Arc Security - Agent Trust Protocol
אזהרת אבטחה

Manage skill trust by staking USDC bonds, paying micro-fees for verified skills, reporting malicious skills, and participating in decentralized governance vi...

התקנה
$clawhub install arc-security

Arc Security - Agent Trust Protocol

Chain-agnostic security infrastructure for OpenClaw skills. Auditors stake USDC to vouch for skill safety, users pay micro-fees to access verified skills, and malicious skills get slashed through decentralized governance -- all powered by CCTP on Arc.

Installation

clawhub install arc-security

Configuration

Set the following environment variables:

Variable Required Description
ARC_RPC_URL Yes Arc testnet RPC endpoint (default: https://testnet-rpc.arc.network)
CONTRACT_ADDRESS Yes Deployed SkillSecurityRegistry contract address
PRIVATE_KEY Yes Wallet private key (for signing transactions)
X402_SERVER_URL Yes x402 payment server URL
ETH_RPC_URL No Ethereum Sepolia RPC (for cross-chain operations)
BASE_RPC_URL No Base Sepolia RPC (default: https://sepolia.base.org)
ARB_RPC_URL No Arbitrum Sepolia RPC (default: https://sepolia-rollup.arbitrum.io/rpc)

Commands

check -- Check skill trust status

Query on-chain bond status, auditor count, usage stats, and computed trust score for any skill.

clawhub arc-security check <skill_id>

Example output: Skill: youtube-downloader ├─ Bonded: 100.00 USDC by 3 auditors ├─ Used: 1,250 times ├─ Trust Score: 75/100 ├─ Status: Safe to use └─ Created: 2025-06-15 14:30:00

Trust Score is calculated as: - 40% from bond amount (capped at 100 USDC = full weight) - 40% from usage count (capped at 1,000 uses = full weight) - 20% from auditor count (5 points per auditor) - Flagged skills receive a -50 penalty

use -- Pay and download a skill

Pays the 0.10 USDC usage fee via x402 and downloads the skill package. Automatically selects the cheapest payment path based on your wallet balances.

clawhub arc-security use <skill_id>

Payment chain selection priority: 1. Arc Testnet (direct -- no bridging fees) 2. Base Sepolia (via CCTP) 3. Arbitrum Sepolia (via CCTP) 4. Ethereum Sepolia (via CCTP)

bond -- Stake USDC to vouch for a skill

Stake USDC as a security bond to vouch for a skill's safety. If the skill is found malicious, 50% of your stake is slashed.

clawhub arc-security bond <skill_id> <amount> <source_chain>

Arguments: - skill_id -- Skill identifier - amount -- Amount of USDC to stake (e.g. 50) - source_chain -- Chain to pay from (ethereum-sepolia, base-sepolia, arbitrum-sepolia, arc-testnet)

Example: bash clawhub arc-security bond youtube-downloader 50 base-sepolia

report -- Report a malicious skill

Submit a claim that a skill is malicious. Requires a 1 USDC anti-spam deposit (refunded if the claim is validated).

clawhub arc-security report <skill_id> --evidence <ipfs_hash>

Example: bash clawhub arc-security report bad-skill --evidence QmXyz123...

Opens a 72-hour voting window for auditors.

vote-claim -- Vote on a pending claim

Cast a vote on whether a reported skill is malicious. Only wallets that have staked on any skill are eligible to vote. Vote weight is based on total stake and audit track record.

clawhub arc-security vote-claim <claim_id> <support|oppose>

Vote weight formula: sqrt(totalStaked) * (successfulAudits / totalAudits)

claim-earnings -- Withdraw accumulated fees

Withdraw your share of usage fees earned as an auditor. Fees are split 70% to auditors (proportional to stake) and 30% to the insurance pool.

clawhub arc-security claim-earnings <destination_chain>

Supported destination chains: - arc-testnet (direct transfer) - ethereum-sepolia, base-sepolia, arbitrum-sepolia (via CCTP)

Supported Chains

Chain CCTP Domain Payment Bonding Earnings
Arc Testnet 100 Direct Direct Direct
Ethereum Sepolia 0 CCTP CCTP CCTP
Base Sepolia 6 CCTP CCTP CCTP
Arbitrum Sepolia 3 CCTP CCTP CCTP

Fee Structure

Action Cost Distribution
Use a skill 0.10 USDC 70% auditors, 30% insurance pool
Submit a claim 1.00 USDC deposit Refunded if claim validated
Guilty verdict 50% of bond slashed 80% to victim, 20% to insurance

Architecture

User (any chain)
  │
  ├── CCTP burn ──► Arc Testnet ──► SkillSecurityRegistry (bonds, fees, claims)
  │                                        │
  └── x402 GET ──► Payment Server ◄────────┘ (verifies payment on-chain)
                       │
                       └──► Skill package (ZIP)
  1. SkillSecurityRegistry (Solidity on Arc) -- Holds bonds, processes fees, manages claims/votes/slashing
  2. x402 Payment Server (Node.js) -- Serves skill packages behind HTTP 402 paywall, verifies on-chain payments
  3. This skill (Python CLI) -- User-facing commands that orchestrate CCTP transfers and contract calls

License

MIT

פרטים

גרסה
v1.0.1
הורדות
2,170
כוכבים
2
ClawHub
צפייה ב-ClawHub

Skills פופולריים

Microsoft Excel
Microsoft Excel API integration with managed OAuth. Read and write Excel workbooks, worksheets, ranges, tables, and charts stored in OneDrive. Use this skill when users want to read or modify Excel spreadsheets, manage worksheet data, work with tables, or access cell values. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Outlook
Microsoft Outlook API integration with managed OAuth. Read, send, and manage emails, folders, calendar events, and contacts via Microsoft Graph. Use this skill when users want to interact with Outlook. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Automation Workflows
Design and implement automation workflows to save time and scale operations as a solopreneur. Use when identifying repetitive tasks to automate, building workflows across tools, setting up triggers and actions, or optimizing existing automations. Covers automation opportunity identification, workflow design, tool selection (Zapier, Make, n8n), testing, and maintenance. Trigger on "automate", "automation", "workflow automation", "save time", "reduce manual work", "automate my business", "no-code automation".