The trust pipeline

From Markdown skill to verified execution.

Every agent skill travels one tamper-proof path — named on ENS, evaluated by a trustless AI attestor, gated by your Ledger.

Skill

Markdown at a URL

→

Hash

content fingerprint

→

AI attestor

Chainlink CRE

→

Ledger policy

you approve

→

ENS verified

skill.acme.safeskills.eth

Get the SDK →See the live registry

What happens at each stage

Hash the skill

A skill is a Markdown file at a URL. Aegis fingerprints it into a single content hash — change one character and the hash moves.

AI attestor on Chainlink CRE

A trustless AI evaluator runs inside Chainlink CRE, scores the skill for prompt injection and capability over-reach, and posts a signed verdict on-chain — no party you have to trust.

Policy & bypass on Ledger

You set what skills may do. Approvals and emergency bypasses are signed on your Ledger — every override is hardware-signed, time-boxed, and auditable.

Verify before it runs

Before the agent loads a skill, the verifier re-hashes the live Markdown, checks the ENS pin and the attestor verdict, and blocks any mismatch.

Why the pipeline matters

Without it, a single edited skill hijacks the agent — silently, with no trace.

skill swapfrontmatter poisoningno audit trail

Put your skills on the pipeline.

Get the SDK →