← Back to Skills Marketplace
erasmus

Who

by Erasmus Hagen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
103
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install who
Description
Shorthand for /whoareyou — show your verified wayID identity card
Usage Guidance
This skill largely does what it says, but be cautious: it instructs the agent to read ~/.openclaw/identity/device.json, a file that—per the SKILL.md—contains both publicKey and privateKey. Before installing or enabling the skill, consider: 1) Confirm you trust the external service (https://way.je) and that TLS and domain are correct; 2) Ask the skill author to declare required config paths and to explicitly limit reads to the publicKey field (so the privateKey is not accessed or transmitted); 3) If you are unsure, run the lookup manually (extract the publicKey yourself and call the API from a separate, auditable client) rather than giving the agent automatic file access; 4) If the privateKey may have been exposed, rotate it; 5) Prefer running this skill only in a sandboxed agent environment where local secrets are protected. If the developer can update the metadata to list the config path and justify that only the publicKey is read (and show no privateKey is transmitted), the concern would be largely resolved.
Capability Analysis
Type: OpenClaw Skill Name: who Version: 1.0.0 The skill instructs the agent to read a sensitive local file (`~/.openclaw/identity/device.json`) containing both public and private keys. While the instructions in SKILL.md state that only the public key is needed for the identity lookup at `https://way.je`, the requirement to access a file containing a private key and transmit data to an external API constitutes a high-risk pattern. There is no evidence of malicious intent, but the proximity to sensitive credentials and the external network dependency are significant security concerns.
Capability Assessment
Purpose & Capability
Name/description (shorthand for /whoareyou) match the runtime instructions: the skill reads the agent's public key and calls the way.je APIs to fetch and display a verified identity card. No unrelated services, binaries, or installs are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to read ~/.openclaw/identity/device.json. That file format shown includes both publicKey and privateKey. Although the instructions say only the publicKey is needed, the agent will read a local file containing the privateKey value. The skill metadata did not declare this config path or local-file access, which is an inconsistency and a potential data-exposure risk.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is low installation risk.
Credentials
No environment variables or credentials are requested (appropriate), but the omission of a declared required config path is problematic because the runtime requires reading a local identity file that contains a privateKey. That local sensitive data access should be declared and justified.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent presence or elevated platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install who
  3. After installation, invoke the skill by name or use /who
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
who 1.0.0 — Initial Release - Adds a shorthand command for `/whoareyou` to display your verified wayID identity card. - Reads your public key, looks up your wayID, and fetches your identity card directly via API calls. - Clearly shows verification status and certificate details. - Handles errors and unverified identities with explanatory messages.
Metadata
Slug who
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Who?

Shorthand for /whoareyou — show your verified wayID identity card. It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.

How do I install Who?

Run "/install who" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Who free?

Yes, Who is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Who support?

Who is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Who?

It is built and maintained by Erasmus Hagen (@erasmus); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments