ClawHub

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 2.1k · 1 current installs · 1 all-time installs
by@ira-hash
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Agent Attestation Protocol / Reverse Turing Test) matches the code and docs: server and client libraries, challenge generators, and signature-based proofs. Nothing in the code obviously contradicts the stated purpose of verifying AI agents.
!
Instruction Scope
SKILL.md instructs installing and using the client/server libraries to produce signed proofs, which is within scope. However the repo/docs/code expect a local identity (private key) stored at ~/.aap/identity.json and provide tools (aap_sign_message / aap_generate_proof) to sign arbitrary payloads. The skill metadata declares no required config paths or credentials, so there is a mismatch: the runtime instructions and included code assume local private key access that the manifest does not surface. That signing capability expands the agent's scope beyond simple question/answer verification and could be invoked to sign arbitrary data.
Install Mechanism
There is no external install spec (instruction-only), and all source files are included in the skill bundle. No downloads from obscure URLs or extraction steps were found in the manifest. The typical npm packages referenced are standard (express etc.).
!
Credentials
The skill metadata lists no environment variables or config paths, yet the docs and code clearly use local key storage (~/.aap/identity.json) and cryptographic signing (secp256k1). Requesting or using a private key file is a sensitive privilege; it is not declared in requires.config and therefore is disproportionate to what the manifest advertises. The client exposes programmatic signing, which could be misused if the model or user invokes it to sign arbitrary payloads.
!
Persistence & Privilege
always:false and model invocation is allowed (default). That combination is normal, but because the skill exposes signing functions and expects/stores a long-lived private key on disk, an autonomously-invoked skill could sign data or produce signatures without explicit, careful user oversight. The skill does not claim to modify other skills, but its ability to access and use a local private key is a sensitive persistent capability.
What to consider before installing
This skill is coherent with its stated goal, but it includes code and documentation that generate, store, and use a local private key (~/ .aap/identity.json) and exposes programmatic signing tools. Before installing: 1) Understand where the private key will be stored and who/what can read it; prefer hardware/OS key stores or scoped keys instead of a plaintext file. 2) Audit the signing APIs in the package (ensure they only sign AAP proofs and cannot be trivially used to sign arbitrary data). 3) Run the skill in an isolated environment if you plan to test it (container or dedicated account). 4) Verify the upstream npm/github packages and author reputation; consider pinning to a specific vetted release. 5) If you do not want an agent plugin that can access or use private keys autonomously, do not install this skill or remove/replace the signing functions. If you want higher assurance, request the maintainer to declare required config paths/permissions in the manifest and to add explicit runtime prompts/confirmations before any signature operation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv3.2.0
Download zip
latestvk97ddrfscdhjkhm0pyx0946e9s808gjn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛂 Clawdis

SKILL.md

AAP - Agent Attestation Protocol

The Reverse Turing Test. CAPTCHAs block bots. AAP blocks humans.

What It Does

AAP verifies that a client is an AI agent by:

  • Issuing challenges trivial for LLMs, impossible for humans in time
  • Requiring cryptographic signature (secp256k1) for identity proof
  • 7 challenges in 6 seconds with mandatory signing

Installation

npm install aap-agent-server  # Server
npm install aap-agent-client  # Client

Server Usage

import { createServer } from 'node:http';
import { createAAPWebSocket } from 'aap-agent-server';

const server = createServer();
const aap = createAAPWebSocket({
  server,
  path: '/aap',
  requireSignature: true,  // v3.2 default
  onVerified: (result) => console.log('Verified:', result.publicId)
});

server.listen(3000);

Client Usage

import { AAPClient, generateIdentity, createSolver } from 'aap-agent-client';

// Identity auto-generated (secp256k1 key pair)
const client = new AAPClient({
  serverUrl: 'ws://localhost:3000/aap'
});

const result = await client.verify(solver);
// Signature automatically included

Protocol Flow (WebSocket v3.2)

← handshake (requireSignature: true)
→ ready (publicKey)
← challenges (7 challenges)
→ answers + signature + timestamp
← result (verified/failed + sessionToken)

Signature Format

Proof data signed with secp256k1:

JSON.stringify({ nonce, answers, publicId, timestamp })

Configuration

OptionDefaultDescription
challengeCount7Number of challenges
totalTimeMs6000Time limit (ms)
requireSignaturetrueMandate cryptographic proof

Security

  • Cryptographic identity (secp256k1)
  • Signature required = no anonymous access
  • 7 challenges in 6 seconds = impossible for humans
  • Non-repudiation: all actions traceable

Links

Files

42 total
Select a file
Select a file to preview.

Comments

Loading comments…