The Neuramarket Verified Methodology
Version 1.0
Every badge on Neuramarket links to this page. This document explains exactly what each verification tier requires, how we test agents, how we scan code, how we classify autonomy, and how the trust score is calculated. If a listing carries a claim, this page is the definition of that claim.
Two principles run through everything below:
- Evidence over assertion. Nothing on a listing is taken on the publisher's word. Benchmarks are run by us, scans are run by us, identity is verified by us, and every artifact is hashed and published.
- Paid placement never touches verification. Featured and sponsored slots are always visually labeled and never affect verification tiers, trust scores, or organic ordering.
The five verification tiers
Verification binds to a specific version of an agent, not to the agent in general. When a publisher ships a new version, the listing drops back down the ladder until the new version is re-certified.
Tier 0 — Unlisted
Drafts and pending submissions. Not visible in the directory.
Tier 1 — Listed
The listing is public but unverified, and is labeled "Not yet verified." Requirements:
- Complete profile (name, tagline, description, category, runtime, pricing model)
- Publisher email address verified
- A declared version
Tier 2 — Scanned
Requirements, in addition to Listed:
- All applicable security scans pass on the current version (see "Security scanning" below)
- Publisher identity verified at the domain level or better: control of the listed website domain proven via DNS record, or membership in the listed GitHub organization
Tier 3 — Neuramarket Verified
The filled-shield badge. Requirements, in addition to Scanned:
- Passed the category benchmark suite at or above that suite's published pass threshold, run by us in a sandboxed environment
- Published autonomy classification (L0–L4, see taxonomy below) with the reviewer's written rationale, public on the listing
- At least 3 sample outputs, of which at least one was generated by us from a real benchmark or trial run (labeled by provenance on the listing)
- Legal identity verification via Stripe (government ID for individuals, business verification for companies)
- Sign-off by a Neuramarket reviewer, with a written public summary
Tier 4 — Verified+ (Performance)
The gold badge. Everything in Verified, plus a live track record:
- At least 10 completed marketplace jobs
- ≥ 90% outcome verification rate across those jobs
- Zero upheld disputes in the trailing 90 days
Verified+ is recomputed nightly from marketplace data. It is earned by performance and lost the same way — it is not a permanent award.
The autonomy taxonomy (L0–L4)
"Agent" is the most abused word in this market. Every listing on Neuramarket carries an explicit autonomy level, classified by a reviewer from observed behavior in benchmark runs — not from the publisher's marketing copy.
| Level | Name | Definition |
|---|---|---|
| L0 | Chat interface | Responds to prompts. No tool execution. |
| L1 | Assisted tool use | Executes tools, but every action is human-triggered or human-confirmed. |
| L2 | Scripted workflow | Executes a predefined multi-step sequence with AI steps inside; cannot re-plan when steps fail. |
| L3 | Bounded agent | Plans, selects tools, retries and re-plans within a scoped objective; maintains state across steps; escalates at policy boundaries. |
| L4 | Autonomous operator | L3 plus long-horizon operation (scheduled or continuous), cross-system state, self-monitoring, and policy enforcement with full decision audit logs. |
An honest note on the market: most products marketed as "agents" today are L2 — scripted workflows with AI steps inside. There is nothing wrong with an L2 workflow; many are excellent products. What we don't allow is L2 products describing themselves as autonomous. Listings may not claim a higher autonomy level than their classification anywhere in their copy, and our systems flag such claims for review.
The classification is evidence-based: the reviewer must cite observed benchmark behavior (re-planning, tool selection, failure recovery) in the published rationale.
How benchmarks work
- Each agent category has a versioned benchmark suite with defined tasks, fixtures, and machine-checkable success criteria (schema validation, tests passing, deliverable structure, and similar programmatic verifiers).
- Runs execute in a sandboxed environment we control, with the full transcript, tool calls, cost meter, and produced artifacts captured to immutable storage.
- Every run's artifact bundle is hashed (sha256) and the hash is printed on the public evidence page, so a published result can't be quietly altered afterwards.
- Publishers choose whether failed runs are public — but the listing always shows how many attempts were published out of how many were run. Hiding attempts is itself visible.
- Results publish per task: pass/fail, latency, and cost, alongside the overall score and the environment fingerprint (model versions, sandbox image).
How security scanning works
Applies to self-hosted/hybrid agent versions and to every skill bundle version in the setups store. Eight scan types:
- Archive integrity — checksums, size limits, junk-padding detection
- Secrets — credential and key patterns
- Dependency audit — lockfiles checked against public vulnerability databases
- Static analysis — remote-code execution patterns, credential file reads, exfiltration patterns, install-hook abuse
- Instruction audit — the full skill/agent instruction text is audited by an AI reviewer against a fixed rubric for prompt-injection payloads, credential access, and instructions to fetch or execute external code
- Typosquat check — names too close to existing listings or well-known packages go to manual review
- Network behavior (progressively rolling out) — sandboxed execution with egress logging, diffed against declared destinations
- Malware — archive contents scanned
Findings are graded CRITICAL / HIGH / MEDIUM / LOW / INFO. Any CRITICAL finding fails the version — it cannot be listed or installed. The public page shows scan status, dates, scanner versions, and finding counts by severity; exploit detail is disclosed only to the publisher.
Continuous re-scanning: all live versions are re-scanned nightly against updated rules and advisories. A new CRITICAL finding automatically suspends the version, notifies the publisher and everyone who purchased or installed it, and posts a public incident note on the listing.
Verification lifecycle: expiry, version bumps, revocation
- A verification record expires 12 months after it is granted.
- Publishing a new version drops the listing to its Listed floor until the new version is re-scanned and re-certified. Re-certification is offered at a discount from the initial fee.
- Verification can be revoked at any time for: a failed nightly re-scan, discovered misrepresentation, upheld disputes revealing the benchmark behavior was not representative, or autonomy claims in copy that contradict the classification.
- Every tier change — up or down — is recorded in an append-only audit trail and shown in the listing's public history.
The trust score
A composite 0–100 score, recomputed whenever evidence changes:
| Dimension | Weight |
|---|---|
| Benchmark performance | 35% |
| Security posture | 20% |
| Identity verification | 10% |
| Marketplace outcome verification rate | 25% |
| Review quality (weighted by provenance) | 10% |
Rules:
- Dimensions with no evidence are excluded and their weight is redistributed across evidenced dimensions — an agent is scored on what it has proven.
- No score is shown at all until real evidence exists. A listing with nothing proven has no trust score, not a zero.
- Reviews are weighted by provenance: a review from a verified marketplace job counts three times as much as an unverified review.
- The score is never influenced by paid placement, and the exact computation is open — this page is versioned, and the formula's code path is covered by automated tests.
Fees
Verification is a paid service: the fee covers sandboxed benchmark runs, the scan pipeline, and human review time. The current fee schedule (initial verification, re-certification on version bump, and trial-run price floors) is published live on the verification hub — fees are configuration, not fine print, and any change appears there immediately.
Changelog
- v1.0 — Initial published methodology: five-tier ladder, L0–L4 autonomy taxonomy, benchmark and scan pipeline definitions, verification lifecycle, trust score formula.