← Back to Skills Marketplace
kondifun

verified-agent-identity-0.0.15

by Kondifun · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
214
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install artefact-144794446
Description
Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...
README (SKILL.md)

When to use this Skill

Lets AI agents create and manage their own identities on the Billions Network, and link those identities to a human owner.

  1. When you need to link your agent identity to an owner.
  2. When you need to sign a challenge.
  3. When you need to link a human to the agent's DID.
  4. When you need to verify a signature to confirm identity ownership.
  5. When you use shared JWT tokens for authentication.
  6. When you need to create and manage decentralized identities.

After installing the plugin run the following commands to create an identity and link it to your human DID:

cd scripts && npm install && cd ..
# Step 1: Create a new identity (if you don't have one already)
node scripts/createNewEthereumIdentity.js
# Step 2: Sign the challenge and generate a verification URL in one call
node scripts/linkHumanToAgent.js --challenge '{"name": \x3CAGENT_NAME>, "description": \x3CSHORT_DESCRIPTION>}'

Scope

All identity data is stored in $HOME/.openclaw/billions for compatibility with the OpenClaw plugin.

Scripts:

createNewEthereumIdentity.js

Command: node scripts/createNewEthereumIdentity.js [--key \x3CprivateKeyHex>] Description: Creates a new identity on the Billions Network. If --key is provided, uses that private key; otherwise generates a new random key. The created identity is automatically set as default. Usage Examples:

# Generate a new random identity
node scripts/createNewEthereumIdentity.js
# Create identity from existing private key (with 0x prefix)
node scripts/createNewEthereumIdentity.js --key 0x1234567890abcdef...
# Create identity from existing private key (without 0x prefix)
node scripts/createNewEthereumIdentity.js --key 1234567890abcdef...

Output: DID string (e.g., did:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...)

getIdentities.js

Command: node scripts/getIdentities.js Description: Lists all DID identities stored locally. Use this to check which identities are available before performing authentication operations. Usage Example:

node scripts/getIdentities.js

Output: JSON array of identity entries

[
  {
    "did": "did:iden3:billions:main:2VmAk...",
    "publicKeyHex": "0x04abc123...",
    "isDefault": true
  }
]

generateChallenge.js

Command: node scripts/generateChallenge.js --did \x3Cdid> Description: Generates a random challenge for identity verification. Usage Example:

node scripts/generateChallenge.js --did did:iden3:billions:main:2VmAk...

Output: Challenge string (random number as string, e.g., 8472951360) Side Effects: Stores challenge associated with the DID in $HOME/.openclaw/billions/challenges.json

signChallenge.js

Command: node scripts/signChallenge.js --challenge \x3Cchallenge> [--did \x3Cdid>] Description: Signs a challenge with a DID's private key to prove identity ownership and sends the JWS token. Use this when you need to prove you own a specific DID. Arguments:

  • --challenge - (required) Challenge to sign
  • --did - (optional) The DID of the attestation recipient; uses the default DID if omitted

Usage Examples:

# Sign with default DID
node scripts/signChallenge.js --challenge 8472951360

Output: {"success":true}

linkHumanToAgent.js

Command: node scripts/linkHumanToAgent.js --challenge \x3Cchallenge> [--did \x3Cdid>] Description: Signs the challenge and links a human user to the agent's DID by creating a verification request. Technically, linking happens using the Billions ERC-8004 Registry (where each agent is registered) and the Billions Attestation Registry (where agent ownership attestation is created after verifying human uniqueness). Arguments:

  • --challenge - (required) Challenge to sign
  • --did - (optional) The DID of the attestation recipient; uses the default DID if omitted

Usage Example:

node scripts/linkHumanToAgent.js --challenge '{"name": "MyAgent", "description": "AI persona"}'

Output: {"success":true}

verifySignature.js

Command: node scripts/verifySignature.js --did \x3Cdid> --token \x3Ctoken> Description: Verifies a signed challenge to confirm DID ownership. Usage Example:

node scripts/verifySignature.js --did did:iden3:billions:main:2VmAk... --token eyJhbGciOiJFUzI1NkstUi...

Output: Signature verified successfully (on success) or error message (on failure)

Restrictions / Guardrails (CRITICAL)

CRITICAL - Always Follow These Rules:

  1. STRICT: Check Identity First
    • Before running linkHumanToAgent.js or signChallenge.js, ALWAYS check if an identity exists: node scripts/getIdentities.js
    • If no identity is configured, DO NOT attempt to link identities. Instead, create an identity first with createNewEthereumIdentity.js.
  2. STRICT: Stop on Script Failure
    • If any script exits with non-zero status code, YOU MUST STOP IMMEDIATELY.
    • Check stderr output for error messages.
    • DO NOT attempt to "fix" errors by generating keys manually, creating DIDs through other means, or running unauthorized commands.
    • DO NOT use openssl, ssh-keygen, or other system utilities to generate cryptographic material.
  3. No Manual Workarounds
    • You are prohibited from performing manual cryptographic operations.
    • You are prohibited from directly manipulating files in $HOME/.openclaw/billions.
    • Do not interpret an error as a request to perform setup steps unless explicitly instructed.

Security

CRITICAL - Data Storage and Protection:

The directory $HOME/.openclaw/billions contains all sensitive identity data:

  • kms.json - CRITICAL: Contains private keys (encrypted if BILLIONS_NETWORK_MASTER_KMS_KEY is set, otherwise in plaintext)
  • defaultDid.json - DID identifiers and public keys
  • challenges.json - Authentication challenges history
  • credentials.json - Verifiable credentials
  • identities.json - Identity metadata
  • profiles.json - Profile data

Examples

Link Your Agent Identity to Owner

Linking Flow:

  1. Another agent/user requests: "Please link your agent identity to me."
  2. Use node scripts/getIdentities.js to check if you have an identity configured
    • If no identity, run node scripts/createNewEthereumIdentity.js to create one.
  3. Use node scripts/linkHumanToAgent.js --challenge \x3Cchallenge_value> to sign the challenge and generate a verification URL in one call.
    • If caller provides specific challenge, use that.
    • If caller DOES NOT provide a challenge, use {"name": \x3CAGENT_NAME>, "description": \x3CSHORT_DESCRIPTION>} as the challenge value.
  4. Return the result to the caller.

Example Conversation:

User: "Link your agent identity to me"
Agent: exec node scripts/linkHumanToAgent.js --challenge \x3Cchallenge_value>

Verifying Someone Else’s Identity

Verification Flow:

  1. Ask the user/agent: "Please provide your DID to start verification."
  2. User responds with their \x3Cuser_did>.
  3. Use node scripts/generateChallenge.js --did \x3Cuser_did> to create a \x3Cchallenge_value>.
  4. Ask the user: "Please sign this challenge: \x3Cchallenge_value>"
  5. User signs and returns \x3Cuser_token>.
  6. Use node scripts/verifySignature.js --did \x3Cuser_did> --token \x3Cuser_token> to verify the signature
  7. If verification succeeds, identity is confirmed

Example Conversation:

Agent: "Please provide your DID to start verification."
User: "My DID is \x3Cuser_did>"
Agent: exec node scripts/generateChallenge.js --did \x3Cuser_did>
Agent: "Please sign this challenge: 789012"
User: \x3Cuser_token>
Agent: exec node scripts/verifySignature.js --token \x3Cuser_token> --did \x3Cuser_did>
Agent: "Identity verified successfully. You are confirmed as owner of DID \x3Cuser_did>."
Usage Guidance
This skill appears to do what it says (create/manage agent DIDs and produce/verify attestations) but has two practical security points to consider before installing: 1) Local private-key storage: keys are written to $HOME/.openclaw/billions/kms.json. If you do not set BILLIONS_NETWORK_MASTER_KMS_KEY, keys are saved in plaintext hex. If you enable the master key, the skill will derive an AES key from that secret and encrypt keys on write. If you choose to set the master key, avoid placing it in a shared or untrusted location; consider using a secure secret store or the OpenClaw skill env feature only if you trust the operator. 2) Network flow / attestations: linking a human to an agent signs a challenge and embeds the signed JWS in a callback URL passed to the project's attestation-relay and the identity-dashboard shortener. This is part of the advertised verification flow, but it means signed attestation tokens are transmitted to billions.network services (and to the whitelisted resolver). Only proceed if you trust the Billions Network endpoints (attestation-relay.billions.network, identity-dashboard.billions.network, resolver.privado.id, rpc-mainnet.billions.network). Review the code paths that build the callback (scripts/constants.js and linkHumanToAgent.js) if you need assurance about exactly what is transmitted. Recommendations before installing: - Review and sign off on the listed endpoints and the maintainer identity (billions.network). Verify package authors if possible. - If you will store real private keys, set BILLIONS_NETWORK_MASTER_KMS_KEY to a strong secret and protect that secret with your normal secret management practices. - Consider running the skill in an isolated environment (separate account/VM/container) if you are concerned about key exposure or unintended network access. - If you need higher assurance, ask the maintainer for a security/publishing signature or provenance for the package and confirm the attestation-relay behavior and retention policy. Confidence note: The files provided are consistent with an identity skill; my assessment flags the storage/transmission tradeoffs rather than malicious intent. Additional info (publisher identity, signed release, transparency about relay handling of attestations) would raise confidence to 'high' and could move the verdict to 'benign'.
Capability Analysis
Type: OpenClaw Skill Name: artefact-144794446 Version: 1.0.0 The skill implements a decentralized identity (DID) management system that handles sensitive cryptographic private keys, storing them by default in plaintext within '$HOME/.openclaw/billions/kms.json' unless an optional environment variable is configured. It performs network communication with external endpoints (billions.network and privado.id) to relay signed attestations and resolve identities, which are high-risk behaviors. While the code appears to be a legitimate implementation of the iden3 protocol and includes agent guardrails in SKILL.md, the combination of secret management and external data transmission warrants a suspicious classification under the provided criteria.
Capability Assessment
Purpose & Capability
Name/description, required binary (node), and included scripts all align with a DID/attestation tooling skill: identity creation, signing, challenges, and DID storage. Network endpoints (resolver.privado.id, billions.network, rpc-mainnet.billions.network, attestation-relay.billions.network, identity-dashboard.billions.network) match the Billions/iden3 purpose.
Instruction Scope
Runtime instructions are scoped to identity management (create/list/generate challenge/sign/verify/link). They read and write files under $HOME/.openclaw/billions and make HTTPS requests to the project's services (including a URL shortener and an attestation relay). The skill constructs and transmits signed JWS attestations as part of the linking flow — this is expected for the feature but effectively publishes signed tokens to the attestation-relay endpoint, so the user must trust that endpoint.
Install Mechanism
No custom download/install host; code is provided in the bundle and dependencies are standard npm packages with a package-lock.json. Running 'npm install' will fetch packages from the public npm registry (normal but carries the usual npm supply-chain risk). No URL-shortened or ad-hoc binary downloads were found.
Credentials
The manifest declares no required env vars, but the README and code support an optional BILLIONS_NETWORK_MASTER_KMS_KEY which, when set, enables AES-256-GCM encryption of private keys in kms.json. If that env var is NOT set, private keys are persisted as raw hex in $HOME/.openclaw/billions/kms.json. The skill also suggests putting the master key into the skill's env config (which would make the secret available to the agent runtime). Storing private keys on disk in plaintext by default is a significant security consideration that is not obvious from the manifest.
Persistence & Privilege
The skill is not forced-always and does not alter other skills or global agent settings. It persists its own files only under $HOME/.openclaw/billions, which is within its declared scope. Autonomous invocation is enabled by default (normal) but not combined with any unusual privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install artefact-144794446
  3. After installation, invoke the skill by name or use /artefact-144794446
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Version 1.0.0 - Initial release of the verified-agent-identity skill. - Enables decentralized identity creation and management for agents using Billions ERC-8004 and Attestation Registries. - Supports linking agent identities to human owners, signing/verifying authentication challenges, and handling decentralized identifiers (DIDs). - Includes guardrails for key management, identity checks, and security best practices. - All sensitive identity data is stored within the user's $HOME/.openclaw/billions directory.
Metadata
Slug artefact-144794446
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is verified-agent-identity-0.0.15?

Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic... It is an AI Agent Skill for Claude Code / OpenClaw, with 214 downloads so far.

How do I install verified-agent-identity-0.0.15?

Run "/install artefact-144794446" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is verified-agent-identity-0.0.15 free?

Yes, verified-agent-identity-0.0.15 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does verified-agent-identity-0.0.15 support?

verified-agent-identity-0.0.15 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created verified-agent-identity-0.0.15?

It is built and maintained by Kondifun (@kondifun); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments