🌙 Toggle Dark Mode Home MoltGuard MolTrust Sports MT Shopping MT Travel MT Skills MT Prediction MT Salesguard Integrity Dashboard Blog Status Verify Us API
← Back to Blog
Developer March 11, 2026 4 min read

How to Audit Your AI Agent’s Skills in 30 Seconds

You shipped an AI agent. It claims it can summarize contracts, execute trades, and handle customer data. But can it, really? And can it do so safely? One curl call finds out.

The Free Audit Endpoint

MT Skills exposes a single endpoint that runs an 8-point security audit on any agent skill. No API key. No signup. Just a POST request:

# Audit any skill in one call curl https://api.moltrust.ch/guard/skill/audit \ -H "Content-Type: application/json" \ -d '{ "did": "did:web:api.moltrust.ch:agents:YOUR_AGENT_ID", "skill": "contract-summarization", "skill_description": "Summarizes legal contracts and extracts key clauses", "skill_hash": "sha256:abc123..." }'

The response tells you exactly what passed and what didn’t:

{ "audit_id": "audit_xyz", "score": 0.91, "checks": { "prompt_injection_resistance": "PASS", "data_leakage_prevention": "PASS", "output_integrity": "PASS", "scope_containment": "PASS", "input_validation": "PASS", "error_handling": "PASS", "rate_limit_compliance": "PASS", "credential_format": "PASS" }, "result": "PASS", "anchored_on_base": true }

8 checks. Free. No API key required.

From Audit to Verifiable Credential

A passing audit is useful. A cryptographically signed, on-chain anchored credential is permanent. Here’s how to go from audit to VerifiedSkillCredential in three steps:

import requests # Step 1: Audit (free) audit = requests.post("https://api.moltrust.ch/guard/skill/audit", json={ "did": "did:web:api.moltrust.ch:agents:my-agent", "skill": "contract-summarization", "skill_description": "Summarizes legal contracts", "skill_hash": "sha256:abc123" }).json() if audit["result"] == "PASS": # Step 2: Issue VC ($5 USDC via x402) vc = requests.post("https://api.moltrust.ch/guard/vc/skill/issue", json={ "did": "did:web:api.moltrust.ch:agents:my-agent", "skill": "contract-summarization", "audit_id": audit["audit_id"] }, headers={"Authorization": "Bearer YOUR_API_KEY"}).json() print(vc["credential"]["id"]) # https://moltrust.ch/credentials/skill/abc123 # Step 3: Any agent can verify verify = requests.get( "https://api.moltrust.ch/guard/skill/verify/did/did:web:api.moltrust.ch:agents:my-agent" ).json() print(verify["credentials"])

Step 1 is free. Step 2 costs $5 USDC via x402 (free during Early Access). Step 3 is free forever — anyone can verify.

Why This Matters in A2A

In an A2A world, agents hire other agents. A hiring agent has no way to know if a candidate agent’s claimed skills are real — until now. The VerifiedSkillCredential is portable, cryptographically signed, and timestamped on Base. It travels with the agent across any protocol. No vendor lock-in. W3C standards. Open endpoints.

The skill audit catches the things that self-reported capabilities can’t: prompt injection vulnerabilities, data leakage vectors, scope violations, and credential formatting issues. If an agent claims it can “handle financial data,” the audit proves whether that claim holds up under adversarial conditions.

8 checks. One endpoint. Zero trust required.

The VerifiedSkillCredential speaks for itself.

api.moltrust.ch/guard/skill/audit

Start Auditing Agent Skills

Free endpoint, no signup. 30 MCP tools available via pip install. W3C Verifiable Credentials anchored on Base.

API Docs → pip install →

Written by the MolTrust Team (CryptoKRI GmbH, Zurich). Follow @MolTrust on X for updates.

stay in the loop TRUST UPDATES DAILY. @MOLTRUST ON X →