← Back to Skills Marketplace
bhawanakatiyar

cove

by bhawanakatiyar · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ✓ Security Clean
133
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install cove-plugin
Description
Chain of Verification (CoVe) — fact-check your responses against the user's knowledge base, memory, and web search before presenting them.
README (SKILL.md)

cove-verify

Verify factual claims in your responses using Chain of Verification (CoVe). The tool extracts claims, checks them against the user's workspace, memory, and optionally the web, then reports inaccuracies with corrections.

When to Use

You SHOULD verify your response when:

  • Making specific factual claims about the user's business, products, customers, or data
  • Citing dates, numbers, statistics, or metrics from the user's files
  • Referring to past conversations or decisions from memory
  • Answering questions about the user's documentation or policies

You do NOT need to verify:

  • General knowledge, common sense, or widely known facts
  • Code you wrote (test it instead)
  • Creative content, opinions, or brainstorming
  • Simple conversational responses

Usage

# Verify a response (basic — checks memory + workspace)
cove-verify -r "Alice is on the Enterprise tier and pays $499/month."

# Standard policy — also checks the web
cove-verify -r "Revenue grew 15% last quarter." -p standard

# Deep policy — multi-step reasoning with web search
cove-verify -r "The contract SLA is 99.9% uptime." -p deep

# Pipe from stdin
echo "Your subscription renews on April 1st." | cove-verify --stdin

# JSON output for programmatic use
cove-verify -r "Bob signed up on March 5th." -f json

# Strict mode — fail if claims can't be confirmed
cove-verify -r "The API rate limit is 1000 req/min." --strict

# Report only (no auto-correction)
cove-verify -r "Meeting is scheduled for 3pm." --no-correct

Options

Flag Short Description Default
--response -r Response text to verify
--stdin Read response from stdin false
--policy -p basic, standard, deep basic
--strict Fail if any claim is unverifiable false
--format -f text or json text
--no-correct Report only, don't auto-correct false

Policies

Policy Memory Workspace Web Search Use When
basic Internal facts (customers, products, config)
standard Facts that may need external confirmation
deep Critical claims requiring thorough verification

Workflow

  1. Draft your response as usual
  2. Run cove-verify -r "your response" to check claims
  3. Fix any inaccuracies (the tool suggests corrections)
  4. Send the corrected response

If the tool auto-corrects, use the corrected version. Let the user know you verified the response and share the results — transparency builds trust.

Data Access

This skill reads the following to build verification context:

  • Workspace files: text files in ~/.openclaw/workspace/ (top-level only, max 10KB each)
  • Memory files: markdown files in ~/.openclaw/workspace/memory/ (depth 2)
  • Memory database: text chunks from ~/.openclaw/memory/main.sqlite (max 20KB aggregate)
  • Custom paths: any paths listed in knowledge_sources.document_paths in your config

For standard and deep policies, it also queries the Brave Search API (requires BRAVE_API_KEY).

All data stays local to the verification pipeline — nothing is stored or sent beyond the configured LLM provider.

Exit Codes

  • 0 — All claims verified (or no claims found)
  • 1 — One or more claims are inaccurate
  • 2 — Strict mode: claims are unverifiable (not necessarily wrong)
Usage Guidance
This plugin appears to do what it says: it reads your OpenClaw workspace and agent memory, optionally queries a vector DB and Brave Search, and calls an LLM (either via direct API keys or the local sidecar) to verify claims. Before installing, consider: 1) review and consent to the directories it will read (~/.openclaw/workspace/, ~/.openclaw/workspace/memory/, ~/.openclaw/memory/main.sqlite and any paths you add to document_paths); 2) prefer using the local sidecar proxy if you do not want to supply direct LLM API keys to the plugin; 3) if you enable web search or a remote vector store, those network endpoints and API keys will be used — verify and limit them as needed; 4) the plugin extracts printable text from the SQLite memory DB using a heuristic parser (not a sqlite binding) — if your DB contains sensitive blobs or large binary artifacts, review that behavior first; and 5) installation instructions suggest copying files to system locations (/usr/local/bin), which requires admin rights — perform the copy only if you trust the code and review the source (it is included). If you want extra assurance, run the included tests in a non-sensitive environment and inspect the cove source files for any changes before enabling auto_verify.
Capability Analysis
Type: OpenClaw Skill Name: cove-plugin Version: 1.0.3 The cove-plugin implements the Chain of Verification (CoVe) technique to fact-check agent responses against local and external knowledge sources. It extracts factual claims and verifies them using the agent's workspace files, memory (via a custom SQLite scraper in src/knowledge.js), and web search (src/web_search.js). While the plugin requires broad read access to the ~/.openclaw/ directory and sends data to external LLM APIs (Gemini, Anthropic, OpenAI), these behaviors are explicitly declared in plugin.json and SKILL.md and are necessary for its stated purpose. The implementation is transparent, lacks external dependencies, and contains no evidence of malicious intent, obfuscation, or unauthorized data exfiltration.
Capability Assessment
Purpose & Capability
The plugin declares and implements functionality to extract claims and verify them against local workspace files, agent memory (including a memory SQLite DB), optional vector stores, and optional Brave web search. Required bits (node runtime, optional LLM API keys or sidecar proxy, optional Brave key, vector store URL) are consistent with that purpose. Plugin metadata, code, and README consistently describe these capabilities.
Instruction Scope
SKILL.md and plugin.json explicitly state the skill reads ~/.openclaw/workspace/, ~/.openclaw/workspace/memory/, and ~/.openclaw/memory/main.sqlite — the implementation follows that and also collects top-level .md/.txt files from the .openclaw root and any user-configured document_paths. This is coherent with verification needs, but two points to be aware of: (1) the code uses a heuristic parser to extract printable text from the SQLite file (readMemoryDb) rather than using sqlite bindings; that will scan the binary DB for printable strings and could pull any long text stored there; (2) USAGE.md/README text and code caps (per-file and aggregate context caps) are applied, but install instructions suggest copying binaries into system paths (e.g., /usr/local/bin) which requires admin rights — installation is manual and not auto-run by the skill itself.
Install Mechanism
There is no automated installer in the registry spec (instruction-only install). The repo contains a CLI and README with copy/clone instructions; no remote downloads, URL shorteners, or extract-from-untrusted-URL installs are present. The plugin claims zero npm dependencies and uses only Node built-ins, which matches package.json. Installation guidance suggests copying files to system locations, which is normal but requires privilege and user consent.
Credentials
Requested environment variables are proportional: either a direct LLM API key (GEMINI/ANTHROPIC/OPENAI or COVE_LLM_API_KEY) or use of the local sidecar (OPENCLAW_PROXY_PORT / SIDECAR_PROXY_KEY). BRAVE_API_KEY is optional and only required for web search. Vector-store URL/api_key are optional and only used if configured. There is a small metadata mismatch: the registry summary showed 'required env vars: none' while plugin.json & SKILL.md indicate one-of GEMINI/ANTHROPIC/OPENAI (or sidecar) — this is a documentation/metadata inconsistency but not a functional red flag.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configs. It can be invoked autonomously by the agent (default platform behavior), but auto_verify is opt-in in config. The plugin logs to stdout (captured by OpenClaw) and can be configured to auto-correct responses; these are expected behaviours for a verification skill. No persistent backdoor or privilege escalation is present.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cove-plugin
  3. After installation, invoke the skill by name or use /cove-plugin
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
**1.0.3 adds transparency and documents data sources and environment variables.** - Updated skill metadata to declare required/optional environment variables and data reads. - Added a new "Data Access" section describing exactly what files and APIs are read for verification. - Clarified that users should be informed when verification occurs to promote transparency. - No code changes; documentation and metadata only.
v1.0.2
v1.0.2 - No code or documentation changes detected in this release. - Version bump only; functionality remains unchanged.
v1.0.1
No changes detected in this version. - Version 1.0.1 released with no file updates or changelog items.
v1.0.0
- Initial release of cove-verify for fact-checking responses using the Chain of Verification (CoVe) workflow. - Supports verifying claims against user workspace, memory, and web search with selectable policies (basic, standard, deep). - Provides options for strict mode, reporting only, JSON output, and stdin piping. - Includes clear guidelines on when verification is required and detailed usage instructions. - Returns exit codes to indicate claim accuracy and verifiability.
Metadata
Slug cove-plugin
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is cove?

Chain of Verification (CoVe) — fact-check your responses against the user's knowledge base, memory, and web search before presenting them. It is an AI Agent Skill for Claude Code / OpenClaw, with 133 downloads so far.

How do I install cove?

Run "/install cove-plugin" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is cove free?

Yes, cove is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does cove support?

cove is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created cove?

It is built and maintained by bhawanakatiyar (@bhawanakatiyar); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments