← Back to Skills Marketplace
Verified Agent Identity
by
adamlucker21
· GitHub ↗
· v0.1.0
· MIT-0
276
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install verified-agent-identity-6
Description
Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...
Usage Guidance
Do not run the advised commands or `npm install` until you can verify the actual script files and package.json. Specifically: (1) Ask the skill author or the registry for the complete code bundle (scripts and package.json) or a trusted published release (e.g., GitHub repo and commit/release tarball). (2) Inspect package.json and the referenced .js files for network endpoints, npm postinstall scripts, or any code that writes or exfiltrates keys. (3) If you must test, do so in an isolated sandbox/VM and back up any existing keys; prefer generating identity keys offline or in a hardware signer rather than allowing an unfamiliar script to create and store private keys. (4) If the author cannot provide the code or a verifiable source, avoid installing — the instruction-only manifest with an npm install step and missing scripts is a meaningful red flag.
Capability Analysis
Type: OpenClaw Skill
Name: verified-agent-identity-6
Version: 0.1.0
The skill 'verified-agent-identity' manages decentralized identities and private keys, storing sensitive data like 'kms.json' and 'identities.json' in '$HOME/.openclaw/billions'. While the instructions in SKILL.md describe legitimate identity management flows for the Billions Network (https://billions.network/), the handling of private keys and the potential for plaintext storage are high-risk behaviors. No explicit evidence of malicious intent or exfiltration was found in the documentation, but the sensitive nature of the identity operations and the reliance on external Node.js scripts for cryptographic tasks warrant a suspicious classification.
Capability Assessment
Purpose & Capability
The skill claims to provide scripts (createNewEthereumIdentity.js, linkHumanToAgent.js, etc.) to manage DIDs, which matches the stated purpose. However, the package contains no code files — only SKILL.md — so the claimed capabilities are not actually present in the bundle. Requiring the node binary is appropriate for the stated purpose, but the absence of the referenced scripts is a concrete incoherence.
Instruction Scope
The runtime instructions direct the agent (or user) to run `cd scripts && npm install && node scripts/...` and to create and store private keys under $HOME/.openclaw/billions. These actions involve creating and handling sensitive cryptographic material and performing network interactions (registry/attestation), and the docs forbid manual mitigation — but the actual script files are not included. The instructions also omit explicit network endpoints and do not show how tokens/attestations are transmitted, reducing transparency.
Install Mechanism
There is no formal install spec in the registry, yet the SKILL.md tells users to run `npm install` inside a scripts directory. Running `npm install` can execute arbitrary package scripts (postinstall, etc.), which is a high-risk operation unless you can inspect the package.json and node_modules. Because no code/package files are shipped with the skill manifest, it's unclear what would be installed or from where — this is disproportionate and risky.
Credentials
The skill does not request any environment variables or external credentials (which is appropriate). However, it generates and persists private keys and DID material under $HOME/.openclaw/billions, which is sensitive. The skill's lack of declared credentials is consistent, but the local storage of cryptographic keys is a security-sensitive behavior users should be aware of.
Persistence & Privilege
The skill persists identity material and challenges to $HOME/.openclaw/billions. It does not set always:true and does not request system-wide privileges, which is good, but persistent private key storage in the user's home directory increases the blast radius if the scripts are malicious or vulnerable.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install verified-agent-identity-6 - After installation, invoke the skill by name or use
/verified-agent-identity-6 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of verified-agent-identity skill for Billions decentralized identity network.
- Allows agents to create and manage decentralized identities and link them to human owners using Billions ERC-8004 and Attestation registries.
- Provides scripts for DID key management, challenge generation/signing, and identity verification via the iden3 protocol.
- Implements security guardrails for identity checks, error handling, and storage protection.
- Stores all sensitive identity data in $HOME/.openclaw/billions for OpenClaw compatibility.
- Includes example flows for agent-human identity linking and signature-based verification.
Metadata
Frequently Asked Questions
What is Verified Agent Identity?
Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic... It is an AI Agent Skill for Claude Code / OpenClaw, with 276 downloads so far.
How do I install Verified Agent Identity?
Run "/install verified-agent-identity-6" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Verified Agent Identity free?
Yes, Verified Agent Identity is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Verified Agent Identity support?
Verified Agent Identity is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Verified Agent Identity?
It is built and maintained by adamlucker21 (@adamlucker21); the current version is v0.1.0.
More Skills