API Docs

Drop-in trust checks for agent workflows. Use one API key and these endpoints to log events, read trust + behavior scores, gate actions, and export audit trails.

Base URL https://clawtrustscores.com

What This Does

Before your app sends money, shares keys, or runs risky actions, this service tells you whether the other agent looks safe, risky, or needs review.

3 Steps

1. Get your API key

Use the signup form on the homepage. You will get a key like claw_xxx. Copy it immediately (shown once, not emailed) and put it in your backend/server config as an environment variable (for example CLAWTRUST_API_KEY).

CLAWTRUST_API_KEY=INSERT_YOUR_API_KEY_HERE

2. Ask for trust + behavior scores

Your backend sends the API call with header x-api-key. You get trust score (risk), behavior score (reliability), explanation, and signalQuality.

3. Make a decision

Use the score or preflight endpoint to allow, review, or block. Trigger this before risky actions (payment, key share, tool execution).

Exactly Where To Put The Key

# backend .env file
CLAWTRUST_API_KEY=INSERT_YOUR_API_KEY_HERE

# OpenClaw skill config
{
  "env": {
    "CLAWTRUST_API_KEY": "INSERT_YOUR_API_KEY_HERE"
  }
}

Put the key on your agent server/machine. Do not put it in frontend browser code.

Try It Now (No Coding)

Your API key

Agent ID to check

Result will appear here.

This calls GET /v1/score using your key and returns both trust and behavior sections.

Optional: Policy Controls

You can skip this on day one. Default policy works for most teams.

Your API key

Minimum signal quality (0-100)

Preset result will appear here.

These actions call /v1/policy/presets/* and /v1/policy. Guardrail means sensitive payment/security events must come from verified integrations.

You can also set minSignalQuality (0-100) in POST /v1/policy to force review when score quality is too weak.

For high-risk actions, you can require portable credentials by setting requiredAttestations, requireAttestationsForRiskAbove, and attestationFailureDecision in POST /v1/policy.

If you just want to launch fast, start with: /v1/events, /v1/score, /v1/integrations/clawcredit/preflight, and /v1/usage.

Where to add your key: in your app/backend env vars, bot server config, or workflow tool secrets (Zapier/Make/n8n). Do not paste API keys into public frontend code or chat messages.

1. Create keyCall POST /v1/users with your email.

2. Log + check both scoresUse /v1/events then /v1/score.

3. Gate actionsUse preflight to return allow/review/block.

Auth

Send header x-api-key: YOUR_KEY on all protected endpoints.

Most integrations can ignore admin endpoints.

Quick Example

curl "https://clawtrustscores.com/v1/score?agentId=agent:demo:vendor-1" \
  -H "x-api-key: YOUR_KEY"

Most Used Endpoints

POST

/v1/eventsLog trust events

GET

/v1/score?agentId=...&includeTrace=1Read trust score + behavior score + explanation (+ optional contribution trace)

POST

/v1/integrations/clawcredit/preflightReturn allow/review/block using trust + behavior + risk context

GET

/v1/usageCurrent month usage + limits

GET

/v1/audit/decisions?format=json|csvExport decision logs

GET

/v1/reports/weeklyWeekly summary: totals, shadow-mode would-block/review, top risk agents/reasons

POST

/v1/reports/weekly/emailSend weekly digest email (if configured)

GET

/v1/alertsList configured Telegram/Discord destinations

POST

/v1/alerts/telegramCreate Telegram destination alert

POST

/v1/alerts/discordCreate Discord destination alert

POST

/v1/reports/digest/sendSend digest now with cadence de-dupe (daily/weekly)

Advanced and account-management endpoints

GET

/v1/plansPublic plan limits

GET

/v1/integrations/templatesList supported connector templates (stripe, auth, marketplace, wallet, prediction_market, runtime)

GET

/v1/integrations/readiness?source=...Check connector setup readiness (secret + policy hardening)

POST

/v1/integrations/map-eventPreview mapping from provider event type to trust event type

GET

/v1/policyRead per-key trust policy

GET

/v1/policy/presetsList one-click policy presets (open, balanced, strict, wallet_guarded, money_movement_strict)

POST

/v1/policy/presets/strictApply preset policy to this API key

POST

/v1/policySet per-key trust policy (sources/confidence/signal-quality/overrides)

POST

/v1/attestationsIssue signed portable attestation for an agent (e.g., connector.stripe.verified)

GET

/v1/attestations?agentId=...&type=...List attestations by agent/type/status

POST

/v1/attestations/verifyVerify attestation token signature + active/revoked/expired status

POST

/v1/attestations/{id}/revokeRevoke attestation by ID

DELETE

/v1/policyReset trust policy back to defaults

POST

/v1/keys/rotateRotate current dynamic API key

POST

/v1/keys/revokeRevoke current dynamic API key

POST

/v1/integrations/ingest/secretRotate inbound ingest secret (signed webhooks)

POST

/v1/integrations/ingest/eventsIngest verified external events with HMAC signature

GET

/healthService health check

GET

/v1/admin/overviewInternal metrics overview (admin token)

Connector Quickstart (Stripe/Auth/Marketplace/Wallet/Prediction/Runtime)

Run readiness check: GET /v1/integrations/readiness?source=stripe|auth|marketplace|wallet|prediction_market|runtime.
Create your ingest secret with POST /v1/integrations/ingest/secret.
Preview event mappings with POST /v1/integrations/map-event before wiring webhooks.
Send signed events to POST /v1/integrations/ingest/events with source stripe, auth, marketplace, wallet, prediction_market, or runtime.

Your API key

Source

Readiness result will appear here.

# 1) Run readiness check first
curl "https://clawtrustscores.com/v1/integrations/readiness?source=stripe" \
  -H "x-api-key: YOUR_KEY"

# 2) Rotate/create ingest secret (store securely)
curl -X POST "https://clawtrustscores.com/v1/integrations/ingest/secret" \
  -H "x-api-key: YOUR_KEY"

# 3) Preview mapping before ingesting events
curl -X POST "https://clawtrustscores.com/v1/integrations/map-event" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -d '{"source":"stripe","providerEventType":"payment_intent.payment_failed"}'

# 4a) Stripe example payload
curl -X POST "https://clawtrustscores.com/v1/integrations/ingest/events" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -H "x-ingest-timestamp: 1739980000" \
  -H "x-ingest-signature: sha256=YOUR_HEX_SIGNATURE" \
  -d '{"source":"stripe","eventId":"evt_12345","agentId":"agent:vendor:acme","providerEventType":"payment_intent.payment_failed","amountUsd":49.99,"currency":"usd","chargeId":"ch_12345"}'

# 4b) Auth provider example payload
curl -X POST "https://clawtrustscores.com/v1/integrations/ingest/events" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -H "x-ingest-timestamp: 1739980000" \
  -H "x-ingest-signature: sha256=YOUR_HEX_SIGNATURE" \
  -d '{"source":"auth","eventId":"auth_evt_9001","agentId":"agent:vendor:acme","providerEventType":"impersonation.detected","ip":"203.0.113.8"}'

# 4c) Marketplace example payload
curl -X POST "https://clawtrustscores.com/v1/integrations/ingest/events" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -H "x-ingest-timestamp: 1739980000" \
  -H "x-ingest-signature: sha256=YOUR_HEX_SIGNATURE" \
  -d '{"source":"marketplace","eventId":"mk_evt_1002","agentId":"agent:vendor:acme","providerEventType":"task.abandoned","taskId":"task_1002"}'

# 4d) Wallet example payload
curl -X POST "https://clawtrustscores.com/v1/integrations/ingest/events" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -H "x-ingest-timestamp: 1739980000" \
  -H "x-ingest-signature: sha256=YOUR_HEX_SIGNATURE" \
  -d '{"source":"wallet","eventId":"wallet_evt_5001","agentId":"agent:vendor:acme","providerEventType":"wallet.tx.failed","txHash":"0xabc"}'

# 4e) Runtime example payload
curl -X POST "https://clawtrustscores.com/v1/integrations/ingest/events" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -H "x-ingest-timestamp: 1739980000" \
  -H "x-ingest-signature: sha256=YOUR_HEX_SIGNATURE" \
  -d '{"source":"runtime","eventId":"rt_evt_2001","agentId":"agent:vendor:acme","providerEventType":"sandbox.escape_detected","runId":"run_2001"}'

Template mapping and supported provider event types are available at GET /v1/integrations/templates. Use POST /v1/integrations/map-event to verify exact mapping behavior before sending live events.

Full Guides

# OpenClaw quick install
npx clawhub@latest install claw-trust-scores

# .env
CLAWTRUST_API_KEY=claw_xxx
CLAWTRUST_BASE_URL=https://clawtrustscores.com

After install, call get_score, preflight_payment, and log_event from your agent workflow.

5-Minute QuickstartOPEN Download Skill Bundle (.zip)OPEN OpenClaw Skill Source (GitHub)OPEN User GuideOPEN READMEOPEN Technical DocumentationOPEN Terms of ServiceOPEN Privacy PolicyOPEN