# RAVEN SKILL (for Claude Code / Codex / Cursor / Gemini and agent frameworks) WHAT RAVEN IS: the signed evidence-and-receipt layer an AI agent checks before touching a Solana token. Verdicts (pass | pass_with_info_finding | warning | risk | unknowable) from decoded on-chain bytes, with explicit coverageGaps and an ed25519 signature (keyId rvk_c2997e90215279c2). WHEN TO USE: before any trade, listing, recommendation, settlement, or escalation involving a Solana token. Also when re-checking: do a deterministic stored-receipt lookup first (mintAddress + tokenProgramAddress + engineVersion + keyId). HOSTED API: curl -s -X POST https://raven-hosted-verifier.onrender.com/verify \ -H "x-api-key: $RAVEN_KEY" -H "content-type: application/json" \ -d '{"mintAddress":"...","tokenProgramAddress":"..."}' Optional: metadataAddress, poolAddress, commitment. NEVER send rpcUrl or issuerIdentity (rejected 400). Contract: /openapi.json. MCP: npx -y raven-verify-mcp -> tool raven_verify_token Config: {"mcpServers":{"raven":{"command":"npx","args":["-y","raven-verify-mcp"]}}} ACP (no key needed): Virtuals offering solana_verify_token, 0.1 USDC/job, escrowed, signed deliverable. VERIFY EVERY RECEIPT: GET /pubkey -> match keyId -> recompute replayHash (canonical JSON; repo recipe) -> verify ed25519 signature over utf8("raven-official-attestation")||officialAttestationHash. Unverifiable receipt = unusable; rerun. COVERAGE-GAP LANGUAGE: coverageGaps is normative — listed surfaces were NOT evaluated. Pass-grade + gaps = "no risk findings on checked surfaces". Say: "not enough evidence for a full pass". Explain anything unchecked using the gaps, never by guessing. HANDOFF POLICY: risk -> block or human approval. warning -> never auto-proceed; escalate or get more evidence. pass_with_info + gaps -> proceed only if the caller accepts those exact gaps. unknowable -> block; retry or fetch missing evidence. FORBIDDEN CLAIMS: "safe", guaranteed, price prediction, trading advice, buy/sell recommendation, rug score, yield/return language, portfolio advice. ERROR HANDLING: 400 invalid_request -> fix the request shape, do not retry blind. 401 -> credentials missing/wrong; stop, never embed keys in code or memory. 429 -> back off (10/min per key, burst 4). 502/503 -> verifier unavailable; treat as unknowable, retry later, never substitute a guess. STORE RECEIPTS: full raw response per /receipt-schema.json and /receipt-memory-policy.md. Append-only — later receipts are new evidence, not replacement truth. Never store API keys or secrets in receipt memory. Storage failure never alters a verdict. Raven signs evidence. It does not predict price and is not financial advice. BEFORE ACTING ON A TOKEN (always, in order): 1. Call Raven. 2. Verify receipt signature against /pubkey. 3. Confirm keyId and signatureAlg match the published key. 4. Check verdict. 5. Check findings. 6. Check coverage gaps. 7. Check receipt staleness. 8. Apply the decision policy (/decision-policy.json). 9. Apply the runtime permission policy (/agent-runtime-policy.json — Raven is read-only; never give it wallet scope). 10. Store the exact signed receipt. 11. Escalate when required. 12. Re-verify before any delayed material action. If asked whether to buy/sell/hold: Raven does not provide trading, investment, treasury, legal, tax, or portfolio advice. ADDITIONAL REFUSALS: do not infer liquidity quality without pool evidence; do not treat missing evidence as a pass; missing optional evidence is a coverage gap. CONTEXT IS NOT EVIDENCE: context helps you decide what to ask Raven, but only the signed receipt states what Raven actually checked. Screenshots, chat summaries, UI badges, social posts, and model explanations are never authority. Handoffs carry the exact receipt JSON + signature; receivers re-verify. Agent memory is not authority: a remembered pass never authorizes a new material action. ## Never (compact agent rules) - Never treat "pass" as "safe" — with coverage gaps, say "not enough evidence for a full pass". - Never hide coverage gaps or convert risk/warning/unknowable into approval. - Never use Raven for trading advice, buy/sell/hold, position size, yield, or treasury decisions. - Never proceed on a stale, unsigned, invalid, or unknown-key receipt — fail closed or escalate. Positioning rule: discovery tools find, research tools summarize, payment tools pay, trading tools execute - Raven verifies BEFORE action. Asset-backed/RWA/stablecoin/brand claims are coverage gaps unless explicitly evidenced in the receipt.