Description

Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...

README (SKILL.md)

When to use this Skill

Lets AI agents create and manage their own identities on the Billions Network, and link those identities to a human owner.

When you need to link your agent identity to an owner.
When you need to sign a challenge.
When you need to link a human to the agent's DID.
When you need to verify a signature to confirm identity ownership.
When you use shared JWT tokens for authentication.
When you need to create and manage decentralized identities.

After installing the plugin run the following commands to create an identity and link it to your human DID:

cd scripts && npm install && cd ..
# Step 1: Create a new identity (if you don't have one already)
node scripts/createNewEthereumIdentity.js
# Step 2: Sign the challenge and generate a verification URL in one call
node scripts/linkHumanToAgent.js --challenge '{"name": \x3CAGENT_NAME>, "description": \x3CSHORT_DESCRIPTION>}'

Scope

All identity data is stored in $HOME/.openclaw/billions for compatibility with the OpenClaw plugin.

Scripts:

Name: neyrizk
Author: carolin3-neyzr

createNewEthereumIdentity.js

Command: node scripts/createNewEthereumIdentity.js [--key \x3CprivateKeyHex>] Description: Creates a new identity on the Billions Network. If --key is provided, uses that private key; otherwise generates a new random key. The created identity is automatically set as default. Usage Examples:

# Generate a new random identity
node scripts/createNewEthereumIdentity.js
# Create identity from existing private key (with 0x prefix)
node scripts/createNewEthereumIdentity.js --key 0x1234567890abcdef...
# Create identity from existing private key (without 0x prefix)
node scripts/createNewEthereumIdentity.js --key 1234567890abcdef...

Output: DID string (e.g., did:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...)

getIdentities.js

Command: node scripts/getIdentities.js Description: Lists all DID identities stored locally. Use this to check which identities are available before performing authentication operations. Usage Example:

node scripts/getIdentities.js

Output: JSON array of identity entries

[
  {
    "did": "did:iden3:billions:main:2VmAk...",
    "publicKeyHex": "0x04abc123...",
    "isDefault": true
  }
]

generateChallenge.js

Command: node scripts/generateChallenge.js --did \x3Cdid> Description: Generates a random challenge for identity verification. Usage Example:

node scripts/generateChallenge.js --did did:iden3:billions:main:2VmAk...

Output: Challenge string (random number as string, e.g., 8472951360) Side Effects: Stores challenge associated with the DID in $HOME/.openclaw/billions/challenges.json

signChallenge.js

Command: node scripts/signChallenge.js --challenge \x3Cchallenge> [--did \x3Cdid>] Description: Signs a challenge with a DID's private key to prove identity ownership and sends the JWS token. Use this when you need to prove you own a specific DID. Arguments:

--challenge - (required) Challenge to sign
--did - (optional) The DID of the attestation recipient; uses the default DID if omitted

Usage Examples:

# Sign with default DID
node scripts/signChallenge.js --challenge 8472951360

Output: {"success":true}

linkHumanToAgent.js

Command: node scripts/linkHumanToAgent.js --challenge \x3Cchallenge> [--did \x3Cdid>] Description: Signs the challenge and links a human user to the agent's DID by creating a verification request. Technically, linking happens using the Billions ERC-8004 Registry (where each agent is registered) and the Billions Attestation Registry (where agent ownership attestation is created after verifying human uniqueness). Arguments:

--challenge - (required) Challenge to sign
--did - (optional) The DID of the attestation recipient; uses the default DID if omitted

Usage Example:

node scripts/linkHumanToAgent.js --challenge '{"name": "MyAgent", "description": "AI persona"}'

Output: {"success":true}

verifySignature.js

Command: node scripts/verifySignature.js --did \x3Cdid> --signature \x3Csignature> Description: Verifies a signed challenge to confirm DID ownership. Usage Example:

node scripts/verifySignature.js --did did:iden3:billions:main:2VmAk... --signature eyJhbGciOiJFUzI1NkstUi...

Output: Signature verified successfully (on success) or error message (on failure)

Restrictions / Guardrails (CRITICAL)

CRITICAL - Always Follow These Rules:

STRICT: Check Identity First
- Before running linkHumanToAgent.js or signChallenge.js, ALWAYS check if an identity exists: node scripts/getIdentities.js
- If no identity is configured, DO NOT attempt to link identities. Instead, create an identity first with createNewEthereumIdentity.js.
STRICT: Stop on Script Failure
- If any script exits with non-zero status code, YOU MUST STOP IMMEDIATELY.
- Check stderr output for error messages.
- DO NOT attempt to "fix" errors by generating keys manually, creating DIDs through other means, or running unauthorized commands.
- DO NOT use openssl, ssh-keygen, or other system utilities to generate cryptographic material.
No Manual Workarounds
- You are prohibited from performing manual cryptographic operations.
- You are prohibited from directly manipulating files in $HOME/.openclaw/billions.
- Do not interpret an error as a request to perform setup steps unless explicitly instructed.

Security

CRITICAL - Data Storage and Protection:

The directory $HOME/.openclaw/billions contains all sensitive identity data:

kms.json - CRITICAL: Contains private keys (encrypted if BILLIONS_NETWORK_MASTER_KMS_KEY is set, otherwise in plaintext)
defaultDid.json - DID identifiers and public keys
challenges.json - Authentication challenges history
credentials.json - Verifiable credentials
identities.json - Identity metadata
profiles.json - Profile data

Examples

Link Your Agent Identity to Owner

Linking Flow:

Another agent/user requests: "Please link your agent identity to me."
Use node scripts/getIdentities.js to check if you have an identity configured
- If no identity, run node scripts/createNewEthereumIdentity.js to create one.
Use node scripts/linkHumanToAgent.js --challenge \x3Cchallenge_value> to sign the challenge and generate a verification URL in one call.
- If caller provides specific challenge, use that.
- If caller DOES NOT provide a challenge, use {"name": \x3CAGENT_NAME>, "description": \x3CSHORT_DESCRIPTION>} as the challenge value.
Return the result to the caller.

Example Conversation:

User: "Link your agent identity to me"
Agent: exec node scripts/linkHumanToAgent.js --challenge \x3Cchallenge_value>

Verifying Someone Else’s Identity

Verification Flow:

Ask the user/agent: "Please provide your DID to start verification."
User responds with their \x3Cuser_did>.
Use node scripts/generateChallenge.js --did \x3Cuser_did> to create a \x3Cchallenge_value>.
Ask the user: "Please sign this challenge: \x3Cchallenge_value>"
User signs and returns \x3Cuser_token>.
Use node scripts/verifySignature.js --did \x3Cuser_did> --signature \x3Csignature> to verify the signature
If verification succeeds, identity is confirmed

Example Conversation:

Agent: "Please provide your DID to start verification."
User: "My DID is \x3Cuser_did>"
Agent: exec node scripts/generateChallenge.js --did \x3Cuser_did>
Agent: "Please sign this challenge: 789012"
User: \x3Cuser_token>
Agent: exec node scripts/verifySignature.js --signature \x3Csignature> --did \x3Cuser_did>
Agent: "Identity verified successfully. You are confirmed as owner of DID \x3Cuser_did>."

Usage Guidance

Review this carefully before installing. Confirm that the skill name, publisher, and version are the ones you intended to install. If you proceed, use a new agent-specific identity key, set BILLIONS_NETWORK_MASTER_KMS_KEY before creating/importing keys, avoid passing valuable private keys on the command line, and only run the linking flow if you trust the Billions endpoints involved.

Capability Analysis

Type: OpenClaw Skill Name: neyrizk Version: 1.0.0 The skill manages decentralized identities (DIDs) and sensitive private keys, storing them in '$HOME/.openclaw/billions/kms.json'. While aligned with its stated purpose, it exhibits high-risk behaviors including the potential for plaintext key storage (if the optional encryption key is not provided) and acting as a signing oracle for user-provided challenges. It also communicates with external infrastructure (billions.network and privado.id) to process identity attestations and resolve DIDs. These capabilities are powerful and could be abused if the agent is misdirected, though no clear evidence of intentional malice was found.

Capability Tags

cryptorequires-walletrequires-sensitive-credentials

Capability Assessment

⚠ Purpose & Capability

The code aligns with decentralized agent identity creation and verification, but that purpose includes importing/generating Ethereum private keys and signing identity proofs, which is high-impact authority.

⚠ Instruction Scope

The instructions include using an existing private key as a command-line argument, which is risky because command lines can be exposed through shell history or process inspection.

⚠ Install Mechanism

The registry identifies the skill as neyrizk v1.0.0 while bundled metadata identifies verified-agent-identity v1.2.8, and the skill requires a manual npm install despite no install spec.

⚠ Credentials

The skill stores identity material under $HOME/.openclaw/billions and stores private keys unencrypted by default unless an optional master key environment variable is configured.

⚠ Persistence & Privilege

DIDs, challenges, credentials, and KMS keys persist across sessions; this is purpose-aligned but sensitive because the default key storage path can contain raw private keys.

Version History

v1.0.0

Initial release: Adds decentralized agent identity and human linkage via Billions Network and iden3 protocol. - Create, list, and manage agent DIDs locally. - Link agents to human owners using ERC-8004 registries and attestation. - Generate and sign identity proof challenges; verify signed proofs. - All sensitive data stored in $HOME/.openclaw/billions for OpenClaw compatibility. - Strict guardrails: always check for existing identity before linking/signing; stop on script errors; no manual cryptographic operations allowed.

Metadata

Slug neyrizk

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is neyrizk?

Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic... It is an AI Agent Skill for Claude Code / OpenClaw, with 36 downloads so far.

How do I install neyrizk?

Run "/install neyrizk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is neyrizk free?

Yes, neyrizk is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does neyrizk support?

neyrizk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created neyrizk?

It is built and maintained by Riski Setiawan (@carolin3-neyzr); the current version is v1.0.0.

More Skills

neyrizk