🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

🚨Sentinel, The Agent Cop - Protect Your Agent From Prompt Injections

by @shaymizuno

Catches prompt injection hidden in Moltbook docs, tool results, and external content β€” plus credential exfiltration, token smuggling, and insecure output β€” b...

Versionv1.0.1
Downloads487
TERMINAL
clawhub install agentcop

πŸ“– About This Skill


name: agentverif description: "SCAN β†’ SIGN β†’ VERIFY. Certify your skill, detect tampering, revoke instantly. Full control over how your skill is distributed and run. Requires AGENTVERIF_API_KEY for revoke." homepage: https://agentverif.com user-invocable: true metadata: { "openclaw": { "emoji": "βœ…", "badge": "βœ… AgentVerif Certified", "requires": { "anyBins": ["python3", "python"] } } }

βœ… AgentVerif β€” OWASP Scan + Cryptographic Verification


βœ… AgentVerif Certified ⭐ Score: 100/100 Β· πŸ”‘ AC-FA10-EB04 clawhub.ai/agentverif

AgentVerif is the trust layer for OpenClaw skills. Every skill you install or distribute is scanned against the OWASP LLM Top 10 and cryptographically verified β€” so you know it's authentic, unmodified, and safe to run.

The former AgentCop Sentinel is now AgentVerif β€” same battle-tested OWASP scanner, now with cryptographic signing, tamper detection, and license revocation built in.

Install in one line:

npx clawhub@latest install agentverif

Requires agentverif-sign (install once):

pip install agentverif-sign
This skill never installs packages automatically. You stay in control of your environment.


What AgentVerif does

| Layer | What it catches | OWASP | |-------|----------------|-------| | SCAN | Prompt injection, credential leaks, insecure output, tool-call injection | LLM01, LLM02, LLM06, LLM08 | | SIGN | Cryptographic hash + License ID β€” proves the skill is yours | β€” | | VERIFY | Tamper detection β€” catches modified versions before execution | β€” | | REVOKE | Kill a license instantly if the skill gets redistributed | β€” |


Slash commands

/security scan [--last 1h|24h|7d] [--since ISO]

Scan current session for OWASP LLM Top 10 violations. Score 0–100. Below 70 = refused. Shows exact violations + fixes.

/security verify

Verify a skill certificate against the agentverif.com registry. Returns: VERIFIED / TAMPERED / UNSIGNED / EXPIRED / REVOKED

/security sign

Sign a skill ZIP. OWASP scan runs first (score β‰₯ 70 required). Injects SIGNATURE.json. Issues a License ID.

/security revoke

Revoke a license. Verification fails immediately for all buyers. Requires AGENTVERIF_API_KEY environment variable.

/security status

Reports that this skill is stateless β€” no local session data stored. Run /security scan to get a live score.

/security report

Full violation report grouped by severity (CRITICAL β†’ ERROR β†’ WARN). Reads from stdin β€” pipe session context or text to scan.

/security taint-check

Check a string for LLM01 prompt injection. Exit 1 if tainted.

/security output-check

Check agent output for LLM02 insecure patterns.

/security diff

Not supported β€” this skill is stateless and stores no session history.

/security badge

Get your βœ… AgentVerif Certified badge for your skill listing.


Privacy & data

Network calls: scan, sign, and verify transmit data to api.agentverif.com via the agentverif-sign Python package:

  • scan: sends the skill ZIP for OWASP analysis
  • sign: sends the skill ZIP to generate a certificate
  • verify: sends the license ID to check registry status
  • Do not scan or sign ZIPs containing secrets you cannot share with agentverif.com.

    Local persistence: This skill itself writes no local files. The agentverif-sign package may cache scan results β€” see its source at github.com/trusthandoff/agentverif.

    API key: revoke requires AGENTVERIF_API_KEY. Use a scoped key. Never store in plaintext. Rotate if exposed.

    Source code: All behavior is auditable at github.com/trusthandoff/agentverif


    Exit codes

    | Code | Meaning | |------|---------| | 0 | Clean β€” no violations, certificate valid | | 1 | Violations detected or certificate invalid | | 2 | Error β€” agentverif-sign not installed or bad arguments |


    Requirements

  • OpenClaw β‰₯ 0.1
  • Python β‰₯ 3.11
  • agentverif-sign >= 0.2.0:
  • pip install agentverif-sign

    This skill never auto-installs packages.


    Built by agentverif.com Source: github.com/trusthandoff/agentverif


    βœ… AgentVerif Certified ⭐ Score: 100/100 Β· πŸ”‘ AC-FA10-EB04 clawhub.ai/agentverif