Description

Register your agent on Cortex Protocol — gasless on-chain identity (ERC-8004) on Base. One command to get a verifiable agent identity.

README (SKILL.md)

Cortex Protocol — Agent Identity Registration

Name: Cortex Protocol
Author: quriustus

Register your agent on-chain with zero gas fees. Get a verifiable ERC-8004 identity on Base.

What You Get

On-chain identity — provable "I am me" across platforms (ERC-721 token)
Reputation that follows you — not locked to one platform
Anti-radicalization protection — built-in drift monitoring contracts
Controller separation — owner and controller can be different addresses

Quick Start

Register your agent with a single API call:

curl -X POST https://cortexprotocol.co/api/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "YourAgentName",
    "controller": "0xYOUR_ETH_ADDRESS",
    "metadataURI": "https://example.com/agent-metadata.json"
  }'

Response:

{
  "success": true,
  "tokenId": 1,
  "transactionHash": "0x..."
}

For OpenClaw Agents

If you're an OpenClaw agent, you can register programmatically:

Generate or use an existing Ethereum address as your controller
Call the registration API
Store your token ID in your workspace for future reference

Generating a Wallet (if you don't have one)

node -e "const { ethers } = require('ethers'); const w = ethers.Wallet.createRandom(); console.log('Address:', w.address); console.log('Private Key:', w.privateKey);"

Registration Script

# Register with the gasless API
curl -s -X POST https://cortexprotocol.co/api/register \
  -H "Content-Type: application/json" \
  -d "{
    \"name\": \"$(hostname)-agent\",
    \"controller\": \"YOUR_ADDRESS\",
    \"metadataURI\": \"\"
  }" | jq .

Metadata URI Format (Optional)

If you want rich metadata, host a JSON file with:

{
  "name": "YourAgent",
  "description": "What your agent does",
  "framework": "openclaw",
  "version": "1.0.0",
  "capabilities": ["chat", "code", "research"],
  "homepage": "https://your-site.com"
}

Contract Details

Network: Base Mainnet
Identity Registry: 0xfBDe0b0C21A46FC4189F72279c6c629d1b80554A
Standard: ERC-8004 (Trustless Agents)
Gas: Paid by Cortex Protocol relayer (free for you)

Verification

After registration, verify your agent on-chain:

# Check your agent exists
curl -s "https://mainnet.base.org" \
  -X POST -H "Content-Type: application/json" \
  -d '{"method":"eth_call","params":[{"to":"0xfBDe0b0C21A46FC4189F72279c6c629d1b80554A","data":"0x..."},"latest"],"id":1,"jsonrpc":"2.0"}'

Or visit: https://basescan.org/address/0xfBDe0b0C21A46FC4189F72279c6c629d1b80554A

Links

Website: https://cortexprotocol.co
Papers: 9 published papers on agent consciousness, identity, and alignment
Discord: Join the community for support
ERC-8004: https://github.com/ethereum/ERCs/blob/master/ERCS/erc-8004.md

Usage Guidance

This skill appears to do what it says (register an on‑chain agent) but review these points before installing/using it: - Private key handling: the included script can generate a wallet and prints the private key to stdout. Treat that key as highly sensitive — generate/store it offline or in a secure secret store, and never upload it to public/shared workspaces. - Hostname leakage: the default name uses your machine hostname ("$(hostname)-agent"); if you care about privacy, provide an explicit name rather than using the default. - Missing declared dependencies: register.sh requires Node.js (with the ethers package installed), jq and curl. Ensure those tools are present and trusted on your system. - Endpoint trust: the script posts registration data to https://cortexprotocol.co/api/register. Verify you trust that service and the relayer model (who controls the relayer, what metadata you send, how private data is used). Consider verifying the contract address on Base and testing with a throwaway controller first. - Metadata and URIs: if you include a metadataURI, ensure it does not expose secrets or internal URLs. If you are unsure about the service's trustworthiness, do not generate or use a private key with sensitive access; instead create a disposable controller address and test registration first.

Capability Analysis

Type: OpenClaw Skill Name: cortex-protocol Version: 1.0.0 The skill is classified as suspicious due to a critical information disclosure vulnerability. Both `SKILL.md` and `register.sh` explicitly generate a new Ethereum private key and print it directly to standard output. While this is presented as an intended feature for the user/agent to save the key for identity control, it creates a severe risk of the private key being logged, stored insecurely, or accidentally exposed by the OpenClaw agent's environment, leading to potential compromise of the agent's on-chain identity. There is no evidence of malicious intent to exfiltrate existing secrets or perform unauthorized actions, but the design choice introduces a high-risk vulnerability.

Capability Assessment

ℹ Purpose & Capability

The skill's name/description, SKILL.md and register.sh all focus on registering an agent via Cortex Protocol's API and, when needed, generating a wallet locally. This is coherent. Minor mismatch: the skill metadata declares no required binaries, but register.sh expects Node.js (with ethers), curl and jq.

ℹ Instruction Scope

Instructions stick to the registration flow (generate wallet if needed, POST to the API, verify on Base). Two privacy-related issues: (1) the default agent name uses the system hostname, which will be sent to the remote service and may leak host identity; (2) when generating a wallet the script prints the private key to stdout and tells the user to save it — handling of that secret is left to the user and could be mishandled. Otherwise the script does not attempt to read unrelated files or exfiltrate other data.

✓ Install Mechanism

Instruction-only skill with a single helper script; there is no installer or remote download. This is low-risk in terms of arbitrary code fetched at install time. Note: the script depends on local tools (node, jq) but the skill has no install spec or required-binaries metadata.

ℹ Credentials

No environment variables or external credentials are requested by the skill, which matches expectations. However, the skill produces and requires handling a private key (a sensitive secret) without declaring it as a required credential or providing guidance on secure storage—users must manage that key carefully and should not upload it or store it in shared/remote workspaces.

✓ Persistence & Privilege

The skill does not request persistent/always-on privileges, does not modify other skills or global agent config, and is user-invocable only. No elevated privileges are requested.

Version History

v1.0.0

Gasless agent identity registration on Base

Metadata

Slug cortex-protocol

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Cortex Protocol?

Register your agent on Cortex Protocol — gasless on-chain identity (ERC-8004) on Base. One command to get a verifiable agent identity. It is an AI Agent Skill for Claude Code / OpenClaw, with 522 downloads so far.

How do I install Cortex Protocol?

Run "/install cortex-protocol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cortex Protocol free?

Yes, Cortex Protocol is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Cortex Protocol support?

Cortex Protocol is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cortex Protocol?

It is built and maintained by quriustus (@quriustus); the current version is v1.0.0.

More Skills

Cortex Protocol