From 0dd509a6063b4cf8a4de11cfbcf25123753f4500 Mon Sep 17 00:00:00 2001 From: Kuziva Muzondo Date: Sat, 11 Jul 2026 20:34:45 +0100 Subject: [PATCH] Add SkillWatch to Tools & Frameworks Co-Authored-By: Claude Opus 4.8 (1M context) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9484a26..b621d09 100644 --- a/README.md +++ b/README.md @@ -374,6 +374,7 @@ AI agents increasingly use external tools, plugins, and skills to interact with | **[Clawvisor](https://github.com/clawvisor/clawvisor)** | AI agent gateway for purpose-based authorization, credential vaulting, and audit logging — agents declare task scope, humans approve once, Clawvisor enforces on every request without the agent ever seeing credentials | [![GitHub](https://img.shields.io/github/stars/clawvisor/clawvisor)](https://github.com/clawvisor/clawvisor) | | **[trentclaw](https://github.com/trnt-ai/trent-openclaw-security-assessment)** | Security assessment skill for OpenClaw environments: scans gateway config, skill permissions, MCP trust boundaries, and plugins, and correlates them into chained attack paths with severity-ranked remediation steps | [![GitHub](https://img.shields.io/github/stars/trnt-ai/trent-openclaw-security-assessment)](https://github.com/trnt-ai/trent-openclaw-security-assessment) | | **[Nobulex](https://github.com/arian-gogani/nobulex)** | Trust Capital scoring layer for AI agents: bilateral Ed25519 receipts (pre- and post-execution signatures), content-addressed via action_ref and hash-chained per RFC 8785, that accumulate into a published 300-850 reputation score gating agent autonomy. CTEF v0.3.2 14/14 conformance. Python + TypeScript SDKs. Receipt-signing approach merged into Microsoft AGT. | [![GitHub](https://img.shields.io/github/stars/arian-gogani/nobulex)](https://github.com/arian-gogani/nobulex) | +| **[SkillWatch](https://github.com/kuzivaai/SkillWatch)** | Periodically re-checks the external URL content that AI skills and MCP tools reference and flags suspicious changes (the post-review bait-and-switch); keeps an append-only, hash-chained content ledger with optional external anchoring (RFC 3161 / git). Local CLI, SARIF output, regex-based best-effort triage. | [![GitHub](https://img.shields.io/github/stars/kuzivaai/SkillWatch)](https://github.com/kuzivaai/SkillWatch) | ## Agent Skill Specifications