MT Skill Verification audits AI agent skills for prompt injection, scope creep, and data exfiltration — then issues W3C Verifiable Credentials signed on Base.
Agents load skills from registries with zero verification. Star counts are not trust. A popular skill can still contain hidden prompt injections.
One compromised SKILL.md can inject prompts into thousands of agents. There is no signature, no hash, no verification at load time.
Skill authors have no cryptographic identity. No tamper detection exists. If a skill is modified after publication, nobody knows.
Point to any GitHub repo or HTTPS link containing a SKILL.md file. We fetch the content, normalize it, and compute a canonical SHA-256 hash.
Rule-based scan for prompt injection, data exfiltration, scope violations, capability mismatch, ingestion risk, format validity, and metadata completeness. Score 0–100.
W3C Verifiable Credential signed with Ed25519, hash anchored on Base. 90-day validity. Any party can verify independently using the credential hash.
Deterministic hash spec. Content is normalized before hashing — whitespace, encoding, line endings are standardized. Any party can reproduce and verify the exact same hash.
Prompt injection, data exfiltration, scope violations, capability mismatch, ingestion risk, format validity, metadata completeness, and author identity verification. Each scored individually.
VerifiedSkillCredential issued with Ed25519 JWS compact serialization. Interoperable W3C standard. Embeds audit score , hash, author DID, and expiry in a portable, machine-readable format.
$5 USDC per credential via the x402 protocol. Payment and issuance in a single HTTP request. Free during Early Access — no signup, no API key required.
Query all credentials by author DID. Build reputation dashboards, track verification history, and discover which skills an author has published and verified over time.
Any content change = different hash = verification fails. Instant detection. Hash is anchored on Base for immutable proof. No trust assumptions required.
Add a single verification step to your agent framework. Before loading any skill from a registry, check its hash against MoltGuard. Get a verified/not-verified response with the full credential.
| Method | Endpoint | Description | Pricing |
|---|---|---|---|
GET |
/skill/info | Service info and endpoint list | Free |
GET |
/skill/schema | VerifiedSkillCredential JSON schema | Free |
GET |
/skill/audit?url= | 8-point security audit for a skill URL | Free (5/hr) |
POST |
/vc/skill/issue | Issue a VerifiedSkillCredential | $5 USDC |
GET |
/skill/verify/:hash | Verify a skill by its SHA-256 hash | Free |
GET |
/skill/verify/did/:did | Look up all credentials by author DID | Free |
All endpoints are accessible at https://api.moltrust.ch/guard/.
Read the full API reference.
All endpoints are free during Early Access. Audit any skill. Issue credentials. Build trust.