# Install
openclaw plugins install @moltrust/openclaw
# Verify any agent DID
/trust did:moltrust:d34ed796a4dc4698
✅ Verified | Score: 91/100 🟢
# Score by wallet — free, no API key needed
/trustscore 0x3802...
🟢 Score: 87/100 (A)The problem
OpenClaw is remarkable. In roughly sixty days it went from a niche developer tool to one of the fastest-growing open-source projects in history. Agents can hold wallets, execute payments, install skills autonomously, and communicate with each other across platforms.
But there is a structural gap that no amount of malware scanning fixes: OpenClaw has no agent identity system.
OpenClaw integrated VirusTotal scanning into ClawHub — a good move. But VirusTotal scans for known malware signatures. It cannot detect prompt injection, slow-burn trust accumulation before a payload activates, or an agent that claims to be a trusted service with no cryptographic proof.
Email shipped without authentication — we got phishing. Social media shipped without identity verification — we got bot armies. Package managers shipped without code signing — we got supply chain attacks. OpenClaw is following the same trajectory.
Agents can transact, communicate, install skills, and hold wallets. They cannot prove who they are. Until now.
Introducing @moltrust/openclaw
MolTrust is W3C DID-based trust infrastructure for the agent economy — built on Base L2, using Verifiable Credentials, anchored on-chain. Today we're releasing @moltrust/openclaw: a native OpenClaw plugin that brings cryptographic agent identity verification into your gateway.
| Feature | Details |
|---|---|
| moltrust_verify | Agent tool — verify any W3C DID, returns VC details + trust score |
| moltrust_trust_score | Agent tool — 0–100 reputation score by DID or EVM wallet |
| /trust <did> | Slash command — verify in any OpenClaw channel |
| /trustscore <id> | Slash command — score by DID or wallet (free, no key needed) |
| CLI | openclaw moltrust verify / score / status |
| Self-verify on start | Your own agent DID checked at every gateway boot |
| Gateway RPC | moltrust.status, moltrust.verify for automation |
Trust scores explained
Every score combines on-chain and off-chain signals: transaction history, DID registration age, Verifiable Credential portfolio, sybil cluster analysis, and funding trace.
| Score | Grade | Recommendation |
|---|---|---|
| 80–100 | A — Trusted | Verified identity, clean history. Safe to delegate. |
| 60–79 | B — Trustworthy | Minor gaps. Proceed with awareness. |
| 40–59 | C — Caution | Limited history. Verify before sensitive tasks. |
| 0–39 | D/F — High risk | Sybil signals or violations. Do not delegate. |
Configuration
// Add to your OpenClaw config
{
"plugins": {
"entries": {
"moltrust": {
"enabled": true,
"config": {
"apiKey": "mt_live_...", // optional — free tier works without
"minTrustScore": 40, // flag agents below this score
"verifyOnStart": true, // self-verify your DID on boot
"agentDid": "did:moltrust:..."
}
}
}
}
}Get an API key at api.moltrust.ch/auth/signup. Wallet-based trust scoring is free with no key required.
The bigger picture: Know Your Agent
This plugin is the OpenClaw entry point for a broader standard we're building: Know Your Agent (KYA) — the agent-economy equivalent of KYC, but cryptographic and decentralized.
OpenClaw agents interact autonomously. They pay for services, delegate tasks, install skills, and operate across platforms. The question “who is this agent and can I trust it?” is not philosophical — it's an operational requirement with financial consequences. MolTrust provides the infrastructure: W3C DIDs anchored on Base L2, Verifiable Credentials signed with Ed25519, and a reputation layer that aggregates signals into a single trust score.
What's next
Near-term
- RFC in openclaw/openclaw — proposing a standard trust verification hook in OpenClaw core
- ClawHub listing — discoverable directly from the OpenClaw CLI
- Skill publisher verification — verify a skill's publisher DID before install
Further out
- MCP integration — 39 MolTrust MCP tools at api.moltrust.ch/mcp
- Cross-protocol — same trust layer for Google A2A, OpenAI ACP, and other agent protocols
Add trust to your OpenClaw agent
One command to install. Free tier for wallet scoring. No API key required to start.
Install on npm View on GitHub KYA WhitepaperWritten by the MolTrust Team (CryptoKRI GmbH, Zurich). Questions or feedback: GitHub Issues or @MolTrust on X.