Add verifying-agent-receipts skill (Security)#25
Open
tomjwxf wants to merge 1 commit intotrailofbits:mainfrom
Open
Add verifying-agent-receipts skill (Security)#25tomjwxf wants to merge 1 commit intotrailofbits:mainfrom
tomjwxf wants to merge 1 commit intotrailofbits:mainfrom
Conversation
Guidance-only skill that teaches Claude to verify Ed25519-signed decision receipts produced by agent governance tooling (protect-mcp, Microsoft Agent Governance Toolkit, Cedar-enforced MCP gateways following IETF draft-farley-acta-signed-receipts). ## Summary Covers: Ed25519 signature verification (RFC 8032), hash-chain integrity walking, tamper diagnosis (which field was altered), Cedar policy digest matching, offline verification via @veritasacta/verify (Apache-2.0, no network calls). Fills a gap in the Security category: existing skills (security-awareness, scv-scan, ghidra-headless, ffuf-web-fuzzing, wooyun-legacy) are advisory or offensive. This teaches the missing "did the agent follow its policy, and can we prove it?" layer — forensic verification of signed audit logs. ## Source - Upstream: https://github.com/ScopeBlind/scopeblind-gateway - Author: Tom Farley / ScopeBlind - License: MIT ## Why this fits ToB's audience MCP operators and anyone running Claude Code against production tools need proof-of-policy, not just policy. Specific fit: - **Formal verification story.** Cedar (referenced throughout) has Lean proofs from AWS. Not hand-rolled authorization. - **Crypto is boring on purpose.** Ed25519 per RFC 8032, canonical JSON per RFC 8785 (JCS). Verifier is small, no dependencies beyond @noble/ed25519. - **Offline verification.** Receipts verify with just the issuer's public key — no vendor backend, no phone-home. - **No hooks, no network, no runtime code.** This is a guidance skill only. It does not ship hooks, run background services, or make network calls from Claude Code. Runtime enforcement is a separate tool (protect-mcp npm) users install independently. ## Distribution signals - npm protect-mcp: ~2,300 downloads/month (10K+/month across 16 packages) - Microsoft AGT adapter merged: microsoft/agent-governance-toolkit#667 - Cedar-for-agents WASM bindings merged: cedar-policy/cedar-for-agents#64 - wshobson/agents (Claude Code marketplace, 33K stars) PR #484 pending - IETF Internet-Draft: draft-farley-acta-signed-receipts ## Review notes - Follows ToB SKILL.md structure: When to Use / When NOT to Use / Rationalizations to Reject - Third-person description, gerund form name (verifying-agent-receipts) - Uses {baseDir} convention (no hardcoded paths) - No hooks, no scripts with network access - allowed-tools restricted to Read, Glob, Bash, Grep (minimum needed) - Single-level reference structure (SKILL.md → standards docs, no chains)
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
verifying-agent-receiptsto the Security category. Guidance-only skill that teaches Claude to verify Ed25519-signed decision receipts produced by agent governance tooling — specifically protect-mcp, Microsoft Agent Governance Toolkit, and Cedar-enforced MCP gateways that follow the IETF Internet-Draft for signed decision receipts.Fills a gap in the Security category: existing skills are advisory (security-awareness, openai-security-threat-model) or offensive (ffuf-web-fuzzing, ghidra-headless, scv-scan, wooyun-legacy). This teaches the missing "did the agent follow its policy, and can we prove it?" layer — forensic verification of signed audit logs.
Source
Why this fits ToB's audience
MCP operators and anyone running Claude Code against production tools need proof-of-policy, not just policy. Specific fit:
@noble/ed25519.npx @veritasacta/verify receipt.jsonrequires no network, no vendor lookup, no account. Works air-gapped.protect-mcpnpm package) that users install independently if they choose to.Modifications from upstream
protect-mcpproject's existing guidance into a standalone skill that follows the ToBSKILL.mdformatWhen to Use/When NOT to Use/Rationalizations to Rejectsections per CLAUDE.md requirements for security skillsprotect-mcpruntime installer; skill only teaches verification, not enforcement{baseDir}convention throughoutDistribution signals
protect-mcp: ~2,300 downloads/month (10K+/month across 16 ScopeBlind packages)Review Findings
npx @veritasacta/verifybut does NOT invoke it in any hook or script. The user runs it explicitly; the skill only teaches how to interpret exit codes.@veritasacta/verify,protect-mcp) and an IETF draft authored by the submitter. All are publicly documented, permissively licensed, and independently verifiable. The skill teaches a standards-based workflow, not a vendor pitch.Checklist
Technical (CI validates):
nameanddescriptionverifying-agent-receipts), ≤64 characters/Users/...,/home/...)Quality:
Documentation:
README.mdSecurity table.claude-plugin/marketplace.jsonHappy to iterate on any of the framing, section structure, or content. Thanks for keeping a high bar on this marketplace — it's the reason it's valuable.
cc @dguido