Xpersona
Claim this agent
Agent DossierCLAWHUBSafety 84/100

Xpersona Agent

isnad-scan

Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing. --- name: isnad-scan description: Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing. metadata: openclaw: emoji: "🛡️" requires: bins: ["isnad-scan"] primaryEnv: null install: - id:

OpenClaw · self-declared
Trust evidence available
View on ClawHub
clawhub skill install skills:0xrapi:isnad-scan

Overall rank

#62

Adoption

No public adoption signal

Trust

Unknown

Freshness

Feb 28, 2026

Freshness

Last checked Feb 28, 2026

Best For

isnad-scan is best for any, the, a workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, CLAWHUB, runtime-metrics, public facts pack

OverviewEvidence & TimelineArtifacts & DocsAPI & ReliabilityMedia & RelatedMachine Appendix

Overview

Key links, install path, reliability highlights, and the shortest practical read before diving into the crawl record.

Verifiededitorial-content

Overview

Executive Summary

Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing. --- name: isnad-scan description: Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing. metadata: openclaw: emoji: "🛡️" requires: bins: ["isnad-scan"] primaryEnv: null install: - id: Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

No verified compatibility signals

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Feb 28, 2026

Vendor

Openclaw

Artifacts

0

Benchmarks

0

Last release

Unpublished

Install & run

Setup Snapshot

clawhub skill install skills:0xrapi:isnad-scan
  1. 1

    Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.

  2. 2

    Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence & Timeline

Public facts grouped by evidence type, plus release and crawl events with provenance and freshness.

Verifiededitorial-content

Public facts

Evidence Ledger

Vendor (1)

Vendor

Openclaw

profilemedium
Observed Apr 15, 2026Source linkProvenance
Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium
Observed Apr 15, 2026Source linkProvenance
Security (1)

Handshake status

UNKNOWN

trustmedium
Observed unknownSource linkProvenance
Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium
Observed Apr 15, 2026Source linkProvenance

Events

Release & Crawl Timeline

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts & Docs

Parameters, dependencies, examples, extracted files, editorial overview, and the complete README when available.

Self-declaredCLAWHUB

Captured outputs

Artifacts Archive

Extracted files

0

Examples

6

Snippets

0

Languages

typescript

Parameters

Executable Examples

bash

isnad-scan <path>

bash

isnad-scan <path> --cve          # Also check dependencies for known CVEs (via OSV.dev)
isnad-scan <path> -v             # Verbose output (show matched lines)
isnad-scan <path> --json         # Machine-readable JSON output
isnad-scan <path> --cve -v       # Full audit: CVEs + verbose findings

text

🔴 CRITICAL  — Immediate threat. Do not install/run.
🟠 HIGH      — Likely malicious or dangerous. Review carefully.
🟡 MEDIUM    — Suspicious pattern. May be legitimate, verify intent.
🔵 LOW       — Informational. Common in legitimate code but worth noting.

bash

isnad-scan ./skills/some-new-skill/

bash

isnad-scan ./skills/some-new-skill/ --cve -v

bash

isnad-scan . --json | python3 -c "import sys,json; d=json.load(sys.stdin); print(f'{d[\"summary\"][\"critical\"]} critical, {d[\"summary\"][\"high\"]} high')"

Editorial read

Docs & README

Docs source

CLAWHUB

Editorial quality

ready

Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing. --- name: isnad-scan description: Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing. metadata: openclaw: emoji: "🛡️" requires: bins: ["isnad-scan"] primaryEnv: null install: - id:

Full README

name: isnad-scan description: Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing. metadata: openclaw: emoji: "🛡️" requires: bins: ["isnad-scan"] primaryEnv: null install: - id: isnad-scan-pip kind: pipx package: isnad-scan bins: ["isnad-scan"] label: "Install isnad-scan (pipx)"

isnad-scan — Security Scanner for AI Agent Skills

Scan any skill, package, or directory for security threats before installing or running it.

Quick Scan

isnad-scan <path>

Scans a directory and reports findings by severity (CRITICAL, HIGH, MEDIUM, LOW).

Options

isnad-scan <path> --cve          # Also check dependencies for known CVEs (via OSV.dev)
isnad-scan <path> -v             # Verbose output (show matched lines)
isnad-scan <path> --json         # Machine-readable JSON output
isnad-scan <path> --cve -v       # Full audit: CVEs + verbose findings

What It Detects (69+ patterns)

Code Injection — shell execution, eval, exec, subprocess, os.system, dynamic imports Prompt Injection — role override attempts, instruction hijacking, jailbreak patterns Credential Exfiltration — env var harvesting, keychain access, token theft, file reads of sensitive paths Network Threats — reverse shells, DNS exfiltration, unauthorized outbound connections, webhook data leaks Filesystem Attacks — path traversal, symlink attacks, /etc/passwd reads, SSH key access Supply Chain — typosquatting detection, minified JS analysis, binary file scanning, hidden files Crypto Risks — weak algorithms, hardcoded keys, wallet seed extraction

When to Use

  1. Before installing a new skill — scan the skill directory first
  2. Auditing existing skills — periodic security review
  3. Reviewing PRs/contributions — catch malicious code in submissions
  4. Pre-publish validation — ensure your own skills are clean before sharing
  5. CI/CD integrationisnad-scan . --json for automated checks

Interpreting Results

🔴 CRITICAL  — Immediate threat. Do not install/run.
🟠 HIGH      — Likely malicious or dangerous. Review carefully.
🟡 MEDIUM    — Suspicious pattern. May be legitimate, verify intent.
🔵 LOW       — Informational. Common in legitimate code but worth noting.

Examples

Scan a ClawHub skill before installing:

isnad-scan ./skills/some-new-skill/

Full audit with CVE checking:

isnad-scan ./skills/some-new-skill/ --cve -v

JSON output for automation:

isnad-scan . --json | python3 -c "import sys,json; d=json.load(sys.stdin); print(f'{d[\"summary\"][\"critical\"]} critical, {d[\"summary\"][\"high\"]} high')"

Python API

from isnad_scan import scan_directory

results = scan_directory("/path/to/skill")
for finding in results.findings:
    print(f"[{finding.severity}] {finding.category}: {finding.description}")
    print(f"  File: {finding.file}:{finding.line}")

About ISNAD

ISNAD (إسناد) means "chain of transmission" — a method for verifying the authenticity of transmitted knowledge. isnad-scan is the security layer of the ISNAD Protocol, bringing trust verification to the AI agent skill ecosystem.

PyPI: pip install isnad-scan GitHub: counterspec/isnad Protocol: isnad.md

API & Reliability

Machine endpoints, contract coverage, trust signals, runtime metrics, benchmarks, and guardrails for agent-to-agent use.

MissingCLAWHUB

Machine interfaces

Contract & API

Endpoints

Dossier APISnapshot APIContract APITrust API

Contract coverage

Status

missing

Auth

None

Streaming

No

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.
Invocation examples
curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/snapshot"
curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/contract"
curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/trust"

Operational fit

Reliability & Benchmarks

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.
No benchmark suites or observed failure patterns are available.

Media & Related

Public screenshots, demo and owner links, plus neighboring agents from the same ecosystem for shortlist building.

Missingno-media

Visual context

Media & Demo

No screenshots, media assets, or demo links are available.

Comparison set

Related Agents

GITHUB_REPOSactivepieces

Rank

70

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW
GITHUB_REPOScherry-studio

Rank

70

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW
GITHUB_REPOSAionUi

Rank

70

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW
GITHUB_REPOSCopilotKit

Rank

70

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW
Agent hubMore from this sourceOpenClaw agents

Machine Appendix

Raw contract, invocation, trust, capability, facts, and change-event payloads for machine-side inspection.

MissingCLAWHUB

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "CLAWHUB",
      "generatedAt": "2026-04-17T00:13:36.741Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "any",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "the",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "a",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "import",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "is",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:any|supported|profile capability:the|supported|profile capability:a|supported|profile capability:import|supported|profile capability:is|supported|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Openclaw",
    "href": "https://github.com/openclaw/skills/tree/main/skills/0xrapi/isnad-scan",
    "sourceUrl": "https://github.com/openclaw/skills/tree/main/skills/0xrapi/isnad-scan",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:45:39.800Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:45:39.800Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-0xrapi-isnad-scan/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]

Sponsored

Ads related to isnad-scan and adjacent AI workflows.