← Back to Skills Marketplace
frozeman

Universal Profile

by Fabian Vogelsteller · GitHub ↗ · v0.9.0 · MIT-0
cross-platform ✓ Security Clean
2069
Downloads
12
Stars
0
Active Installs
17
Versions
Install in OpenClaw
/install universal-profile
Description
Manage LUKSO Universal Profiles — identity, permissions, tokens, blockchain operations. Cross-chain support for Base and Ethereum.
Usage Guidance
This skill appears to do what it says: manage LUKSO Universal Profiles and sign/submit transactions. Before installing, review and accept these operational cautions: - Verify the source: repository/homepage is not provided in the registry metadata — prefer skills from known authors or inspect the full source before use. - Endpoints: the skill talks to public RPCs, a LUKSO indexer (Envio), and LUKSO relay URLs. Confirm those domains (e.g., envio.lukso-..., relayer.testnet.lukso...) are correct/trusted for your use. - Private keys: the tool stores encrypted keystore files under ~/.openclaw by default and may read an env var UP_KEYSTORE_PASSWORD. Only use on machines you control, set keystore file permissions to 600, and prefer using a dedicated controller key (not your main wallet) for testing. - Permissions: be cautious when granting 'full-access' presets or saving a controller with powerful permissions (CHANGEOWNER, DELEGATECALL, SUPER_*). Use least privilege for automated bots. - Test safely: try operations with a testnet profile or a burner account first (lukso testnet) before using mainnet funds. - Optional code review: if you cannot verify the author, review the bundled code (it is included) or run in an isolated environment/VM. Look specifically at credential-handling code and the Authorization UI domain mentioned in SKILL.md. If you accept these caveats and verify endpoints/author, the skill is coherent with its declared purpose. If you are unsure about trusting the unknown source, do not provide production private keys or configure full-access controllers.
Capability Analysis
Type: OpenClaw Skill Name: universal-profile Version: 0.9.0 The skill bundle provides a legitimate and well-architected interface for managing LUKSO Universal Profiles. It implements robust security practices, including AES-256-GCM encryption for local keystore management (lib/profile.js), PBKDF2 for key derivation, and proactive checks for insecure file permissions (lib/credentials.js). Network activity is limited to standard blockchain RPC providers, the official LUKSO relay service, and Envio GraphQL indexers. The code is highly transparent, includes an extensive test suite, and lacks any indicators of data exfiltration, malicious execution, or harmful prompt injection.
Capability Assessment
Purpose & Capability
Name/description (manage Universal Profiles, permissions, tokens, cross-chain) matches the code and CLI provided: RPC calls, permission encoding/decoding, token transfers, cross-chain deploy data, and relay support. The external endpoints (LUKSO RPC, Envio indexer, LUKSO relay, Base/Ethereum RPCs) are appropriate for the stated functionality. Minor note: the registry metadata lists no required env vars while SKILL.md documents optional envs (UP_CREDENTIALS_PATH, UP_KEY_PATH, UP_KEYSTORE_PASSWORD) and canonical config/keystore paths — this is expected (they are optional) and not a functional mismatch.
Instruction Scope
Runtime instructions and SKILL.md focus on profile/key management and transaction flows and instruct use of external Authorization UI and web-based profile creation. The skill reads/writes credential files under ~/.openclaw (or alternate paths via env), loads private keys for signing, and makes network calls to RPC, indexer, and relay endpoints — all within scope. Users should note it asks you to store private keys locally and to authorize via external web UIs; those steps are necessary for the feature but increase operational risk if misused.
Install Mechanism
No download/install spec; code is bundled with the skill (index.js, lib/, commands/). Dependencies are standard web3 libraries (ethers, viem) declared in package.json/package-lock.json. There are no external arbitrary download URLs or extract steps in the install spec.
Credentials
The skill legitimately needs access to controller private keys (stored in a keystore under ~/.openclaw or a path supplied via env) and optionally reads UP_KEYSTORE_PASSWORD from the environment if provided. It does not request unrelated cloud credentials. This access is proportionate to managing on-chain Universal Profiles, but handling private keys locally always carries risk and requires careful ops (file permissions, password strength).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and stores config/keystore under its own ~/.openclaw paths. Autonomous invocation (model invocation enabled) is the platform default and is not, by itself, a concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install universal-profile
  3. After installation, invoke the skill by name or use /universal-profile
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.9.0
Version 0.9.0 introduces ERC725-JS reference documentation. - Added references/ERC725-JS.md to include ERC725-JS documentation and usage notes. - No changes to existing functionality; documentation update only.
v0.8.0
universal-profile 0.8.0 - Added package-lock.json for dependency locking. - Updated Authorization UI links to the new `openclaw.universalprofile.cloud` domain. - Documented canonical (recommended) credential and skill config paths in `~/.openclaw/`. - Included a sample credential JSON format for user reference. - Added clarification that the skill warns if credential files are not securely permissioned. - No changes to core logic; documentation and dependency improvements only.
v0.7.0
**Universal Profile v0.7.0 — Breaking change: UP interactions now call the Universal Profile contract directly, not the KeyManager.** - Updated all direct execution on all chains to call `UP.execute()` (not `KeyManager.execute()`). - Updated CLI, commands, and documentation to reflect new usage for transactions and examples. - LUKSO relay/gasless transactions: relay API now submits payloads to `KeyManager.executeRelayCall()` (users don’t call KM directly). - Refined instructions for `setData` via relay—call goes directly to KeyManager, not wrapped in `execute()`. - Internal refactor across files to align with LSP20 standard and latest UP contract patterns.
v0.6.2
universal-profile v0.6.2 - Added explicit documentation for cross-chain (Base, Ethereum) and multi-network usage. - Clarified that LUKSO relay/gasless transactions are only available on LUKSO networks (chains 42/4201). - Expanded quick reference tables for supported chains, addresses, and contract deployment details. - Improved instructions for direct and relay-based execution methods. - Updated permission tables and preset lists for clarity. - Restructured and condensed the documentation for better readability.
v0.6.0
- Added new CLI command for cross-chain deploy data generation (`cross-chain-deploy-data.js`). - Bumped version to 0.6.0.
v0.5.1
- Added a full suite of automated tests covering configuration, crypto, deployment, DEX, marketplace, permissions, profile, relay, skill utilities, and token functionality. - Improves reliability and test coverage with 10 new test files.
v0.5.0
**This version introduces enhanced documentation for key usage patterns and clarifies profile-based execution.** - Adds detailed "Identity & Execution" guidance: explains why all actions should be routed through the Universal Profile (UP) instead of the controller key. - Clarifies the distinction between controller key and UP address in contract interactions. - Updates documentation for following, unfollowing, and relayed transactions, emphasizing correct routing. - No breaking API changes; adjustments are documentation-focused to improve developer experience and reduce misuse risk.
v0.4.0
Version 0.4.0 - Improved credential management: Key loading now supports fallback to macOS Keychain if no file is found, and environment variable-based configuration is more clearly documented. - Documentation for credentials, security best practices, and environment variables has been consolidated and clarified. - Outdated, redundant, or verbose warnings and instructions pared down; documentation is now easier to navigate. - No code, interface, or feature changes to skill logic. This is a documentation and usability-focused update.
v0.3.7
## universal-profile 0.3.7 - Minor wording update in documentation: Section now addresses "your human" and instructs bots on how to direct users for profile setup and authorization. - No changes to CLI commands, configuration, or runtime logic.
v0.3.6
- Updated the introductory instructions to address "the human" and clarify that AI bots should generate controller keys for authorization. - Revised authorization guidance to reflect an agent-oriented workflow. - No functional or CLI changes—documentation update only.
v0.3.5
universal-profile v0.3.5 - Improved macOS Keychain usage instructions, highlighting it as the recommended security approach. - Added a new warning section on the risks of storing the private key in a JSON file. - Specified stricter permission instructions for key files if used (chmod 600). - Clarified notes regarding automation and secure handling of keys for agent use. - Documentation updates only; no code changes.
v0.3.4
Version 0.3.4 is a documentation update to the Universal Profile Skill. - Clarified the VerifiableURI encoding section, specifying the header as `00006f357c6a0020` and its length in hex bytes. - Added the line: "Header is always `00006f357c6a0020` (16 hex chars = 8 bytes)." - No code or functional changes; all updates are in documentation only.
v0.3.3
**Universal Profile v0.3.3 Changelog** - Added instructions for securely storing the controller private key in the macOS system Keychain. - Provided Node.js example code for retrieving the key from Keychain and clearing from memory after use. - Clarified that macOS Keychain storage is recommended for macOS, and suggested alternative secure storage methods for Linux. - No functional CLI/tooling changes; this update documents a new best-practice for credential security.
v0.3.0
**Forever Moments NFT relay integration and documentation.** - Added comprehensive section for "Forever Moments" — a social NFT platform on LUKSO — including API usage, NFT minting/joining/collections, and IPFS pinning instructions. - Described the 3-step gasless relay interaction workflow (build → prepare → sign & submit) for NFT operations via API. - Clarified endpoints for pinning media to IPFS and submitting transactions through Forever Moments’ Agent API. - No changes to CLI commands or existing permissions logic. - Incremented version to 0.3.0.
v0.2.1
## universal-profile 0.2.1 - Version bump to 0.2.1. No functional or documentation changes detected. - No file changes; internal version updated for consistency.
v0.2.0
Universal-profile 0.2.0 is a major documentation overhaul with improved clarity and streamlined instructions. - Expanded CLI command documentation and permission preset definitions. - Simplified and clarified setup, credentials, and transaction workflow. - Added concise relay/gasless transaction signature example and API usage. - Enhanced explanations for the LUKSO permission system and security best practices. - Provided improved tables for LSP standards, network configuration, and error codes. - Removed redundant architectural explanations; focused on practical usage.
v0.1.0
Universal Profile Skill v0.1.0 — initial release - Manage LUKSO Universal Profiles: identity, permissions, tokens, and blockchain operations using direct or gasless (relay) transactions - Provides CLI commands and a programmatic API for profile management, permission settings, and token operations - Supports granular access control, gasless relay transactions (LSP25), and interaction with key LSP standards (LSP0, LSP6, LSP7, LSP8, etc.) - Modular architecture enables easy extension and separation of concerns between direct/relay transactions and assets - Includes setup and authorization flow, flexible credential loading, and example configuration - Documentation covers Universal Profile basics, network configuration, permission system, and best practices
Metadata
Slug universal-profile
Version 0.9.0
License MIT-0
All-time Installs 1
Active Installs 0
Total Versions 17
Frequently Asked Questions

What is Universal Profile?

Manage LUKSO Universal Profiles — identity, permissions, tokens, blockchain operations. Cross-chain support for Base and Ethereum. It is an AI Agent Skill for Claude Code / OpenClaw, with 2069 downloads so far.

How do I install Universal Profile?

Run "/install universal-profile" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Universal Profile free?

Yes, Universal Profile is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Universal Profile support?

Universal Profile is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Universal Profile?

It is built and maintained by Fabian Vogelsteller (@frozeman); the current version is v0.9.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments