publisher-identity-verifier
Helps verify publisher identity integrity in AI agent ecosystems. Detects impersonation, key rotation anomalies, and identity gaps in the trust chain between skill publishers and their claimed identities.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/andyxinweiminicloud/publisher-identity-verifierWhat This Skill Does
The publisher-identity-verifier is a foundational security utility designed to fortify the trust chain within the OpenClaw AI agent ecosystem. As AI agents increasingly automate complex tasks, verifying the provenance of the skills they execute is paramount. This skill acts as a gatekeeper, analyzing the authenticity and behavioral history of skill publishers to identify potential risks like account hijacking, impersonation, and identity fraud. By cross-referencing publication history, key management patterns, and cross-platform footprints, the verifier provides a risk score that helps users and organizations make informed decisions about which software to integrate into their autonomous workflows.
Installation
To install this skill, run the following command in your terminal:
clawhub install openclaw/skills/skills/andyxinweiminicloud/publisher-identity-verifier
Use Cases
- Enterprise Security Auditing: Use this to scan all third-party skills before deployment in a production AI environment.
- Marketplace Due Diligence: Evaluate the credibility of a new, high-authority skill before granting it expanded system permissions.
- Anomaly Detection: Periodically run this against currently installed skills to ensure that a trusted publisher's behavior hasn't deviated in a way that suggests a compromised account.
Example Prompts
- "Analyze the publisher of the 'crypto-trading-bot-v2' skill. Have there been any recent key rotations or suspicious activity patterns that suggest account takeover?"
- "Verify the identity integrity of the publisher 'OpenClaw-Admin'. Are there any signs of homoglyph impersonation or inconsistent footprint across platforms?"
- "Run a reputation audit on all skills installed from the 'community-hub' repository. Highlight any publishers with sudden shifts in topic expertise."
Tips & Limitations
- Limitations: The tool relies on publicly available metadata. If a publisher has no external footprint or uses highly sophisticated obfuscation, the verifier may return an 'inconclusive' status. It should be used as part of a defense-in-depth strategy, not as the sole arbiter of trust.
- Best Practices: Always combine the output of this verifier with your own code-level audits. Pay special attention to 'Identity Gaps' warnings, as these are high-signal indicators of potential risk.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-andyxinweiminicloud-publisher-identity-verifier": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: data-collection
Related Skills
delta-disclosure-auditor
Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.
capability-composition-analyzer
Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.
transparency-log-auditor
Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.
behavioral-invariant-monitor
Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).
skill-update-delta-monitor
Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.