Description

Know-Your-Customer verification via MasterPay Global. Submit personal data, upload identity documents, and track approval status.

README (SKILL.md)

KYC & Identity

Name: KYC & Identity
Author: d9m1n1c

Use this skill when the user needs to complete identity verification, upload KYC documents, or check verification status.

Configuration

The default API base URL is https://payment-api-dev.aiotnetwork.io. All endpoints are relative to this URL.

To override (e.g. for local development):

export AIOT_API_BASE_URL="http://localhost:8080"

If AIOT_API_BASE_URL is not set, use https://payment-api-dev.aiotnetwork.io as the base for all requests.

Available Tools

create_masterpay_user — Create a MasterPay user account (prerequisite for all MasterPay operations) | POST /api/v1/masterpay/users | Requires auth
get_kyc_status — Check current KYC verification status and document upload progress | GET /api/v1/masterpay/kyc/status | Requires auth
get_kyc_metadata — Get valid document types, occupations, nationalities, and countries for KYC forms | GET /api/v1/masterpay/kyc/metadata | Requires auth
submit_kyc — Submit KYC personal data for review (uses profile data) | POST /api/v1/masterpay/kyc/submit | Requires auth
upload_kyc_document — Upload a KYC document (passport, ID, proof of address) via multipart or base64 JSON | POST /api/v1/masterpay/kyc/documents | Requires auth
submit_wallet_kyc — Submit wallet-level KYC for a card wallet (requires profile phone number and identity document ID number) | POST /api/v1/masterpay/wallets/kyc | Requires auth
get_profile — Get user profile data used for KYC submission | GET /api/v1/profile | Requires auth
update_profile — Update user profile data (english_first_name, english_last_name, dob, gender, nationality, occupation, source_of_fund, phone_number, phone_country_code, country, address1, address2, address3, city, state, zip, billing_same_as_home) | PUT /api/v1/profile | Requires auth
get_document — Get stored identity document info | GET /api/v1/profile/document | Requires auth
update_document — Update identity document (fields: identity_type (passport|identity_card), id_number — id_number is required for wallet KYC) | PUT /api/v1/profile/document | Requires auth

Recommended Flows

Complete KYC Verification

Full flow from profile setup to KYC approval

Create MasterPay user: POST /api/v1/masterpay/users — required once before any MasterPay operation
Get metadata: GET /api/v1/masterpay/kyc/metadata — learn valid nationalities, occupations, document types
Update profile: PUT /api/v1/profile with {english_first_name, english_last_name, dob (YYYY-MM-DD), gender, phone_number, phone_country_code (with '+' prefix, e.g. '+65'), nationality, occupation (use value from metadata endpoint), source_of_fund, country (e.g. 'SG', 'ARGENTINA'), address1, city, state, zip, billing_same_as_home: true}
Upload documents: POST /api/v1/masterpay/kyc/documents — JSON body: {document_type, file_data (base64), file_name, mime_type (image/jpeg|image/png|application/pdf)}. Valid document types: PassportFront, PassportBack, NationalIdFront, NationalIdBack, DrivingLicenseFront, DrivingLicenseBack, Selfie, ProofOfAddress. Also supports multipart/form-data with 'file' field.
Submit KYC: POST /api/v1/masterpay/kyc/submit — uses profile data, resolves country codes to names, and sends to MasterPay
Poll status: GET /api/v1/masterpay/kyc/status — wait for 'approved' (can take minutes to days)

Rules

MasterPay user must be created (POST /masterpay/users) before any KYC, wallet, or card operation — this is a one-time setup step
Profile must include personal info AND address fields (country, address1, city, state) before submitting KYC
Use country names or ISO alpha-2 codes in the profile country field (e.g. 'SG', 'ARGENTINA') — the backend resolves them to full country names for MasterPay
Phone country code in profile must include the '+' prefix (e.g. '+65') — MasterPay requires it
Documents should be uploaded before submission — MasterPay requires passport/ID and proof of address, but our backend does not block submission without them
KYC review can take minutes to several days — poll status periodically
Once approved, KYC does not need to be repeated
Document uploads support both JSON (document_type, file_data as base64, file_name, mime_type) and multipart/form-data (file field + document_type form field) — max 15MB per file

Agent Guidance

Follow these instructions when executing this skill:

Always follow the documented flow order. Do not skip steps.
If a tool requires authentication, verify the session has a valid bearer token before calling it.
If a tool requires a transaction PIN, ask the user for it fresh each time. Never cache or log PINs.
Never expose, log, or persist secrets (passwords, tokens, full card numbers, CVVs).
If the user requests an operation outside this skill's scope, decline and suggest the appropriate skill.
If a step fails, check the error and follow the recovery guidance below before retrying.
Before any KYC operation, ensure a MasterPay user exists by calling create_masterpay_user. This is a one-time setup. Other MasterPay handlers also auto-create the user, but calling it explicitly is good practice.
Profile fields use these exact JSON keys: english_first_name, english_last_name, dob (format: YYYY-MM-DD), gender, nationality, occupation, source_of_fund, phone_number, phone_country_code.
Occupation MUST be a value from the metadata endpoint (get_kyc_metadata). Valid values include: GovernmentOfficers, GovernmentWorkers, SoeAndStateOrganExecutives, SoeAndStateOrganEmployees, PrivateBusinessOwnersAndExecutives, PrivateBusinessEmployees, NonGovernmentOrganizationExecutives, NonGovernmentOrganizationEmployees, SoleTraders, Retirees, Students, Unemployed, Freelancer. Always call metadata first to get the current list.
Complete profile (update_profile) with all required fields INCLUDING address fields (country, address1, city, state, zip, billing_same_as_home) before calling submit_kyc. The backend validates profile fields are present and returns 400 if any are missing.
Document upload via JSON requires: document_type (e.g. PassportFront, NationalIdFront, Selfie, ProofOfAddress), file_data (base64-encoded), file_name, mime_type (image/jpeg, image/png, or application/pdf). Alternatively, use multipart/form-data with a file field and document_type form field.
The update_document endpoint (PUT /profile/document) accepts: identity_type ("passport" or "identity_card") and id_number (passport number, NRIC, etc.). The id_number is sent as MasterPay's orgCode during wallet KYC. Always set id_number before calling submit_wallet_kyc.
submit_wallet_kyc requires: (1) profile with phone_number + phone_country_code, (2) identity document with id_number set. It will fail with INCOMPLETE_PROFILE if id_number is missing.
KYC review takes minutes to days. Poll get_kyc_status periodically — there are no push notifications.
Use ISO alpha-2 country codes (e.g., "SG", "MY") for the profile country field. Include the "+" prefix for phone country codes (e.g., "+65").

Usage Guidance

This skill claims to perform KYC flows and will handle sensitive personal data and identity documents. Before installing or using it, ask the publisher: (1) Where do bearer tokens or API credentials come from? The skill asks you to verify a 'valid bearer token' but does not declare any token env var or auth setup — confirm how authentication is provided and secured. (2) Why is the primaryEnv set to AIOT_API_BASE_URL (a URL, not a secret)? That looks like a misconfiguration. (3) Confirm the target API base URL: the default points to a development host (payment-api-dev.aiotnetwork.io). Do not upload real PII to a dev endpoint; insist on a validated production endpoint and data-handling policy. (4) Verify the skill owner's identity, privacy/retention policies, and compliance (handling of PII, retention, who can access uploaded documents). (5) Request explicit documentation of where transaction PINs and bearer tokens are stored, whether the platform will log them, and whether uploads are encrypted in transit and at rest. If the author can provide a corrected primaryEnv (e.g., a token name), a clear auth flow, and a confirmed production base URL, that would address the main concerns and could raise confidence.

Capability Analysis

Type: OpenClaw Skill Name: aiotnetwork-kyc-identity Version: 1.0.1 The skill is a legitimate KYC (Know Your Customer) identity verification bundle for the AIOT Network, facilitating document uploads and profile management via the MasterPay Global API (payment-api-dev.aiotnetwork.io). It contains explicit security instructions for the AI agent to protect sensitive data, such as transaction PINs and secrets, and follows a standard, transparent workflow for identity verification. No indicators of malicious intent, data exfiltration to unauthorized endpoints, or prompt injection attacks were found.

Capability Assessment

ℹ Purpose & Capability

The skill's endpoints and flows match a KYC/identity workflow (profile, upload documents, submit KYC). However, the registry metadata marks AIOT_API_BASE_URL as the primary credential, which is unusual — a base URL is not a secret credential. The skill also hardcodes a default dev API URL (https://payment-api-dev.aiotnetwork.io), which is unexpected for a production-facing KYC skill and could lead to accidentally sending PII to a development environment.

⚠ Instruction Scope

The SKILL.md stays within KYC tasks (create user, update profile, upload docs, poll status) but repeatedly requires authenticated calls and instructs the agent to "verify the session has a valid bearer token" and to prompt for transaction PINs. The skill does not document how authentication tokens are obtained, stored, or provided (no required env var or auth flow described). That missing auth specification is a scope/integration gap: the agent will need access to bearer tokens or session state not declared by the skill.

✓ Install Mechanism

Instruction-only skill with no install spec or code files. This is the lowest-risk install model — nothing is downloaded or written to disk by the skill itself.

⚠ Credentials

The skill declares only AIOT_API_BASE_URL as a required env var and even lists it as the primary credential. It does not declare any token/secret env var for bearer tokens or API keys, yet the API endpoints require auth. Asking for only a base URL (and treating it as the primary credential) is disproportionate and inconsistent with the stated need to authenticate; it's unclear where the bearer token comes from (platform session, another skill, implicit user input).

✓ Persistence & Privilege

The skill is not always-enabled and is user-invocable. It does not request system paths, nor does it attempt to persist configuration or modify other skills. No elevated persistence privileges are requested.

Version History

v1.0.1

- Added configuration section for API base URL with environment variable override (AIOT_API_BASE_URL). - Clarified required profile fields and document upload methods in flows and agent guidance. - Updated tool details: profile now uses address fields directly; some residential-address endpoints were removed from documentation. - Expanded and clarified document upload method (JSON and multipart/form-data). - Updated occupation field guidance: must use values from metadata endpoint. - Improved and corrected details throughout skill documentation for better accuracy and developer experience.

v1.0.0

Initial release of KYC & Identity skill, enabling MasterPay Global KYC processes: - Supports full KYC flow: user creation, profile/address setup, document upload, and verification submission. - Tools available for updating and retrieving profile, address, and identity documents. - Enables tracking of KYC verification status and progress. - Includes wallet-level KYC submission. - Adheres to MasterPay requirements for data formats and country codes. - Provides detailed usage guidelines and flow order for secure, compliant operation.

Metadata

Slug aiotnetwork-kyc-identity

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is KYC & Identity?

Know-Your-Customer verification via MasterPay Global. Submit personal data, upload identity documents, and track approval status. It is an AI Agent Skill for Claude Code / OpenClaw, with 324 downloads so far.

How do I install KYC & Identity?

Run "/install aiotnetwork-kyc-identity" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is KYC & Identity free?

Yes, KYC & Identity is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does KYC & Identity support?

KYC & Identity is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created KYC & Identity?

It is built and maintained by D9m1n1c (@d9m1n1c); the current version is v1.0.1.

More Skills

KYC & Identity

KYC & Identity

Configuration

Available Tools

Recommended Flows

Complete KYC Verification

Rules

Agent Guidance

What is KYC & Identity?

How do I install KYC & Identity?

Is KYC & Identity free?

Which platforms does KYC & Identity support?

Who created KYC & Identity?

💬 Comments