Arc Security - Agent Trust Protocol
Aviso de segurança

Manage skill trust by staking USDC bonds, paying micro-fees for verified skills, reporting malicious skills, and participating in decentralized governance vi...

Instalar
$clawhub install arc-security

Arc Security - Agent Trust Protocol

Chain-agnostic security infrastructure for OpenClaw skills. Auditors stake USDC to vouch for skill safety, users pay micro-fees to access verified skills, and malicious skills get slashed through decentralized governance -- all powered by CCTP on Arc.

Installation

clawhub install arc-security

Configuration

Set the following environment variables:

Variable Required Description
ARC_RPC_URL Yes Arc testnet RPC endpoint (default: https://testnet-rpc.arc.network)
CONTRACT_ADDRESS Yes Deployed SkillSecurityRegistry contract address
PRIVATE_KEY Yes Wallet private key (for signing transactions)
X402_SERVER_URL Yes x402 payment server URL
ETH_RPC_URL No Ethereum Sepolia RPC (for cross-chain operations)
BASE_RPC_URL No Base Sepolia RPC (default: https://sepolia.base.org)
ARB_RPC_URL No Arbitrum Sepolia RPC (default: https://sepolia-rollup.arbitrum.io/rpc)

Commands

check -- Check skill trust status

Query on-chain bond status, auditor count, usage stats, and computed trust score for any skill.

clawhub arc-security check <skill_id>

Example output: Skill: youtube-downloader ├─ Bonded: 100.00 USDC by 3 auditors ├─ Used: 1,250 times ├─ Trust Score: 75/100 ├─ Status: Safe to use └─ Created: 2025-06-15 14:30:00

Trust Score is calculated as: - 40% from bond amount (capped at 100 USDC = full weight) - 40% from usage count (capped at 1,000 uses = full weight) - 20% from auditor count (5 points per auditor) - Flagged skills receive a -50 penalty

use -- Pay and download a skill

Pays the 0.10 USDC usage fee via x402 and downloads the skill package. Automatically selects the cheapest payment path based on your wallet balances.

clawhub arc-security use <skill_id>

Payment chain selection priority: 1. Arc Testnet (direct -- no bridging fees) 2. Base Sepolia (via CCTP) 3. Arbitrum Sepolia (via CCTP) 4. Ethereum Sepolia (via CCTP)

bond -- Stake USDC to vouch for a skill

Stake USDC as a security bond to vouch for a skill's safety. If the skill is found malicious, 50% of your stake is slashed.

clawhub arc-security bond <skill_id> <amount> <source_chain>

Arguments: - skill_id -- Skill identifier - amount -- Amount of USDC to stake (e.g. 50) - source_chain -- Chain to pay from (ethereum-sepolia, base-sepolia, arbitrum-sepolia, arc-testnet)

Example: bash clawhub arc-security bond youtube-downloader 50 base-sepolia

report -- Report a malicious skill

Submit a claim that a skill is malicious. Requires a 1 USDC anti-spam deposit (refunded if the claim is validated).

clawhub arc-security report <skill_id> --evidence <ipfs_hash>

Example: bash clawhub arc-security report bad-skill --evidence QmXyz123...

Opens a 72-hour voting window for auditors.

vote-claim -- Vote on a pending claim

Cast a vote on whether a reported skill is malicious. Only wallets that have staked on any skill are eligible to vote. Vote weight is based on total stake and audit track record.

clawhub arc-security vote-claim <claim_id> <support|oppose>

Vote weight formula: sqrt(totalStaked) * (successfulAudits / totalAudits)

claim-earnings -- Withdraw accumulated fees

Withdraw your share of usage fees earned as an auditor. Fees are split 70% to auditors (proportional to stake) and 30% to the insurance pool.

clawhub arc-security claim-earnings <destination_chain>

Supported destination chains: - arc-testnet (direct transfer) - ethereum-sepolia, base-sepolia, arbitrum-sepolia (via CCTP)

Supported Chains

Chain CCTP Domain Payment Bonding Earnings
Arc Testnet 100 Direct Direct Direct
Ethereum Sepolia 0 CCTP CCTP CCTP
Base Sepolia 6 CCTP CCTP CCTP
Arbitrum Sepolia 3 CCTP CCTP CCTP

Fee Structure

Action Cost Distribution
Use a skill 0.10 USDC 70% auditors, 30% insurance pool
Submit a claim 1.00 USDC deposit Refunded if claim validated
Guilty verdict 50% of bond slashed 80% to victim, 20% to insurance

Architecture

User (any chain)
  │
  ├── CCTP burn ──► Arc Testnet ──► SkillSecurityRegistry (bonds, fees, claims)
  │                                        │
  └── x402 GET ──► Payment Server ◄────────┘ (verifies payment on-chain)
                       │
                       └──► Skill package (ZIP)
  1. SkillSecurityRegistry (Solidity on Arc) -- Holds bonds, processes fees, manages claims/votes/slashing
  2. x402 Payment Server (Node.js) -- Serves skill packages behind HTTP 402 paywall, verifies on-chain payments
  3. This skill (Python CLI) -- User-facing commands that orchestrate CCTP transfers and contract calls

License

MIT

Detalhes

Versão
v1.0.1
Downloads
2,170
Estrelas
2
ClawHub
Ver no ClawHub

Skills populares

Comprehensive skill for installing, configuring, and managing the OpenClaw ecosystem (Gateway, Channels, Models, Automation, Nodes, and Deployment)
OpenClaw CLI wrapper — gateway, channels, models, agents, nodes, browser, memory, security, automation.
AgentMail
API-first email platform designed for AI agents. Create and manage dedicated email inboxes, send and receive emails programmatically, and handle email-based workflows with webhooks and real-time events. Use when you need to set up agent email identity, send emails from agents, handle incoming email workflows, or replace traditional email providers like Gmail with agent-friendly infrastructure.
Performs web searches using DuckDuckGo to retrieve real-time information from the internet. Use when the user needs to search for current events, documentation, tutorials, or any information that requires web search capabilities.
Performs web searches using DuckDuckGo to retrieve real-time information from the internet. Use when the user needs to search for current events, documentation, tutorials, or any information that requires web search capabilities.