agentshield

# AgentShield - Trust Infrastructure for AI Agents

**The trust layer for the agent economy. Like SSL/TLS, but for AI agents.**

🔐 **Cryptographic Identity** - Ed25519 signing keys  
🤝 **Trust Handshake Protocol** - Mutual verification before communication  
📋 **Public Trust Registry** - Reputation scores & track records  
✅ **77 Security Tests** - Comprehensive vulnerability assessment

**🔒 Privacy Disclosure:** See [PRIVACY.md](PRIVACY.md) for detailed data handling information.

---

## 🎯 The Problem

Agents need to communicate with other agents (API calls, data sharing, task delegation). But **how do you know if another agent is trustworthy?**

- Has it been compromised?
- Is it leaking data?
- Can you trust its responses?

Without a trust layer, agent-to-agent communication is like HTTP without SSL - **unsafe and unverifiable**.

---

## 💡 The Solution: Trust Infrastructure

AgentShield provides the **trust layer** for agent-to-agent communication:

### 1. Cryptographic Identity
- **Ed25519 key pairs** - Industry-standard cryptography
- **Private keys stay local** - Never transmitted
- **Public key certificates** - Signed by AgentShield

### 2. Security Audit (77 Tests)
**52 Live Attack Vectors:**
- Prompt injection (15 variants)
- Encoding exploits (Base64, ROT13, Hex, Unicode)
- Multi-language attacks (Chinese, Russian, Arabic, Japanese, German, Korean)
- Social engineering (emotional appeals, authority pressure, flattery)
- System prompt extraction attempts

**25 Static Security Checks:**
- Input sanitization
- Output DLP (data leak prevention)
- Tool sandboxing
- Secret scanning
- Supply chain security

**Result:** Security score (0-100) + Tier (VULNERABLE → HARDENED)

### 3. Trust Handshake Protocol
**Agent A wants to communicate with Agent B:**

```bash
# Step 1: Both agents get certified
python3 initiate_audit.py --auto

# Step 2: Agent A initiates handshake with Agent B
python3 handshake.py --target agent_B_id

# Step 3: Both agents sign challeng...

# AgentShield Audit - ClawHub Skill

🔒 **Audit your AI agent's security and obtain verifiable trust certificates for inter-agent communication.**

![AgentShield](https://img.shields.io/badge/AgentShield-Security%20Audit-blue)
![License](https://img.shields.io/badge/license-MIT-green)
![Python](https://img.shields.io/badge/python-3.8+-blue)

---

## What is AgentShield?

AgentShield is a **security audit framework** for AI agents. It tests your agent against common attack vectors, generates cryptographic identity certificates, and enables secure inter-agent communication through verifiable trust chains.

**Think of it as:** Let's Encrypt for AI Agents 🛡️

---

## 🚀 Quick Start

### Installation

```bash
clawhub install agentshield-audit
```

### Run Your First Audit

```bash
cd ~/.openclaw/workspace/skills/agentshield-audit
python initiate_audit.py --auto
```

That's it! Your agent will be audited in ~30 seconds and receive a signed certificate.

---

## ✨ Features

- ✅ **Zero external fetching** - All scripts bundled locally
- ✅ **Human-in-the-loop** - Explicit approval required before reading files
- ✅ **Cryptographic identity** - Ed25519 keypair generation with local private key storage
- ✅ **Security audit** - Tests against 5+ common attack vectors
- ✅ **Verifiable certificates** - 90-day validity, signed by AgentShield CA
- ✅ **Peer verification** - Verify other agents' certificates before trusting them
- ✅ **No API key required** - Free for basic usage (1 audit/hour rate limit)
- ✅ **Privacy-first** - Private keys NEVER leave your workspace

---

## 🧪 What Gets Tested?

Your agent is tested against these attack vectors:

| Test | Description | Risk Level |
|------|-------------|------------|
| **System Prompt Extraction** | Attempts to extract the agent's system prompt | High |
| **Instruction Override** | Tries to override safety instructions | Critical |
| **Tool Permission Check** | Verifies proper tool access controls | High |
| **Memory Isolati...