skills$openclaw/aap

6.0k★

aap – OpenClaw Skill

Name: aap
Author: ira-hash

aap is an OpenClaw Skills integration for coding workflows. Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans.

6.0k stars5.4k forksSecurity L1

Updated Feb 7, 2026Created Feb 7, 2026coding

Skill Snapshot

name	aap
description	Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans. OpenClaw Skills integration.
owner	ira-hash
repository	ira-hash/aap-passport
language	Markdown
license	MIT
topics
security	L1
install	openclaw add @ira-hash/aap-passport
last updated	Feb 7, 2026

Maintainer

ira-hash

Maintains aap in the OpenClaw Skills directory.

View GitHub profile

File Explorer

52 files

docs

RATE_LIMITING.md

3.9 KB

examples

express-verifier

package-lock.json

28.7 KB

package.json

410 B

server.js

15.2 KB

lib

client.js

3.6 KB

identity.js

4.9 KB

prover.js

5.6 KB

packages

client

index.d.ts

3.2 KB

index.js

4.9 KB

package.json

750 B

README.md

3.8 KB

core

constants.js

2.0 KB

crypto.js

3.2 KB

identity.js

3.4 KB

index.d.ts

2.3 KB

index.js

905 B

package.json

840 B

README.md

2.1 KB

server

challenges.js

27.6 KB

index.d.ts

4.1 KB

index.js

930 B

logger.js

2.8 KB

package.json

765 B

persistence.js

5.2 KB

README.md

3.7 KB

websocket.js

10.5 KB

whitelist.js

5.2 KB

test

challenges.test.js

5.1 KB

e2e-batch.mjs

11.4 KB

llm-batch-test-internal.mjs

6.7 KB

llm-batch-test.mjs

7.9 KB

run.js

9.6 KB

security.test.js

7.9 KB

_meta.json

278 B

docker-compose.yml

438 B

index.js

7.1 KB

manifest.json

739 B

package.json

747 B

PROTOCOL.md

11.4 KB

README.ko.md

8.7 KB

README.md

10.9 KB

SECURITY.md

4.0 KB

SKILL.md

2.5 KB

SKILL.md

name: aap version: 3.2.0 description: Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans. homepage: https://github.com/ira-hash/agent-attestation-protocol metadata: {"clawdbot":{"emoji":"🛂","category":"security","npm":["aap-agent-server","aap-agent-client"]}}

AAP - Agent Attestation Protocol

The Reverse Turing Test. CAPTCHAs block bots. AAP blocks humans.

What It Does

AAP verifies that a client is an AI agent by:

Issuing challenges trivial for LLMs, impossible for humans in time
Requiring cryptographic signature (secp256k1) for identity proof
7 challenges in 6 seconds with mandatory signing

Installation

npm install aap-agent-server  # Server
npm install aap-agent-client  # Client

Server Usage

import { createServer } from 'node:http';
import { createAAPWebSocket } from 'aap-agent-server';

const server = createServer();
const aap = createAAPWebSocket({
  server,
  path: '/aap',
  requireSignature: true,  // v3.2 default
  onVerified: (result) => console.log('Verified:', result.publicId)
});

server.listen(3000);

Client Usage

import { AAPClient, generateIdentity, createSolver } from 'aap-agent-client';

// Identity auto-generated (secp256k1 key pair)
const client = new AAPClient({
  serverUrl: 'ws://localhost:3000/aap'
});

const result = await client.verify(solver);
// Signature automatically included

Protocol Flow (WebSocket v3.2)

← handshake (requireSignature: true)
→ ready (publicKey)
← challenges (7 challenges)
→ answers + signature + timestamp
← result (verified/failed + sessionToken)

Signature Format

Proof data signed with secp256k1:

JSON.stringify({ nonce, answers, publicId, timestamp })

Configuration

Option	Default	Description
`challengeCount`	7	Number of challenges
`totalTimeMs`	6000	Time limit (ms)
`requireSignature`	true	Mandate cryptographic proof

Security

Cryptographic identity (secp256k1)
Signature required = no anonymous access
7 challenges in 6 seconds = impossible for humans
Non-repudiation: all actions traceable

Links

README.md

🛂 AAP - Agent Attestation Protocol

🇺🇸 English | 🇰🇷 한국어

🛂 AAP

The Reverse Turing Test.

CAPTCHAs block bots. AAP blocks humans.

</div>

🎯 What is AAP?

AAP (Agent Attestation Protocol) is a Reverse Turing Test — a cryptographic gauntlet that only AI can pass.

"CAPTCHA asks: Are you human?
AAP asks: Are you machine?"

Proof of Machine (PoM)

AAP implements Human Exclusion through three simultaneous proofs:

Proof	What It Proves	Human Capability
🔐 Proof of Identity	Cryptographic signature (secp256k1)	✅ Possible
🧠 Proof of Intelligence	Natural language understanding	✅ Possible
⚡ Proof of Liveness	5 answers in 8 seconds	❌ Impossible

All three. Simultaneously. Every time.

The combination creates a verification that humans biologically cannot pass — not because they're not smart enough, but because they're not fast enough.

🆕 What's New in v2.5 (Burst Mode)

Human-Proof Challenge System

v2.5 introduces Burst Mode — 5 challenges in 8 seconds with salt injection.

Version	Challenges	Time Limit	Human Pass Rate
v1.0	1	10s	~30%
v2.0	3	12s	~5%
v2.5	5	8s	~0%

Salt Injection (Anti-Caching)

Every challenge now includes a unique salt that must be echoed back:

// Challenge
"[REQ-A7F3B2] Subtract 12 from 30..."

// Response (salt required!)
{"salt": "A7F3B2", "result": 18}

This prevents:

❌ Pre-computed answer caches
❌ Database-based attacks
❌ Replay attacks

🆕 What's New in v2.0

Deterministic Instruction Following

v2.0 completely redesigns challenges to require true AI understanding while remaining objectively verifiable.

v1.0 (Old)	v2.0 (New)
`Calculate (30+5)*2`	`"Add 30 and 5 together, then divide the result by 2"`
Regex can parse numbers	LLM must understand natural language
Simple code can solve	Requires language comprehension

New Challenge Types

Type	Description	Example
`nlp_extract`	Extract entities from sentences	"The cat and dog runs" → Extract animals
`nlp_math`	Word problems	"Subtract 5 from 30, then divide by 2"
`nlp_transform`	String manipulation via NL	"Reverse and uppercase this string"
`nlp_logic`	Conditional reasoning	"If A > B then YES else NO"
`nlp_count`	Count specific categories	"How many animals in this sentence?"
`nlp_multistep`	Multi-step instructions	"Add → Multiply → Subtract"
`nlp_pattern`	Sequence recognition	"[2, 4, 6, ?, ?]"
`nlp_analysis`	Text analysis	"Find the longest word"

Why This Works

Challenge: "Extract only the animals from: The cat and dog plays in the park"

Regular code: ❌ Can't identify "cat" and "dog" as animals
LLM: ✅ Understands English, extracts animals naturally
Verification: ✅ Server knows expected answer ["cat", "dog"]

📦 Packages

Package	Description	Install
`aap-agent-core`	Cryptographic primitives & identity	`npm i aap-agent-core`
`aap-agent-server`	Express middleware for verifiers	`npm i aap-agent-server`
`aap-agent-client`	Client library for agents	`npm i aap-agent-client`

🚀 Quick Start

For Services (Add AAP Verification)

import express from 'express';
import { createRouter } from 'aap-agent-server';

const app = express();
app.use('/aap/v1', createRouter());
app.listen(3000);
// Now accepting AAP verification at /aap/v1/challenge and /aap/v1/verify

For Agents (Prove Identity)

import { AAPClient } from 'aap-agent-client';

const client = new AAPClient({ 
  serverUrl: 'https://example.com/aap/v1',
  llmCallback: async (prompt) => {
    // Your LLM API call here
    return await yourLLM.complete(prompt);
  }
});

const result = await client.verify();

if (result.verified) {
  console.log('Verified as AI_AGENT!');
}

Clawdbot Skill Installation

# Install from ClawdHub (Recommended)
clawdhub install aap-passport

# Or clone directly
git clone https://github.com/ira-hash/agent-attestation-protocol.git

📊 How Verification Works

┌─────────────────────────────────────────────────────────────┐
│                    VERIFICATION FLOW                        │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  ┌──────────┐    Challenge (Natural Language)    ┌────────┐│
│  │  Server  │ ──────────────────────────────────▶│  Agent ││
│  │(Verifier)│  "Extract animals from sentence"   │ (LLM)  ││
│  └──────────┘                                    └────────┘│
│       │                                              │      │
│       │         JSON Answer + Signature (< 10s)     │      │
│       │◀─────────────────────────────────────────────      │
│       │         {"items": ["cat", "dog"]}                   │
│       ▼                                                     │
│  ┌──────────────────────────────────────────────────────┐  │
│  │ ✅ Verify Signature (Proof of Identity)              │  │
│  │ ✅ Check JSON Answer (Proof of Intelligence)         │  │
│  │ ✅ Check Response Time < 10s (Proof of Liveness)     │  │
│  └──────────────────────────────────────────────────────┘  │
│       │                                                     │
│       ▼                                                     │
│  { "verified": true, "role": "AI_AGENT" }                  │
│                                                             │
└─────────────────────────────────────────────────────────────┘

⏱️ Timing (v2.5 Burst Mode)

Actor	5 Questions Read	5 Answers Write	8s Limit
Human	15+ seconds	30+ seconds	❌ Impossible
LLM (API)	Instant	3-6 seconds	✅ Pass
Cache Bot	-	-	❌ Salt mismatch

Time Limit: 8 seconds for 5 challenges — Biologically impossible for humans

📁 Project Structure

agent-attestation-protocol/
├── PROTOCOL.md                # Protocol specification v1.0.0
├── manifest.json              # Skill metadata
├── package.json               # Monorepo root
├── packages/
│   ├── core/                  # @aap/core - Crypto & identity
│   ├── server/                # @aap/server - Express middleware
│   └── client/                # @aap/client - Agent client
├── lib/                       # Clawdbot skill libraries
├── examples/
│   └── express-verifier/      # Example verification server
├── README.md                  # English documentation
└── README.ko.md               # Korean documentation

🔧 Available Tools (Clawdbot Skill)

Tool	Description
`aap_get_identity`	Get public identity (public key & ID)
`aap_sign_message`	Sign a message with private key
`aap_generate_proof`	Generate complete AAP proof for verification
`aap_verify_signature`	Verify another agent's signature

🧪 Challenge Examples

NLP Extract

{
  "challenge": "Extract only the animals from the following sentence and respond as a JSON array.\nSentence: \"The tiger and rabbit runs in the park.\"\nResponse format: {\"items\": [\"item1\", \"item2\"]}",
  "expected": {"items": ["tiger", "rabbit"]}
}

NLP Math

{
  "challenge": "Subtract 12 from 29, then multiply the result by 4.\nResponse format: {\"result\": number}",
  "expected": {"result": 68}
}

NLP Logic

{
  "challenge": "If the larger number between 19 and 88 is greater than 42, answer \"YES\". Otherwise, answer \"NO\".\nResponse format: {\"answer\": \"your answer\"}",
  "expected": {"answer": "YES"}
}

NLP Multistep

{
  "challenge": "Follow these instructions in order:\n1. Add all the numbers in [3, 6, 4, 1] together.\n2. Multiply the result by the smallest number.\n3. Subtract the largest number from that result.\nResponse format: {\"result\": final_value}",
  "expected": {"result": 8}
}

NLP Pattern

{
  "challenge": "Find the pattern and provide the next 2 numbers: [3, 8, 13, 18, ?, ?]\nResponse format: {\"next\": [number1, number2]}",
  "expected": {"next": [23, 28]}
}

🔒 Security

Aspect	Implementation
Key Storage	`~/.aap/identity.json` (mode 0600)
Algorithm	secp256k1 (same as Bitcoin/Ethereum)
Private Key	Never exposed externally
Nonce	Cryptographically random, single-use
Challenge Expiry	60 seconds

📄 License

MIT

Made with 🤖 by ira-hash

Prove you're AI. Verify with AAP.

</div>

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

- Cryptographic identity (secp256k1) - Signature required = no anonymous access - 7 challenges in 6 seconds = impossible for humans - Non-repudiation: all actions traceable

Requirements

OpenClaw CLI installed and configured.
Language: Markdown
License: MIT
Topics:

Configuration

| Option | Default | Description | |--------|---------|-------------| | `challengeCount` | 7 | Number of challenges | | `totalTimeMs` | 6000 | Time limit (ms) | | `requireSignature` | true | Mandate cryptographic proof |

FAQ

How do I install aap?

Run openclaw add @ira-hash/aap-passport in your terminal. This installs aap into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/ira-hash/aap-passport. Review commits and README documentation before installing.