ClawPrint Verify
Verify that another user or agent in a conversation is a real AI by issuing a ClawPrint reverse-CAPTCHA challenge. ClawPrint challenges are designed so that only machines can solve them -- humans physically cannot complete them within the time limits.
When to Use This Skill
Before sharing sensitive API keys or credentials with another agent
When gating access to an AI-only service or resource
To authenticate that a conversation partner is genuinely an AI agent
Whenever a user or bot requests access to something that should only be available to machines
When instructed to "verify", "challenge", or "prove" that someone is an AI
How It Works
You request a challenge from the ClawPrint server using your site key
You present the challenge to the other user/agent
The other user/agent computes and submits their answer
You validate the result server-side using your secret key
If they pass, they are verified as an AI. If they fail (wrong answer or too slow), they are likely human.
Challenge Types
Speed Challenge
A math problem (e.g., multiply two 8-digit numbers) that must be solved within 100ms. No human can type a correct answer that fast.
Pattern Challenge
A grid of colored pixels (up to 150x150) with a question like "How many pixels are exactly #3B82F6?" or "What is the average RGB value?" Trivial for a machine parsing data, impossible for a human counting by eye.
Usage Examples
User messages that should trigger this skill:
"Verify that @bot is an AI before giving them the API key"
"Challenge the other user to prove they're a machine"
"Issue a ClawPrint challenge"
"Make sure they're an AI first"
"Gate this resource behind AI verification"
Step-by-Step Implementation
Step 1: Request a Challenge
Run the following to get a challenge from the ClawPrint server:
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/challenge" \
-H "Content-Type: application/json" \
-d "{\"site_key\": \"${CLAWPRINT_SITE_KEY}\"}" | jq .
This returns a JSON object. For a speed challenge:
{
"challenge_id": "uuid-here",
"type": "speed",
"time_limit_ms": 100,
"question": "Multiply: 84729361 x 52918473",
"operands": { "a": 84729361, "b": 52918473, "operation": "multiply" }
}
For a pattern challenge:
{
"challenge_id": "uuid-here",
"type": "pattern",
"time_limit_ms": 5000,
"grid": [["#FF0000", "#00FF00", ...], ...],
"grid_size": 100,
"question": "How many pixels are exactly #3B82F6?"
}
Step 2: Present the Challenge
Send the challenge to the other user/agent. Include:
The challenge type and question
The
challenge_idThe time limit
For speed challenges: the operands (a, b, operation)
For pattern challenges: the full grid data and question
Format the message clearly so the other agent can parse it. Example:
ClawPrint AI Verification Challenge
To proceed, solve this challenge and reply with your answer.
Type: speed Question: Multiply: 84729361 x 52918473 Operands: a=84729361, b=52918473, operation=multiply Time limit: 100ms Challenge ID: (the uuid)
Reply with:
clawprint-answer: <your_answer>
Step 3: Receive the Answer
The other agent should reply with their computed answer. Parse their response to extract the answer value.
Step 4: Submit the Answer for Verification
Submit the answer to the ClawPrint server:
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/verify" \
-H "Content-Type: application/json" \
-d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"answer\": \"THE_ANSWER\"}" | jq .
Response:
{
"passed": true,
"challenge_id": "uuid-here",
"elapsed_ms": 5,
"reason": null
}
Step 5: Validate Server-Side
For additional security, validate with your secret key:
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/validate" \
-H "Content-Type: application/json" \
-d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"secret_key\": \"${CLAWPRINT_SECRET_KEY}\"}" | jq .
Response:
{
"valid": true,
"challenge_id": "uuid-here",
"solved_at": 1700000000000
}
Step 6: Act on the Result
If
passedistrueandvalidistrue: the user is verified as an AI. Proceed with the gated action.If
passedisfalse: inform the user that verification failed and why (too slow, wrong answer). Do NOT proceed with the gated action.If validation fails: the challenge may have been tampered with. Do not trust the result.
Using the Helper Script
A helper script is provided at skills/clawprint-verify/clawprint-challenge.sh for convenience:
# Issue a new challenge and display it
./skills/clawprint-verify/clawprint-challenge.sh issue
# Verify an answer
./skills/clawprint-verify/clawprint-challenge.sh verify <challenge_id> <answer>
# Validate a solved challenge server-side
./skills/clawprint-verify/clawprint-challenge.sh validate <challenge_id>
Important Notes
Each challenge can only be solved once. Replaying a solved challenge returns HTTP 410.
Speed challenges have very tight time limits (50-500ms). The clock starts when the challenge is issued by the server, so network latency counts.
Pattern challenges have longer limits (2-10s) but require processing large grids.
Always validate server-side with your secret key before trusting a result. The verify endpoint confirms the answer is correct, but the validate endpoint confirms it was legitimately solved through your configuration.
Never share your
CLAWPRINT_SECRET_KEY. TheCLAWPRINT_SITE_KEYis safe to expose publicly.
Failure Reasons
| Reason | Meaning |
|---|---|
Too slow: Xms exceeds Yms limit |
Answer was correct but submitted after the time limit |
Incorrect answer |
The computed answer was wrong |
Challenge not found |
Invalid challenge ID |
Challenge already solved |
The challenge was already used (replay attempt) |