Install
openclaw skills install @workloftai/agent-verifierPre-send verification for outbound agents — a small, separate guardian you put in front of send() so every message (email, social, helpdesk reply) gets an independent verdict across deterministic gates (calendar, redlist, regex) plus an optional LLM semantic check, with a per-message audit log a regulator can read.
openclaw skills install @workloftai/agent-verifierWhen an agent speaks for the firm, "the model was careful" is not a control. The
producer model that drafts the message cannot also be the control that approves
it. agent-verifier is the small, separate guardian you put in front of send()
so every outbound has an independent verdict — and a per-message log a regulator
can read. Python 3.10+ standard library only; bring your own LLM.
The library lives at {baseDir}/agent_verifier. Example redlist:
{baseDir}/redlist.example.txt.
Use it in any agent stack that sends outbound text on the firm's behalf — cold
outreach, helpdesk replies, social posts, notifications — especially in regulated
contexts (FCA/ICO) where you need an independent attestation per message. It is a
library you wire in front of your send(), not a CLI.
Install into the project (pip install -e {baseDir}), or vendor the single file
{baseDir}/agent_verifier/verifier.py — no required dependencies.
from agent_verifier import Verifier
# Bring your own LLM: any callable (prompt: str) -> str. OpenAI, Anthropic,
# Gemini, Ollama — all work. The semantic axis is optional; omit llm to skip it.
def my_llm(prompt: str) -> str:
...
v = Verifier(
redlist_path="redlist.txt",
llm=my_llm,
weekend_block_days=("Saturday", "Sunday"),
timezone_name="Europe/London",
)
result = v.verify(
subject="Quick question on AI procurement",
body="Hi — saw your council just published its AI strategy...",
recipient="ceo@somecouncil.gov.uk",
campaign="cold-outreach-2026-q2",
)
if not result.can_send:
alert(result) # BLOCK — do not send
elif result.verdict == "WARN":
log_warn(result); send(...) # WARN — send + log
else:
send(...) # PASS — send silently
result is a structured VerifyResult — serialise to_dict() as the audit
artefact.
verified / unverifiable / failed (any
failed → BLOCK, any unverifiable → WARN), plus confidential/clarity checks.{baseDir}/... — never hardcode.prompt_template=).regex: are compiled as Python regex; # are
comments. See {baseDir}/redlist.example.txt.