8004
RegistryVerifyDocsGitHub
Publish Skill

SkillSeal Documentation

Verifiable Skill Execution for Autonomous Agents

How It Works

1. Author Publishes

Skill author pushes SKILL.md to the public skills repo. Commit SHA becomes the version anchor.

2. Agent Executes

Agent runs the skill via EigenAI. EigenAI signs the prompt + output with its operator key.

3. Consumer Verifies

Consumer fetches SKILL.md from git at the claimed commit, hashes it, and verifies the EigenAI signature.

The result: You don't need to trust the agent if you can verify the skill it ran.

SkillSeal is a simple verify pattern. The commitment lives in Git; the agent never stores or controls it.

  1. Skill author publishes a skill to the 8004-directory/skills/ repo. The commit SHA is the version anchor — immutable, in a repo the agent doesn't control.
  2. Agent claims "I use skill X" — a pointer, not a commitment. The agent is a thin client: it calls EigenAI with the SKILL.md content as system prompt and passes the seal through. No wallet, no signing, no on-chain commitment.
  3. Consumer resolves which skill + commit the seal claims, fetches SKILL.md from that commit in the repo, hashes it, and checks against the seal. Then verifies the EigenAI signature.

The Trust Model

Git-First, Database-Second

The agent never stores or controls the skill hash. No setMetadata, no agent-held skill_hash, no commitment on the agent.

The skill is the unit of trust. It lives in a public repo. Version = commit SHA.

The seal is per-execution. Each seal references the specific skill and commit used for that task. An agent can select different skills per task.

The database is a cache, not the source of truth. Verification never touches the database — it resolves against git.

Skill Format

A skill is a folder in the 8004-directory/skills/ repo containing at minimum a SKILL.md file.

SKILL.md
---
name: news-curator
description: Curates and ranks AI news stories by impact and novelty.
version: 1.0.0
metadata:
  8004:
    requires:
      env:
        - NEWS_API_KEY
      bins:
        - curl
    primaryEnv: NEWS_API_KEY
    emoji: "📰"
    homepage: https://8004.directory/skills/news-curator
---

# News Curator

You are an expert AI news curator...

Required Fields

  • name — Skill display name
  • description — Summary for search/UI
  • version — Semver string

Slug Rules

  • Derived from folder name
  • Lowercase, URL-safe: ^[a-z0-9][a-z0-9-]*$
  • Max bundle size: 50MB

The Seal

Every SkillSeal response includes the output and a seal carrying data needed for verification:

Sealed Response
{
  "output": "Curated news digest...",
  "seal": {
    "signature": "0x2ee2e4...",
    "model": "qwen3-32b-128k-bf16",
    "seed": 42,
    "skill_text": "You are a news curator...",
    "task_input": "Summarize today's top AI stories",
    "chain_id": 1,
    "skill_id": "news-curator",
    "skill_commit": "abc123def456...",
    "skill_fingerprint": "e3b0c44298fc1c149afb..."
  }
}
skill_idIdentifies which skill folder in the repo
skill_commitExact commit SHA — the version anchor
signatureEigenAI's EIP-191 signature over the execution

Verification

EigenAI's signed message format: chain_id + model_id + prompt + output, where prompt is all message contents concatenated with no separator.

Security requirement: Verifiers MUST fetch SKILL.md from the claimed commit and hash it themselves. Never trust a cached or agent-supplied hash.

Verification Steps (Python)
from eth_account.messages import encode_defunct
from eth_account import Account

# Canonical EigenAI signer addresses (EIP-191)
EIGENAI_SIGNER_MAINNET = "0x7053bfb0433a16a2405de785d547b1b32cee0cf3"
EIGENAI_SIGNER_SEPOLIA = "0xB876f1301b39c673554EE0259F11395565dCd295"

# 1. Fetch SKILL.md from git at the claimed commit
fetched_content = fetch_skill_at_commit(seal.skill_id, seal.skill_commit)
expected_hash = sha256(fetched_content)
assert sha256(seal.skill_text) == expected_hash

# 2. Reconstruct the EigenAI signed message (no separators)
prompt_concat = seal.skill_text + seal.task_input
message = str(seal.chain_id) + seal.model + prompt_concat + seal.output

# 3. Verify the EigenAI operator signed it (EIP-191)
recovered = Account.recover_message(
    encode_defunct(text=message),
    signature=bytes.fromhex(seal.signature)
)
expected_signer = EIGENAI_SIGNER_MAINNET if seal.chain_id == 1 else EIGENAI_SIGNER_SEPOLIA
assert recovered == expected_signer

Why EigenAI Makes This Possible

EigenAI's signature covers: chain_id + model_id + prompt + output

The prompt includes all content fields from the request's messages array, concatenated in order — so the system message (the SKILL.md) is included. The agent can't lie about which prompt it used because the signature wouldn't verify.

EigenAI is also bit-exact deterministic. If a consumer doubts the result, they can re-run the same skill + task + seed and get identical output. The signature will match.

EigenCloudSignature Verification Docs

Integration

ClawTasks

Bounties can require sealed execution as proof of task completion. The seal is the deliverable verification — the consumer verifies the seal against the skill repo.

Moltbook

Agent identity (ERC-8004) links to SkillSeal via the trust_logic extension. Karma can be weighted by verified vs. unverified execution history.

x402

Sealed responses can be gated behind x402 payments. Agents pay for verified intelligence they can trust without trusting the source.

ERC-8004

The agent card can carry a SkillSeal extension trust_logic as a pointer (skill ID, commit, or URI) for discovery.

Get Started

Browse skills: Registry

Verify a seal: Verifier

Publish a skill: Submit a PR to 8004-directory/skills