0protocol
Agents can sign plugins, rotate credentials without losing identity, and publicly attest to behavior.
66
52%
Does it follow best practices?
Impact
98%
7.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/0isone/0protocol/SKILL.mdQuality
Discovery
17%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description touches on a niche domain (agent identity, plugin signing, credential rotation) but fails to provide clear trigger terms, explicit 'when to use' guidance, or enough concrete detail for Claude to reliably select this skill. It reads more like a feature bullet point than a skill description optimized for selection among many skills.
Suggestions
Add an explicit 'Use when...' clause specifying trigger scenarios, e.g., 'Use when the user asks about plugin signing, credential rotation for agents, or behavioral attestation.'
Include natural user-facing keywords such as 'agent identity', 'plugin security', 'credential management', 'key rotation', or 'trust attestation' to improve trigger term coverage.
Expand the 'what' portion with more concrete actions and outputs, e.g., 'Generates cryptographic signatures for agent plugins, rotates API keys and secrets while preserving agent identity, and creates publicly verifiable attestations of agent behavior.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names some specific actions ('sign plugins', 'rotate credentials', 'attest to behavior') but they remain somewhat abstract and don't fully clarify what concrete operations are performed or what inputs/outputs are involved. | 2 / 3 |
Completeness | The description only partially addresses 'what' and completely lacks a 'when' clause or any explicit trigger guidance. There is no 'Use when...' or equivalent, which per the rubric caps completeness at 2, and the 'what' is also weak enough to warrant a 1. | 1 / 3 |
Trigger Term Quality | The terms used ('sign plugins', 'rotate credentials', 'publicly attest to behavior') are technical jargon that users are unlikely to naturally say when requesting help. Common user-facing trigger terms like 'security', 'authentication', 'plugin management', or 'identity' are absent or only implied. | 1 / 3 |
Distinctiveness Conflict Risk | The combination of plugin signing, credential rotation, and behavioral attestation is somewhat distinctive, but the description is vague enough that it could overlap with general security, identity management, or plugin management skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-crafted skill that efficiently communicates a novel protocol with concrete, executable examples and good structural organization. Its main weakness is the lack of validation/verification steps in the workflow — there's no guidance on confirming expressions were recorded or transfers were received, which matters for cryptographic identity operations. The conciseness and actionability are exemplary.
Suggestions
Add verification steps after each tool call (e.g., how to confirm an expression was recorded, how to verify a transfer was received by the target agent)
Include a brief error handling note — what happens if express or transfer fails, and how to retry or diagnose
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. It avoids explaining what Ed25519 is, what MCP is, or how signing works conceptually. Every section earns its place — setup, tools table, examples, guarantees table, and 'what this is not' are all tightly written. | 3 / 3 |
Actionability | Provides fully concrete, copy-paste-ready commands for all three tools with realistic payloads. The setup section gives two complete JSON configurations and a test command. The canonical use case walks through signing, attesting, and transferring with specific examples. | 3 / 3 |
Workflow Clarity | The three-step canonical use case is clearly sequenced and logically ordered (sign → attest → transfer). However, there are no validation checkpoints — no guidance on verifying the expression was recorded, checking for errors, or confirming the transfer was received. For operations involving identity and cryptographic signing, some verification steps would be expected. | 2 / 3 |
Progressive Disclosure | The skill provides a concise overview with well-organized sections (setup, tools table, canonical use case, guarantees) and clearly signals one-level-deep external references for the spec, API reference, migration guide, and rationale document. Content is appropriately split between the skill and linked resources. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
72%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 8 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 8 / 11 Passed | |
- Repository
- openclaw/skills
- Commit
07a4057
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.