ERC-8004 Trustless Agents
Flagged@sp0oby
{"isSafe":false,"isSuspicious":true,"riskLevel":"high","findings":[{"category":"shell_command","severity":"high","description":"Dangerous shell command pattern: piping curl to bash to install a tool (curl -L https://foundry.paradigm.xyz | bash). This pattern can execute remote code and is a common tracking/attack vector when not vetted.","evidence":"curl -L https://foundry.paradigm.xyz | bash"},{"category":"other","severity":"high","description":"Insecure handling of private keys: guidance to store a private key in a file path (~/.clawdbot/wallets/.deployer_pk) or as an environment variable (PRIVATE_KEY). This can lead to credential leakage if the environment or repository is exposed or logged.","evidence":"Private key in ~/.clawdbot/wallets/.deployer_pk or PRIVATE_KEY env"}],"summary":"The content is largely informational about ERC-8004, but it includes at least one risky shell pattern (curl ... | bash) and insecure guidance for handling private keys. Recommend replacing curl | bash installation with a vetted, offline/verified install method and avoiding embedding credentials or secrets in files/envs in documentation or code samples."}
npx machina-cli add skill @sp0oby/erc-8004 --openclawERC-8004: Trustless Agents
On-chain identity, reputation, and validation for autonomous agents. Now live on Ethereum Mainnet!
Overview
ERC-8004 provides three registries:
- Identity Registry - ERC-721 agent identities with registration metadata
- Reputation Registry - Signed feedback scores between agents/clients
- Validation Registry - Independent verification (zkML, TEE, stakers)
Quick Reference
Register Agent
./scripts/register.sh --uri "ipfs://..." --network mainnet
./scripts/register.sh --network sepolia # Testnet (no URI, set later)
Query Agents
./scripts/query.sh total --network mainnet # Total registered
./scripts/query.sh agent 1 --network mainnet # Agent details
./scripts/query.sh reputation 1 # Reputation summary
Update Agent
./scripts/set-uri.sh --agent-id 1 --uri "ipfs://newHash" --network mainnet
Give Feedback
./scripts/feedback.sh --agent-id 1 --score 85 --tag1 "quality"
./scripts/feedback.sh --agent-id 1 --score 9977 --decimals 2 --tag1 "uptime"
Networks
| Network | Status | Identity Registry | Reputation Registry |
|---|---|---|---|
| Mainnet | Live | 0x8004A169FB4a3325136EB29fA0ceB6D2e539a432 | 0x8004BAa17C55a88189AE136b182e5fdA19dE9b63 |
| Sepolia | Live | 0x8004A818BFB912233c491871b3d84c89A494BD9e | 0x8004B663056A597Dffe9eCcC1965A193B7388713 |
| Base | Coming | TBD | TBD |
| Arbitrum | Coming | TBD | TBD |
| Optimism | Coming | TBD | TBD |
Contract addresses in lib/contracts.json.
Registration File Format
{
"type": "https://eips.ethereum.org/EIPS/eip-8004#registration-v1",
"name": "your-agent-name",
"description": "Agent description...",
"image": "ipfs://...",
"services": [
{ "name": "A2A", "endpoint": "https://agent.example/.well-known/agent-card.json", "version": "0.3.0" },
{ "name": "MCP", "endpoint": "https://mcp.agent.eth/", "version": "2025-06-18" },
{ "name": "ENS", "endpoint": "yourname.eth" }
],
"registrations": [
{ "agentRegistry": "eip155:1:0x8004A169FB4a3325136EB29fA0ceB6D2e539a432", "agentId": "1" }
],
"supportedTrust": ["reputation", "crypto-economic", "tee-attestation"]
}
Template at templates/registration.json.
Reputation Scores
The reputation system uses signed fixed-point numbers (value + valueDecimals):
| Tag | Meaning | Example | value | decimals |
|---|---|---|---|---|
| starred | Quality (0-100) | 87/100 | 87 | 0 |
| uptime | Uptime % | 99.77% | 9977 | 2 |
| tradingYield | Yield % | -3.2% | -32 | 1 |
| responseTime | Latency ms | 560ms | 560 | 0 |
Trust Models
ERC-8004 supports three pluggable trust models:
- Reputation-based - Client feedback with scores, tags, and metadata
- Crypto-economic - Stake-secured validation with economic incentives
- Crypto-verification - TEE attestations and zkML proofs
Dependencies
cast(Foundry) -curl -L https://foundry.paradigm.xyz | bashjq-brew install jq- Private key in
~/.clawdbot/wallets/.deployer_pkorPRIVATE_KEYenv - IPFS: Set
PINATA_JWTfor uploads, or upload manually
Resources
Official
- EIP-8004 Spec - Full specification
- 8004.org - Official website
- Reference Implementation - Contract source
- Telegram Community - Builder chat
- Builder Program - Join the ecosystem
SDKs & Tools
- ChaosChain SDK - JS/TS SDK
- erc-8004-js - Lightweight JS library
- erc-8004-py - Python implementation
- Vistara Example - Full demo with AI agents
Ecosystem
- Awesome ERC-8004 - Curated resource list
- A2A Protocol - Agent-to-Agent protocol ERC-8004 extends
- Ethereum Magicians Discussion
Genesis Month (February 2026)
ERC-8004 launched on mainnet January 29, 2026. February is "Genesis Month" - showcasing teams building the agentic economy. Get involved!
Overview
ERC-8004 provides three on-chain registries to manage AI agents: Identity Registry (ERC-721 identities with metadata), Reputation Registry (signed feedback), and Validation Registry (independent verification via zkML, TEEs, and stakers). It enables registering agents, discovering their details, and building reputations for on-chain trust in autonomous agents. This matters for dApps that need verifiable agent identity, performance, and validation proofs.
How This Skill Works
Agents are registered with a URI and metadata via CLI scripts, creating on-chain identities in the Identity Registry. Other actors can query agent data and submit signed reputation feedback to the Reputation Registry, while the Validation Registry handles independent verification using zkML proofs, TEEs, or stake-based validation. Three pluggable trust models—reputation, crypto-economic, and crypto-verification—drive how trust is established and maintained.
When to Use It
- Register a new AI agent on-chain with its identity and metadata for discoverability.
- Query total registered agents or fetch detailed agent records and reputation summaries.
- Submit or review reputation feedback (scores and tags) to reflect agent performance.
- Verify agent capabilities or attestations via independent validation (zkML/TEE/stakers).
- Integrate ERC-8004 trust data into dApps to build a robust AI agent trust layer.
Quick Start
- Step 1: Install and configure tools, ensure wallet/private key access, and pick a network (mainnet or Sepolia).
- Step 2: Register an agent with ./scripts/register.sh --uri "ipfs://..." --network mainnet and provide agent metadata.
- Step 3: Query the agent and, if needed, update the URI or submit initial reputation feedback with ./scripts/query.sh and ./scripts/feedback.sh.
Best Practices
- Use the registration file format to include a descriptive name, image, services, and supported trust models.
- Prefer signing reputation feedback with verifiable identities to prevent spoofing.
- Keep agent URIs updated with set-uri.sh to ensure current on-chain records.
- Regularly monitor reputation scores and validation status for timely trust decisions.
- Test on Sepolia before mainnet deployment and protect private keys with secure storage.
Example Use Cases
- A DeFi protocol registers an agent-augmented trading assistant and surfaces its reputation to users.
- A DAO onboarding an on-chain helper creates a transparent agent profile with services and uptime metrics.
- An NFT marketplace uses agent validation to verify automated bidding bots before allowing live interactions.
- An oracle service leverages reputation and validation proofs to prove data integrity to smart contracts.
- A user-facing app queries an agent's reputation and validation status to decide which agent to trust for decisions.
