π¨Sentinel, The Agent Cop - Protect Your Agent From Prompt Injections
by @shaymizuno
Catches prompt injection hidden in Moltbook docs, tool results, and external content β plus credential exfiltration, token smuggling, and insecure output β b...
clawhub install agentcopπ About This Skill
name: agentverif description: "SCAN β SIGN β VERIFY. Certify your skill, detect tampering, revoke instantly. Full control over how your skill is distributed and run. Requires AGENTVERIF_API_KEY for revoke." homepage: https://agentverif.com user-invocable: true metadata: { "openclaw": { "emoji": "β ", "badge": "β AgentVerif Certified", "requires": { "anyBins": ["python3", "python"] } } }
β AgentVerif β OWASP Scan + Cryptographic Verification
β AgentVerif Certified β Score: 100/100 Β· π AC-FA10-EB04 clawhub.ai/agentverif
AgentVerif is the trust layer for OpenClaw skills. Every skill you install or distribute is scanned against the OWASP LLM Top 10 and cryptographically verified β so you know it's authentic, unmodified, and safe to run.
The former AgentCop Sentinel is now AgentVerif β same battle-tested OWASP scanner, now with cryptographic signing, tamper detection, and license revocation built in.
Install in one line:
npx clawhub@latest install agentverif
Requires agentverif-sign (install once):
pip install agentverif-sign
This skill never installs packages automatically.
You stay in control of your environment.What AgentVerif does
| Layer | What it catches | OWASP | |-------|----------------|-------| | SCAN | Prompt injection, credential leaks, insecure output, tool-call injection | LLM01, LLM02, LLM06, LLM08 | | SIGN | Cryptographic hash + License ID β proves the skill is yours | β | | VERIFY | Tamper detection β catches modified versions before execution | β | | REVOKE | Kill a license instantly if the skill gets redistributed | β |
Slash commands
/security scan [--last 1h|24h|7d] [--since ISO]
Scan current session for OWASP LLM Top 10 violations. Score 0β100. Below 70 = refused. Shows exact violations + fixes./security verify
Verify a skill certificate against the agentverif.com registry.
Returns: VERIFIED / TAMPERED / UNSIGNED / EXPIRED / REVOKED/security sign
Sign a skill ZIP. OWASP scan runs first (score β₯ 70 required).
Injects SIGNATURE.json. Issues a License ID./security revoke
Revoke a license. Verification fails immediately for all buyers.
Requires AGENTVERIF_API_KEY environment variable./security status
Reports that this skill is stateless β no local session data stored. Run/security scan to get a live score./security report
Full violation report grouped by severity (CRITICAL β ERROR β WARN). Reads from stdin β pipe session context or text to scan./security taint-check
Check a string for LLM01 prompt injection. Exit 1 if tainted./security output-check
Check agent output for LLM02 insecure patterns./security diff
Not supported β this skill is stateless and stores no session history./security badge
Get your β AgentVerif Certified badge for your skill listing.Privacy & data
Network calls: scan, sign, and verify transmit
data to api.agentverif.com via the agentverif-sign
Python package:
scan: sends the skill ZIP for OWASP analysissign: sends the skill ZIP to generate a certificateverify: sends the license ID to check registry statusDo not scan or sign ZIPs containing secrets you cannot share with agentverif.com.
Local persistence: This skill itself writes no local files.
The agentverif-sign package may cache scan results β
see its source at github.com/trusthandoff/agentverif.
API key: revoke requires AGENTVERIF_API_KEY.
Use a scoped key. Never store in plaintext. Rotate if exposed.
Source code: All behavior is auditable at github.com/trusthandoff/agentverif
Exit codes
| Code | Meaning | |------|---------| | 0 | Clean β no violations, certificate valid | | 1 | Violations detected or certificate invalid | | 2 | Error β agentverif-sign not installed or bad arguments |
Requirements
agentverif-sign >= 0.2.0:pip install agentverif-signThis skill never auto-installs packages.
Built by agentverif.com Source: github.com/trusthandoff/agentverif
β AgentVerif Certified β Score: 100/100 Β· π AC-FA10-EB04 clawhub.ai/agentverif