SkillHub ClubRun DevOpsFull StackBackendSecurity

trustlayer-sybil-scanner

Feedback forensics for ERC-8004 agents. Detects Sybil rings, fake reviews, rating manipulation, and reputation laundering across 5 chains. 80K+ agents scored. No API key needed.

Packaged view

This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.

Stars

3,081

Hot score

Updated

March 20, 2026

Overall rating

C0.0

Composite score

0.0

Best-practice grade

A88.0

Install command

npx @skill-hub/cli install openclaw-skills-trustlayer-sybil-scanner

reputationtrustsybilerc-8004x402securityagents

Repository

openclaw/skills

Skill path: skills/goatgaucho/trustlayer-sybil-scanner

Feedback forensics for ERC-8004 agents. Detects Sybil rings, fake reviews, rating manipulation, and reputation laundering across 5 chains. 80K+ agents scored. No API key needed.

Open repository

Best for

Primary workflow: Run DevOps.

Technical facets: Full Stack, Backend, Security.

Target audience: everyone.

License: Unknown.

Original source

Catalog source: SkillHub Club.

Repository owner: openclaw.

This is still a mirrored public skill entry. Review the repository before installing into production workflows.

What it helps with

Install trustlayer-sybil-scanner into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
Review https://github.com/openclaw/skills before adding trustlayer-sybil-scanner to shared team environments
Use trustlayer-sybil-scanner for development workflows

Works across

Claude CodeCodex CLIGemini CLIOpenCode

Favorites: 0.

Sub-skills: 0.

Aggregator: No.

Original source / Raw SKILL.md

---
name: trustlayer-sybil-scanner
description: Feedback forensics for ERC-8004 agents. Detects Sybil rings, fake reviews, rating manipulation, and reputation laundering across 5 chains. 80K+ agents scored. No API key needed.
version: 2.0.0
tags:
  - reputation
  - trust
  - sybil
  - erc-8004
  - x402
  - security
  - agents
metadata:
  openclaw:
    requires:
      bins:
        - curl
---

# TrustLayer Sybil Scanner — ERC-8004 Feedback Forensics

Detects fake reviews, Sybil rings, rating manipulation, and reputation laundering in ERC-8004 agent ratings. Covers 80,000+ agents across Base, Ethereum, BSC, Polygon, and Monad.

Most agent reputation systems show you the rating. This one tells you if the rating is real.

**API Base:** `https://api.thetrustlayer.xyz`
**No API key required** (beta). Free during beta, x402 micropayments coming.

## What this catches that others don't

- **Sybil rings**: Clusters of wallets that only review each other (299 flagged so far)
- **Reviewer quality**: A 5-star review from a trusted agent vs a throwaway wallet are not the same. Scores are weighted by reviewer reputation.
- **Cross-chain laundering**: Agent has great reviews on BSC but terrible ones on Base? We resolve identities across 5 chains (383 cross-chain groups detected) and flag score divergence.
- **Temporal anomalies**: Sudden bursts of positive reviews after a period of bad ones. Review bombing. Rating manipulation patterns over time.
- **Spam feedback**: 1,298+ spam feedbacks detected via tag analysis. Filtered before scoring.

## When to use this skill

- Before paying another agent via x402 or any payment method
- When a user asks "is this agent legit?" or "are these reviews real?"
- Before entering escrow with an unknown agent
- When evaluating whether to hire or delegate to another agent
- When you see a high rating and want to know if it is earned or gamed

## Sybil Scan

```bash
curl -s "https://api.thetrustlayer.xyz/trust/<chain>:<agentId>"
```

Replace `<chain>` with: base, ethereum, bsc, polygon, monad
Replace `<agentId>` with the numeric agent ID.

Example:
```bash
curl -s "https://api.thetrustlayer.xyz/trust/base:1378"
```

### What comes back

The response is JSON. The fields that matter most for fraud detection:

**Sybil & fraud signals:**
- `sybil_risk`: "low" / "medium" / "high". High means the reviewer network looks artificial.
- `anomaly_flags`: Array of detected issues. Empty = clean. Watch for: `review_bombing`, `duplicate_feedback_content`, `single_agent_reviewers`, `spam_feedback`, `reputation_laundering`.
- `reviewer_weighted_score`: The trust score after adjusting for reviewer credibility. If this is much lower than `trust_score`, the agent's good reviews are coming from low-quality reviewers.

**Cross-chain signals:**
- `cross_chain_scores`: If present, this agent exists on multiple chains. Check `laundering_risk` and `score_divergence`. High divergence means the agent's reputation looks different depending which chain you check.

**Overall assessment:**
- `trust_score` (0-100): Composite score. 80+ low risk, 50-79 medium, below 50 high risk.
- `risk_level`: "low" / "medium" / "high". Quick decision signal.
- `recommended_max_exposure_usd`: How much USD to risk with this agent.
- `confidence`: "low" / "medium" / "high" based on data volume.

### Decision logic

```
IF sybil_risk == "high"           → BLOCK. Tell the user why.
IF "review_bombing" in flags      → BLOCK. Likely manipulated.
IF "reputation_laundering" in flags → BLOCK. Cross-chain fraud pattern.
IF risk_level == "high"           → BLOCK. Overall high risk.
IF "spam_feedback" in flags       → WARN. Rating may be inflated.
IF cross_chain laundering_risk == "high" → WARN. Check each chain.
IF reviewer_weighted_score < trust_score - 15 → WARN. Good ratings from bad reviewers.
IF recommended_max_exposure < tx amount → REDUCE exposure or warn.
ELSE → proceed.
```

### Pre-payment check example

About to pay agent base:5000 for a $50 service:

```bash
RESULT=$(curl -s "https://api.thetrustlayer.xyz/trust/base:5000")

# Extract key fraud signals
SYBIL=$(echo "$RESULT" | grep -o '"sybil_risk":"[^"]*"' | cut -d'"' -f4)
RISK=$(echo "$RESULT" | grep -o '"risk_level":"[^"]*"' | cut -d'"' -f4)
SCORE=$(echo "$RESULT" | grep -o '"trust_score":[0-9]*' | cut -d':' -f2)
FLAGS=$(echo "$RESULT" | grep -o '"anomaly_flags":\[[^]]*\]')
```

Report to user:
"Scanned base:5000. Trust score: $SCORE. Sybil risk: $SYBIL. Anomaly flags: $FLAGS"

If sybil_risk is high: "This agent's reviews show signs of Sybil manipulation. Recommend not transacting."

## Other endpoints

Agent lookup (basic info, no scoring):
```bash
curl -s "https://api.thetrustlayer.xyz/agent/<chain>:<agentId>"
```

Leaderboard (most trusted agents, Sybil-filtered):
```bash
curl -s "https://api.thetrustlayer.xyz/leaderboard?chain=base&limit=10"
```

Network stats (total agents, feedbacks, Sybil flags per chain):
```bash
curl -s "https://api.thetrustlayer.xyz/stats"
```

## Visual reports

For a full visual breakdown with score history, anomaly timeline, and cross-chain map:
```
https://thetrustlayer.xyz/agent/<chain>:<agentId>
```

## How scoring works

Scores combine three dimensions, each weighted by data quality:

1. **Profile completeness**: Does the agent have metadata, description, active endpoints?
2. **Feedback volume**: How much feedback exists? Weighted by reviewer quality, not raw count.
3. **Feedback legitimacy**: Are reviewers themselves reputable? Are there Sybil patterns? Spam? Temporal anomalies?

Six Sybil detection methods run on every sync:
- Reviewer overlap clustering
- One-to-one review pattern detection
- Wallet age and activity analysis
- Cross-chain identity correlation
- Feedback timing anomaly detection
- Tag-based spam filtering

Scores update daily. Historical score snapshots retained for 90 days. 80,749 agents indexed across 5 chains as of February 2026.


---

## Skill Companion Files

> Additional files collected from the skill directory layout.

### README.md

```markdown
# TrustLayer Sybil Scanner

ERC-8004 feedback forensics skill for OpenClaw agents.

Most reputation systems show you the rating. This one tells you if the rating is real.

## What it does

Before your agent pays another agent, this skill checks:
- **Sybil risk**: Are the reviews from real agents or fake wallet clusters?
- **Reviewer quality**: Is a 5-star rating from trusted agents or throwaway accounts?
- **Cross-chain laundering**: Does the agent have different reputations on different chains?
- **Temporal anomalies**: Sudden review bursts, rating manipulation patterns
- **Spam filtering**: 1,298+ spam feedbacks detected and excluded from scoring

Covers 80,749 agents across Base, Ethereum, BSC, Polygon, and Monad.

## Install

Paste this repo URL into your OpenClaw chat:

```
https://github.com/goatgaucho/trustlayer-sybil-scanner
```

Or manually copy `SKILL.md` to your OpenClaw skills directory.

## Usage

Ask your agent:
- "Check if agent base:1378 is legit"
- "Scan base:5000 for Sybil risk before I pay them"
- "Are the reviews for ethereum:42 real?"
- "Show me the most trusted agents on Base"

## API

No API key needed (beta). All endpoints at `https://api.thetrustlayer.xyz`

| Endpoint | What it does |
|----------|-------------|
| `/trust/base:1378` | Full Sybil scan + trust score |
| `/agent/base:1378` | Basic agent info |
| `/leaderboard?chain=base` | Top agents (Sybil-filtered) |
| `/stats` | Network-wide statistics |

Visual reports: `https://thetrustlayer.xyz/agent/base:1378`

## Why this exists

ERC-8004 gives agents on-chain ratings. But a 4.5-star agent with reviews from a Sybil ring is not a 4.5-star agent. The spec authors anticipated "specialized reputation aggregators" would provide advanced scoring intelligence. That's what this is.

299 Sybil flags. 383 cross-chain identity groups. 6 detection methods. Daily updates.

## Links

- [API Docs](https://thetrustlayer.xyz/docs)
- [Explorer](https://thetrustlayer.xyz)
- [ERC-8004 Spec](https://eips.ethereum.org/EIPS/eip-8004)

Built by [@GoatGaucho](https://x.com/GoatGaucho)

```

### _meta.json

```json
{
  "owner": "goatgaucho",
  "slug": "trustlayer-sybil-scanner",
  "displayName": "TrustLayer Sybil Scanner",
  "latest": {
    "version": "2.0.0",
    "publishedAt": 1772157863549,
    "commit": "https://github.com/openclaw/skills/commit/c59829576ff7bd8a7720fb6ff63125bc14184624"
  },
  "history": []
}

```