← Back to Skills Marketplace
Robot Id Card
by
Cosmos Fang
· GitHub ↗
· v0.4.0
· MIT-0
141
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install robot-id-card
Description
Bot 身份认证标准 — 为 AI Agent 和机器人签发加密身份证书,让网站信任你的 bot。 遵循 RFC 9421 HTTP Message Signatures 国际标准,与 Cloudflare Web Bot Auth 生态兼容。 内置 Ed25519 签名注册中心、JWKS 公钥目录、nonce...
Usage Guidance
This project appears coherent for providing bot identity and verification (registry + CLI + SDK + extension). Before installing or deploying: 1) Review the browser extension/background code to ensure it does not exfiltrate private keys or inject credentials to unintended hosts; 2) Keep generated private key files (bot.key.json / bot.ric.json) protected and do not publish them; 3) If you deploy the registry, set a strong RIC_ADMIN_KEY and run it in an isolated environment (or behind proper access controls); 4) Audit third‑party npm dependencies (npm install will pull many packages) and avoid installing globally on systems you do not trust; 5) If you need higher assurance, run the CLI/registry locally first and inspect network traffic to confirm private keys are never transmitted.
Capability Analysis
Type: OpenClaw Skill
Name: robot-id-card
Version: 0.4.0
The bundle implements a comprehensive bot identity standard (Robot ID Card) using Ed25519 signatures and RFC 9421. It includes a registry server (Fastify/SQLite), a CLI tool, a website SDK, and a browser extension. While the project handles sensitive cryptographic keys and the extension requires broad permissions to inject headers into outgoing requests, these capabilities are strictly aligned with the stated purpose of providing a 'bot passport' for authentication. The code includes security best practices such as nonce-based replay protection, automated reputation flagging, and local-only private key storage. No evidence of data exfiltration, backdoors, or malicious prompt injection was found across the packages.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description, declared requirements (Node >=18, npm), and included packages (registry, CLI, SDK, browser extension, dashboard) align with the stated purpose of issuing and verifying bot identity certificates. The code files implement a Fastify registry, CLI, SDK middleware and extension — all expected for this project.
Instruction Scope
SKILL.md sticks to the expected operations (keygen, register, claim, sign, run local registry, integrate middleware). It explicitly states private keys remain local and that the registry persists in SQLite. Caution: the browser extension and CLI write/read local key/certificate files; you should audit the extension/background logic and confirm private keys are never transmitted or read by the registry/extension in unexpected ways before use.
Install Mechanism
No special install spec in the skill bundle (instruction-only), and the repo recommends git clone + npm install or clawhub install. GitHub and npm (registry) are used — standard channels. Running npm install will pull third-party dependencies (package-lock.json lists many), so normal supply-chain risk applies; there are no unusual download URLs or URL shorteners in the instructions.
Credentials
SKILL.md declares no required environment variables for normal local use. The only notable secret is an optional RIC_ADMIN_KEY for deployed admin operations (Render). That credential is proportional to running a registry admin UI and is documented as deployment-only.
Persistence & Privilege
The skill runs as the invoking user and persists data in repository-local paths (SQLite under packages/registry/data or /data when deployed). It does not demand elevated privileges nor set always:true. Note that keys and certificates are stored on disk; keep them protected and consider running the registry in an isolated environment for production.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install robot-id-card - After installation, invoke the skill by name or use
/robot-id-card - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.0
v0.4.0: RFC 9421 HTTP Message Signatures alignment — standard Signature/Signature-Input/Signature-Agent headers, JWKS well-known endpoint, nonce replay protection, ric sign command, backward compat with X-RIC-* (deprecated)
v0.2.0
Version 0.2.0 (robot-id-card)
- Introduces a universal identity standard for AI bots with cryptographically signed Ed25519 certificates.
- Includes a public registry (Fastify + SQLite), CLI tool, browser extension (Manifest V3), and website SDKs for Express/Fastify.
- Adds a permission-based access control system (levels 0–5) and daily reputation accrual with auto-upgrade/downgrade based on activity or reports.
- Ensures bot privacy: keys are only stored locally, with no third-party API credentials required.
- Provides easy local deployment, persistent storage, and full uninstall via project directory removal.
Metadata
Frequently Asked Questions
What is Robot Id Card?
Bot 身份认证标准 — 为 AI Agent 和机器人签发加密身份证书,让网站信任你的 bot。 遵循 RFC 9421 HTTP Message Signatures 国际标准,与 Cloudflare Web Bot Auth 生态兼容。 内置 Ed25519 签名注册中心、JWKS 公钥目录、nonce... It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.
How do I install Robot Id Card?
Run "/install robot-id-card" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Robot Id Card free?
Yes, Robot Id Card is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Robot Id Card support?
Robot Id Card is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Robot Id Card?
It is built and maintained by Cosmos Fang (@cosmofang); the current version is v0.4.0.
More Skills