← 返回 Skills 市场

AGNTCY Identity CLI

Name: AGNTCY Identity CLI
Author: jadiaconu

作者 Jean DIACONU · GitHub ↗ · v1.0.4 · MIT-0

cross-platform ✓ 安全检测通过

398

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agntcy-identity-cli

功能描述

AGNTCY Identity Issuer CLI and Node Backend for managing verifiable agent identities, metadata, and badges.

使用说明 (SKILL.md)

AGNTCY Identity (Issuer CLI + Node Backend)

Use the identity CLI to create, manage, issue, and verify decentralized agent identities and badges within the AGNTCY ecosystem.

This tool enables:

Identity creation (Agents, MCP Servers, MASs)
BYOID onboarding (e.g., Okta-based identities)
Metadata generation
Badge issuance & publishing
Verifiable Credential (VC) verification

Requirements

Docker Desktop OR
- Docker Engine v27+
- Docker Compose v2.35+
Optional for demo:
- Okta CLI
- Ollama CLI

Core Commands

Vault Management

Manage cryptographic vaults and signing keys:

identity vault connect file -f ~/.identity/vault.json -v "My Vault" identity vault key generate

Issuer Management

identity issuer register -o "My Organization" -c "$CLIENT_ID" -s "$CLIENT_SECRET" -u "$ISSUER_URL"

Metadata Management

Generate and manage identity metadata:

identity metadata generate -c "$CLIENT_ID" -s "$CLIENT_SECRET" -u "$ISSUER_URL"

Badge Issuance

Issue and publish badges (Verifiable Credentials):

identity badge issue mcp -u \x3Chttp://localhost:9090> -n "My MCP Server" identity badge publish

Verification

Verify published badges:

identity verify -f vcs.json

Running the Node Backend

Start locally using Docker:

git clone \x3Chttps://github.com/agntcy/identity.git> cd identity ./deployments/scripts/identity/launch_node.sh

Or:

make start_node

Typical Workflow

Install CLI
Start Node Backend
Create vault + keys
Register Issuer
Generate metadata
Issue badge
Publish badge
Verify badge

Security notes (read before providing secrets)

~/.identity/vault.json can contain signing key material and should be treated as a high-value secret. Use a dedicated test vault for evaluation; do not reuse production keys.
CLIENT_SECRET is a high-value secret. Only provide it after you have reviewed the code/binaries you will run and you are operating in a controlled environment.
Avoid pasting secrets into chat, logs, tickets, or issue trackers. Prefer secure secret injection.

Notes

The CLI binary name is identity.
Public issuer keys are exposed via: /v1alpha1/issuer/{common_name}/.well-known/jwks.json
Published VCs are accessible via: /v1alpha1/vc/{metadata_id}/.well-known/vcs.json
Supports Agents, MCP Servers, and MASs.
Follows decentralized identity standards (e.g., W3C DIDs).

安全使用建议

This skill appears to be what it says: an identity issuer CLI. Before installing or providing CLIENT_SECRET or vault keys, do the following: (1) inspect the GitHub repo and any scripts you will run (launch_node.sh, Makefile) — those will be executed on your machine; (2) prefer installing in an isolated/test environment (container/VM) and use a dedicated test vault rather than production keys; (3) ensure Docker and Docker Compose are available before following the Node backend steps (SKILL.md mentions them but they are not listed in the skill's required binaries); (4) avoid pasting secrets into chat or logs and inject secrets via secure mechanisms; (5) if you need higher assurance, ask the maintainer for signed releases or use a vetted binary distribution rather than building from source.

功能分析

Type: OpenClaw Skill Name: agntcy-identity-cli Version: 1.0.4 The skill bundle provides a CLI tool and backend for managing decentralized identities and verifiable credentials. While it handles sensitive data such as OAuth secrets and private keys (vault.json), these are standard requirements for an Identity Provider (IdP) tool. The installation process via 'go install' and the execution of local scripts from the 'agntcy/identity' GitHub repository are consistent with the stated purpose, and the documentation includes explicit security warnings regarding secret handling.

能力评估

✓ Purpose & Capability

Name/description match the requested items: a CLI named `identity`, an install via `go install` of the issuer module, and env vars ISSUER_URL, CLIENT_ID, CLIENT_SECRET which are appropriate for IdP-backed issuer flows. The declared config path for a vault is consistent with a signing-key vault.

ℹ Instruction Scope

SKILL.md contains concrete CLI examples and runtime instructions that reference ~/.identity/vault.json, use of CLIENT_SECRET/CLIENT_ID/ISSUER_URL, and steps to run a Node backend by cloning the GitHub repo and executing launch scripts or make targets. Those instructions require fetching and executing code from the repo and using Docker; the doc warns about secrets but the runtime steps still involve running external scripts which increases risk if you haven't audited the repo.

ℹ Install Mechanism

Install uses `go install` of a GitHub module (github.com/agntcy/identity/cmd/issuer) — a standard but still remote build/install operation. This is a moderate-risk install mechanism because it compiles/installs code pulled from a remote repository. The SKILL.md also tells users to git clone and run scripts from the same GitHub repo (manual fetch+execute of repo scripts), which is an additional execution-surface to review before running.

✓ Credentials

Requested env vars (ISSUER_URL, CLIENT_ID, CLIENT_SECRET) and a vault path are directly related to an identity issuer service. The SECRET is high-value but justified by the stated purpose. No unrelated credentials are requested.

✓ Persistence & Privilege

always is false and the skill does not request elevated platform-wide persistence or modify other skills. The skill is allowed to be invoked autonomously by default (normal behavior) but nothing here grants it unusual permanent privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agntcy-identity-cli
安装完成后，直接呼叫该 Skill 的名称或使用 /agntcy-identity-cli 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.4

- Updated environment variable and config path requirements to use simplified "env" and "config" keys. - Added an explicit "Security notes" section with clear guidance on handling sensitive files and secrets (vault.json and CLIENT_SECRET). - Deprecated inline descriptions for env/config fields, moving to a more concise format. - No functional or command changes to the skill; documentation clarity and security emphasis improved.

v1.0.3

- Added sensitive and required flags to environment variables (CLIENT_ID, CLIENT_SECRET, ISSUER_URL) for improved clarity and security in configuration. - Documented new local configuration path (~/.identity/vault.json) and marked it as sensitive. - No functional or command changes. Documentation and metadata improvements only.

v1.0.2

- Updated install instructions: removed shell script install method, now supports Go install only. - Added required environment variables (ISSUER_URL, CLIENT_ID, CLIENT_SECRET) for configuration. - Environment variable documentation now specifies which are optional. - Minor formatting improvements in documentation and example URLs.

v1.0.1

- No user-facing changes; this version includes no file modifications. - All features and documentation remain unchanged from the previous release.

v1.0.0

AGNTCY Identity Issuer CLI and Node Backend, initial release: - Introduces CLI and Node backend for managing verifiable agent identities, metadata, and badges. - Supports identity creation for Agents, MCP Servers, and MASs, including BYOID onboarding. - Enables metadata generation, badge issuance & publishing, and credential verification. - Offers Docker-based backend initialization and a comprehensive set of CLI commands for managing vaults, issuers, metadata, and badges. - Follows decentralized identity standards such as W3C DIDs.

元数据

Slug agntcy-identity-cli

版本 1.0.4

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题