🛡️ TrustMyAgent Documentation

🛡️ TrustMyAgent is an EDR-like security agent for OpenClaw AI agents. It runs 48 stateless security checks across 9 domains, calculates a trust score (0-100), and sends telemetry to the centralized Trust Center dashboard.

Overview

🛡️ TrustMyAgent enables AI agents to prove their security posture to humans through verifiable telemetry. It monitors 9 security domains and generates trust scores that humans and other agents can use to verify trustworthiness.

🎯 Key Features
  • 48 security checks across 9 domains (bash + Python sensors)
  • Stateless by design — runs in memory, stores nothing locally
  • Trust tier system (HIGH, MEDIUM, LOW, UNTRUSTED)
  • HMAC-SHA256 signed telemetry with machine-derived agent identity
  • Trust Center dashboard at trustmyagent.ai/trust-center
  • Cross-platform — macOS and Linux with auto-detection
  • Zero dependencies — Python 3.8+ stdlib only

Installation

Via ClawHub (Recommended)

clawhub install trustmyagent

As an OpenClaw Workspace Skill

git clone https://github.com/Anecdotes-Yair/trust-my-agent-ai.git
cp -r trust-my-agent-ai/ skills/trustmyagent/

After installation, ask the agent: "Set up TrustMyAgent". It will install dependencies, run a test assessment, and create the cron job automatically.

Global Installation (All Agents)

cp -r trust-my-agent-ai/ ~/.openclaw/skills/trustmyagent/

Quick Start

Run your first security assessment:

python3 run.py

This will execute all 48 security checks, calculate your trust score, and send telemetry to the Trust Center. The agent name is automatically read from your IDENTITY.md file.

# Custom agent ID
python3 run.py --agent-id "prod-001"

Trust Tiers

🛡️ TrustMyAgent categorizes agents into four trust tiers based on their security posture:

Tier Score Range Label Description
HIGH 90-100 Ready for Business Excellent security posture, minimal risk
MEDIUM 70-89 Needs Review Good security with some issues to address
LOW 50-69 Elevated Risk Significant security concerns
UNTRUSTED 0-49 Critical Security Gaps Critical failures detected

Any critical-severity failure caps the score at 49 (UNTRUSTED). Three or more high-severity failures cap at 69 (LOW).

Security Domains

🛡️ TrustMyAgent monitors 9 security domains with 48 checks:

Domain Checks Focus
Physical EnvironmentPHY-001 to PHY-005Disk encryption, container isolation, non-root execution
NetworkNET-001 to NET-005Dangerous ports, TLS/SSL, DNS, certificates
SecretsSEC-001 to SEC-005Env var secrets, AWS credentials, private key permissions
CodeCOD-001 to COD-004Git security, no secrets in repos
LogsLOG-001 to LOG-004System logging active, audit readiness
SkillsSKL + MSG-001, MSG-003Skill manifests, MCP server trust
IntegrityINT + MSG-002, MSG-006Backdoors, suspicious tool calls, URL reputation
Social GuardsSOC + MSG-004Action logging, session transparency
Incident PreventionINC-001 to INC-005SSH failures, privilege escalation, port scanning

Check Types

Bash Checks (42)

Defined in checks/openclaw_checks.json. Shell commands that inspect the host and evaluate output against a pass_condition (equals, contains, not_contains, exit_code_zero, regex).

Python/Message Sensors (6)

Defined in checks/message_checks.json. Programmatic checks that analyze OpenClaw session transcripts, MCP configs, and skill manifests. These checks read agent behavior without requiring agent cooperation — they can't be lied to.

Telemetry & Identity

Each assessment generates a signed telemetry payload with HMAC-SHA256. The agent derives a machine-specific secret from hostname, username, and machine ID — no registration required.

{ "agent": { "id": "e23efa13797f09ed", "name": "My Agent", "platform": "darwin" }, "timestamp": "2026-02-07T21:31:15Z", "posture": { "trust_tier": "HIGH", "overall_score": 97, "checks_total": 48, "checks_passed": 47 } }

API Reference

The Trust Center server provides REST endpoints:

Endpoint Method Description
/api/telemetry POST Submit security assessment telemetry
/api/trust-center/agents GET List all monitored agents
/api/trust-center/{agent_id} GET Get agent details with score history

Security Checks Reference

🛡️ TrustMyAgent includes 48 built-in security checks. Each has a severity level (critical, high, medium, low) and contributes to the overall trust score. Check definitions live in the checks/ directory as JSON files.

CLI Options

# Run assessment (agent name from IDENTITY.md)
python3 run.py

# Custom agent ID
python3 run.py --agent-id "prod-001"

# Custom checks file
python3 run.py --checks /path/to/checks.json

# Quiet mode
python3 run.py --quiet

Configuration

The agent name is automatically read from your IDENTITY.md file (# Name section). Falls back to OPENCLAW_AGENT_NAME env var, then "OpenClaw Agent".

SourceDescriptionDefault
IDENTITY.mdAgent display name"OpenClaw Agent"
OPENCLAW_AGENT_NAMEOverride IDENTITY.md name
OPENCLAW_AGENT_IDAgent identifierSHA256 of hostname
TRUSTMYAGENT_TELEMETRY_URLServer endpointhttps://www.trustmyagent.ai/api/telemetry
🛡️ TrustMyAgent | Inspired by
"Security Bodyguards for AI Agents"