← Back to Skills Marketplace

Sovereign Identity

Name: Sovereign Identity
Author: tamtunnel

by TamTunnel · GitHub ↗ · v0.1.1

cross-platform ⚠ suspicious

649

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sovereign-id

Description

Manages decentralized identities, generates pairwise DIDs for B2C, signs mandates for B2B, and provides selective disclosure proofs without revealing private...

Usage Guidance

What to check before installing or running this skill: - Metadata mismatch: The registry metadata claims no required env vars, but skill.json/README and the scripts require CLAW_PASSWORD and expect AGENT_DID / AGENT_ENCRYPTED_KEY. Treat the skill as requiring a secret password and local encrypted key storage until the author clarifies this. - Inspect .env.agent and file permissions: onboarding writes an encrypted private key to .env.agent in the repo root. Ensure this file is truly gitignored, has restrictive filesystem permissions, and that you are comfortable storing the encrypted key locally. - Verify guardrail enforcement: SKILL.md promises identity_check and strict guardrails. Those appear as a standalone guardrail.ts script but are not wired into a runtime enforcement layer. Do not assume the skill will automatically run these checks for every outgoing call; the behavior depends on how the agent host integrates the scripts. - Run tests offline in a sandbox: Run the e2e/test scripts locally in an isolated environment (no network) to confirm behavior, and verify the CLI scripts only perform local crypto and file writes. - Confirm no network exfiltration: The codebase contains no explicit network calls, but verify you trust the repository owner and review package.json/respository pointers. If you cannot review the code, avoid providing CLAW_PASSWORD or running scripts on production systems. - Ask the author to fix documentation gaps: Require the skill author to update registry metadata to list CLAW_PASSWORD and document AGENT_* env usage, and to either implement identity_check as a callable automatic guard or document how the agent host must call guardrail.ts before external interactions. If you need to use this skill but are not comfortable auditing code, prefer running it in a tightly sandboxed environment and only after confirming the file outputs and behavior match your expectations.

Capability Analysis

Type: OpenClaw Skill Name: sovereign-id Version: 0.1.1 The OpenClaw Sovereign Identity skill is designed for secure self-sovereign identity management, including DID generation, mandate signing, and selective disclosure. It implements robust security measures: private keys are encrypted locally using AES-256-GCM with a `CLAW_PASSWORD` and stored in a git-ignored `.env.agent` file (`onboard.ts`, `sign_proof.ts`). Crucially, both `SKILL.md` and `AGENT.md` explicitly instruct the AI agent to 'TERMINATE' sessions if private keys or passwords are requested, a defense reinforced by `guardrail.ts` which strictly filters inputs for sensitive keywords like 'private key' or 'secret'. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. All operations are local and cryptographic, aligning with the stated purpose of secure identity management.

Capability Assessment

ℹ Purpose & Capability

The code implements DID generation, mandate signing, and SD-JWT creation/verification which matches the description. However the registry metadata at the top of the submission lists no required environment variables while skill.json and README explicitly require CLAW_PASSWORD and the runtime scripts expect AGENT_ENCRYPTED_KEY and AGENT_DID. That metadata mismatch is unexplained and reduces trust in the published manifest.

⚠ Instruction Scope

SKILL.md requires an identity_check(...) to run before any external API calls and lists helper functions (generate_did, sign_mandate, present_sd_jwt). There is no implementation named identity_check among the code files; the guardrail exists as a standalone script but is not wired into the other scripts or the SKILL.md 'brain'. The documentation implies the agent will automatically run these protections before contacting external parties, but the codebase provides only CLI scripts — there is no clear runtime integration that guarantees these checks are enforced.

✓ Install Mechanism

No install spec (instruction-only / script-based). Dependencies are standard npm packages listed in package.json; there are no downloads from arbitrary URLs or extract/install steps. This is lower-risk from an install-source perspective.

⚠ Credentials

Scripts require CLAW_PASSWORD and rely on a local .env.agent containing AGENT_DID and AGENT_ENCRYPTED_KEY. The top-level registry metadata in the submission declared no required env vars (contradicting skill.json and README). The skill reads sensitive material (encrypted private key) and requires a password to decrypt it; those are reasonable for a local identity skill, but the mismatch between declared and actual required env variables and the presence of additional env variables (AGENT_ENCRYPTED_KEY, AGENT_DID) that are not documented in the registry metadata is an incoherence that should be resolved before trusting the skill.

ℹ Persistence & Privilege

The skill writes local files (.env.agent, signed_mandate.json, public_jwk.json, .jti_ledger.json) in its script directories and the repository root. It does not request always:true or modify other skills. Persisting an encrypted key locally and creating ledgers is consistent with identity tooling, but users should be aware these files are created and control their filesystem permissions and gitignore status.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sovereign-id
After installation, invoke the skill by name or use /sovereign-id
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.1

- Migrated scripts and documentation to a new directory structure under `.agent/skills/identity-sovereign/` - Added project metadata and configuration files: `AGENT.md`, `CONTRIBUTING.md`, `README.md`, `package.json`, `skill.json`, `tsconfig.json` - Removed old scripts from the root `scripts/` directory - No changes to SKILL.md content

v0.1.0

- Initial release of the Sovereign Identity Skill. - Enables the agent to manage its own Decentralized Identifiers (DIDs) and generate cryptographic proofs for trust in B2B and B2C interactions. - Implements guidelines for privacy, selective disclosure, and unique identity management per interaction. - Includes a decision matrix to choose the correct identity persona and protocol based on context (Financial, Public/Browsing, Personal). - Provides helper tools for DID creation, authorization signing, and secure selective disclosure. - Establishes strict security guardrails for private key protection, user consent, and data minimization.

Metadata

Slug sovereign-id

Version 0.1.1

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Sovereign Identity?

Manages decentralized identities, generates pairwise DIDs for B2C, signs mandates for B2B, and provides selective disclosure proofs without revealing private... It is an AI Agent Skill for Claude Code / OpenClaw, with 649 downloads so far.

How do I install Sovereign Identity?

Run "/install sovereign-id" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sovereign Identity free?

Yes, Sovereign Identity is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sovereign Identity support?

Sovereign Identity is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sovereign Identity?

It is built and maintained by TamTunnel (@tamtunnel); the current version is v0.1.1.

More Skills