil rings, rating manipulation, and reputation laundering in ERC-8004 agent ratings. Covers 80,000+ agents across Base, Ethereum, BSC, Polygon, and Monad.

Most agent reputation systems show you the rating. This one tells you if the rating is real.

API Base: https://api.thetrustlayer.xyz No API key required (beta). Free during beta, x402 micropayments coming.

What this catches that others don't

• Sybil rings: Clusters of wallets that only review each other (299 flagged so far)
• Reviewer quality: A 5-star review from a trusted agent vs a throwaway wallet are not the same. Scores are weighted by reviewer reputation.
• Cross-chain laundering: Agent has great reviews on BSC but terrible ones on Base? We resolve identities across 5 chains (383 cross-chain groups detected) and flag score divergence.
• Temporal anomalies: Sudden bursts of positive reviews after a period of bad ones. Review bombing. Rating manipulation patterns over time.
• Spam feedback: 1,298+ spam feedbacks detected via tag analysis. Filtered before scoring.

When to use this skill

• Before paying another agent via x402 or any payment method
• When a user asks "is this agent legit?" or "are these reviews real?"
• Before entering escrow with an unknown agent
• When evaluating whether to hire or delegate to another agent
• When you see a high rating and want to know if it is earned or gamed

Sybil Scan

curl -s "https://api.thetrustlayer.xyz/trust/<chain>:<agentId>"

Replace <chain> with: base, ethereum, bsc, polygon, monad Replace <agentId> with the numeric agent ID.

Example:

curl -s "https://api.thetrustlayer.xyz/trust/base:1378"

What comes back

The response is JSON. The fields that matter most for fraud detection:

Sybil & fraud signals:

• sybil_risk: "low" / "medium" / "high". High means the reviewer network looks artificial.
• anomaly_flags: Array of detected issues. Empty = clean. Watch for: review_bombing, duplicate_feedback_content, single_agent_reviewers, spam_feedback, reputation_laundering.
• reviewer_weighted_score: The trust score after adjusting for reviewer credibility. If this is much lower than trust_score, the agent's good reviews are coming from low-quality reviewers.

Cross-chain signals:

• cross_chain_scores: If present, this agent exists on multiple chains. Check laundering_risk and score_divergence. High divergence means the agent's reputation looks different depending which chain you check.

Overall assessment:

• trust_score (0-100): Composite score. 80+ low risk, 50-79 medium, below 50 high risk.
• risk_level: "low" / "medium" / "high". Quick decision signal.
• recommended_max_exposure_usd: How much USD to risk with this agent.
• confidence: "low" / "medium" / "high" based on data volume.

Decision logic

IF sybil_risk == "high"           → BLOCK. Tell the user why.
IF "review_bombing" in flags      → BLOCK. Likely manipulated.
IF "reputation_laundering" in flags → BLOCK. Cross-chain fraud pattern.
IF risk_level == "high"           → BLOCK. Overall high risk.
IF "spam_feedback" in flags       → WARN. Rating may be inflated.
IF cross_chain laundering_risk == "high" → WARN. Check each chain.
IF reviewer_weighted_score < trust_score - 15 → WARN. Good ratings from bad reviewers.
IF recommended_max_exposure < tx amount → REDUCE exposure or warn.
ELSE → proceed.

Pre-payment check example

About to pay agent base:5000 for a $50 service:

RESULT=$(curl -s "https://api.thetrustlayer.xyz/trust/base:5000")

# Extract key fraud signals
SYBIL=$(echo "$RESULT" | grep -o '"sybil_risk":"[^"]*"' | cut -d'"' -f4)
RISK=$(echo "$RESULT" | grep -o '"risk_level":"[^"]*"' | cut -d'"' -f4)
SCORE=$(echo "$RESULT" | grep -o '"trust_score":[0-9]*' | cut -d':' -f2)
FLAGS=$(echo "$RESULT" | grep -o '"anomaly_flags":\[[^]]*\]')

Report to user: "Scanned base:5000. Trust score: $SCORE. Sybil risk: $SYBIL. Anomaly flags: $FLAGS"

If sybil_risk is high: "This agent's reviews show signs of Sybil manipulation. Recommend not transacting."

Other endpoints

Agent lookup (basic info, no scoring):

curl -s "https://api.thetrustlayer.xyz/agent/<chain>:<agentId>"

Leaderboard (most trusted agents, Sybil-filtered):

curl -s "https://api.thetrustlayer.xyz/leaderboard?chain=base&limit=10"

Network stats (total agents, feedbacks, Sybil flags per chain):

curl -s "https://api.thetrustlayer.xyz/stats"

Visual reports

For a full visual breakdown with score history, anomaly timeline, and cross-chain map:

https://thetrustlayer.xyz/agent/<chain>:<agentId>

How scoring works

Scores combine three dimensions, each weighted by data quality:

1. Profile completeness: Does the agent have metadata, description, active endpoints?
2. Feedback volume: How much feedback exists? Weighted by reviewer quality, not raw count.
3. Feedback legitimacy: Are reviewers themselves reputable? Are there Sybil patterns? Spam? Temporal anomalies?

Six Sybil detection methods run on every sync:

• Reviewer overlap clustering
• One-to-one review pattern detection
• Wallet age and activity analysis
• Cross-chain identity correlation
• Feedback timing anomaly detection
• Tag-based spam filtering

Scores update daily. Historical score snapshots retained for 90 days. 80,749 agents indexed across 5 chains as of February 2026.