← 返回 Skills 市场
eijiac24

Chitin Cert

作者 Tiida Tech · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
495
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install chitin-cert
功能描述
Issue and verify on-chain certificates on Base L2. Register as an issuer, mint achievement/capability/compliance certs as NFTs, and verify them from anywhere.
使用说明 (SKILL.md)

Chitin Cert — Verifiable On-Chain Certificates

Issue verifiable credentials to any agent or wallet on Base L2. Each certificate is minted as a non-transferable NFT, permanently stored on Arweave, and verifiable by anyone.

Skill file: https://certs.chitin.id/skill.md

Why Chitin Cert

  • Permanent — Arweave storage + Base L2 NFT. Cannot be faked, deleted, or transferred.
  • Verifiable — Anyone can verify a cert via API or on-chain, no trust required.
  • 7 cert types — Achievements, capabilities, compliance, audits, partnerships, and more.
  • Batchable — Up to 100 certs in a single transaction.
  • Soul-linked — Optionally bind a cert to a Chitin SBT for deeper identity anchoring.

Base URL

https://certs.chitin.id/api/v1

🔒 Security: Never send your wallet private key to any domain. API key (ck_...) is for cert issuance only — treat it as sensitive.

Cert Types

Type Use For
achievement Milestones, wins, accomplishments
capability Verified skills and abilities
compliance Security audits, regulatory approvals
infrastructure Deployment verifications, uptime records
partnership Collaborations, endorsements between parties
audit Third-party reviews, code audits
custom Anything else

Setup: Become an Issuer

Two steps before you can issue certs. Both require a wallet signature to prove ownership.

Step 1: Register as Issuer

Build a signed message in the format Chitin Certs: Register issuer {address_lowercase} at {timestamp_ms} (timestamp = Date.now() in milliseconds, must be within ±5 minutes).

curl -X POST https://certs.chitin.id/api/v1/issuers \
  -H "Content-Type: application/json" \
  -d '{
    "address": "0xYOUR_WALLET",
    "name": "Your Organization",
    "description": "Optional: what you certify",
    "url": "https://your-site.example.com",
    "signature": "0x...",
    "message": "Chitin Certs: Register issuer 0xyour_wallet at 1740000000000",
    "timestamp": 1740000000000
  }'

Response:

{
  "success": true,
  "data": {
    "id": "iss_1740000000_abc123",
    "address": "0xyour_wallet",
    "name": "Your Organization",
    "trustTier": "unverified",
    "certCount": 0,
    "createdAt": "2026-02-20T00:00:00Z"
  }
}

Save your issuer id — needed for API key generation.

Step 2: Generate API Key

Build a signed message: Chitin Certs: Generate API key for {issuerId} at {timestamp_ms}

curl -X POST https://certs.chitin.id/api/v1/auth \
  -H "Content-Type: application/json" \
  -d '{
    "issuerId": "iss_1740000000_abc123",
    "name": "production-key",
    "signature": "0x...",
    "message": "Chitin Certs: Generate API key for iss_1740000000_abc123 at 1740000000000",
    "timestamp": 1740000000000
  }'

Response:

{
  "success": true,
  "data": {
    "apiKey": "ck_abc123...",
    "name": "production-key",
    "createdAt": "2026-02-20T00:00:00Z"
  }
}

Save your apiKey — returned only once.

Issue a Certificate

curl -X POST https://certs.chitin.id/api/v1/certs \
  -H "Authorization: Bearer ck_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "issuerAddress": "0xYOUR_WALLET",
    "recipientAddress": "0xRECIPIENT",
    "certType": "achievement",
    "title": "First Deployment on Base",
    "description": "Successfully deployed and operated a live service on Base L2.",
    "tags": ["base", "deployment", "milestone"],
    "evidence": "https://basescan.org/tx/0x..."
  }'

Response:

{
  "success": true,
  "data": {
    "tokenId": 2,
    "txHash": "0x...",
    "arweaveTxId": "abc123...",
    "certType": "achievement",
    "recipient": "0xrecipient",
    "isTBA": false
  }
}

Field Reference

Field Required Description
issuerAddress Your registered issuer wallet address
recipientAddress Recipient's wallet address
certType One of the 7 cert types
title Cert title (max 200 chars)
description Optional Longer explanation
tags Optional String array for categorization
evidence Optional URL to proof/supporting material
expiresAt Optional ISO 8601 expiry (e.g. "2027-01-01T00:00:00Z")
passportRegistry Optional ERC-8004 registry address for passport-linked certs
passportTokenId Optional Recipient's ERC-8004 token ID
soulRegistry Optional ChitinSoulRegistry address for soul-linked certs
soulTokenId Optional Recipient's Chitin SBT token ID
extension Optional Arbitrary JSON object for custom metadata

Soul-linked Cert

Link directly to a Chitin soul for the strongest identity binding:

{
  "issuerAddress": "0xYOUR_WALLET",
  "recipientAddress": "0xRECIPIENT",
  "certType": "capability",
  "title": "Verified Autonomous Agent",
  "soulRegistry": "0x4DB94aD31BC202831A49Fd9a2Fa354583002F894",
  "soulTokenId": 42
}

Batch Issue (Up to 100 Certs)

curl -X POST https://certs.chitin.id/api/v1/certs/batch \
  -H "Authorization: Bearer ck_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "issuerAddress": "0xYOUR_WALLET",
    "certs": [
      {
        "recipientAddress": "0xADDR_1",
        "certType": "achievement",
        "title": "Hackathon Winner"
      },
      {
        "recipientAddress": "0xADDR_2",
        "certType": "capability",
        "title": "Verified Code Auditor",
        "description": "Passed the Chitin code audit track"
      }
    ]
  }'

Response:

{
  "success": true,
  "data": {
    "tokenIds": [3, 4],
    "txHash": "0x...",
    "count": 2
  }
}

Read & Verify Certs

Get cert details

curl https://certs.chitin.id/api/v1/certs/2

Verify on-chain status

curl https://certs.chitin.id/api/v1/verify/2

Response:

{
  "tokenId": 2,
  "isValid": true,
  "isRevoked": false,
  "issuer": "0x...",
  "recipient": "0x...",
  "certType": "achievement",
  "issuedAt": 1740000000
}

List certs by recipient

curl "https://certs.chitin.id/api/v1/certs?passport=0xRECIPIENT"

List certs by issuer

curl "https://certs.chitin.id/api/v1/certs?issuer=0xYOUR_WALLET"

List by ERC-8004 passport

curl "https://certs.chitin.id/api/v1/certs?passportRegistry=0x8004A169FB4a3325136EB29fA0ceB6D2e539a432&passportTokenId=42"

Webhooks

Get notified when certs are minted under your issuer:

curl -X POST https://certs.chitin.id/api/v1/webhooks \
  -H "Authorization: Bearer ck_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.example.com/webhook",
    "events": ["cert.minted"]
  }'

Payload:

{
  "event": "cert.minted",
  "tokenId": 2,
  "txHash": "0x...",
  "arweaveTxId": "...",
  "certType": "achievement",
  "issuer": "0x...",
  "recipient": "0x..."
}

MCP Server

For AI assistants that support MCP, use issue_cert and verify_cert tools directly:

npx -y chitin-mcp-server

Endpoints Reference

Endpoint Method Auth Description
/issuers POST Wallet sig Register as issuer
/issuers?address=0x... GET None Look up issuer
/auth POST Wallet sig Generate API key
/certs POST API key Issue a cert
/certs/batch POST API key Batch issue (max 100)
/certs/{certId} GET None Get cert details
/certs?passport=0x... GET None List by recipient
/certs?issuer=0x... GET None List by issuer
/verify/{certId} GET None Verify on-chain
/metadata/{tokenId} GET None ERC-721 metadata
/metadata/{tokenId}/image.svg GET None Cert SVG image
/webhooks POST API key Register webhook

Contracts (Base Mainnet, Chain ID: 8453)

Contract Address
CertRegistry (Proxy) 0x9694Fde4dBb44AbCfDA693b645845909c6032D4d
CertRegistry (Impl V4) 0xDc487e6ef33220177c3EBAFC71B5aF2FDb2ce0DF
ChitinSoulRegistry 0x4DB94aD31BC202831A49Fd9a2Fa354583002F894

About Chitin Cert

Chitin Cert is the credential layer of the Chitin Protocol. Your Chitin soul is your identity. Your certs are your verified history.

安全使用建议
This skill appears to do what it says: register issuers, mint/verifiy soulbound certs on Base L2, and store metadata on Arweave. Before installing: (1) Never paste or upload your wallet private key into the agent or into the API — signatures should be produced locally by your wallet. (2) Treat the returned API key (ck_...) as a high-privilege secret — it grants issuance power for the issuerId and should be stored in a secure secret store; rotate/revoke if compromised. (3) If you give the agent access to a signing provider or a stored API key, it can autonomously mint certs — only grant that if you trust the agent's behavior. (4) Review any webhook endpoints you register (they will receive cert events and metadata). If you want extra assurance, test with a throwaway issuer and API key first to validate behavior before using production credentials.
功能分析
Type: OpenClaw Skill Name: chitin-cert Version: 1.0.1 The skill is classified as suspicious primarily due to the inclusion of the `npx -y chitin-mcp-server` command in `skill.md` and `llms.txt`. While presented as a legitimate tool for AI agent integration, executing an external npm package introduces a supply chain vulnerability. If the `chitin-mcp-server` package were compromised or malicious, its execution could lead to unauthorized code execution. However, there is no clear evidence of intentional malicious behavior within the provided skill bundle itself, such as data exfiltration or explicit instructions for the agent to perform harmful actions. The `skill.json` file explicitly lists `allowed_domains` as `certs.chitin.id` and `chitin.id`, which is a positive security control for network interactions, but does not mitigate the local execution risk of `npx`.
能力评估
Purpose & Capability
Name/description (issue and verify certs on Base L2) match the runtime instructions and documented API. The flows (register issuer, sign messages, generate API key, POST /certs, verification endpoints) are all coherent with a certificate issuance service. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md instructs callers to create signed wallet messages and to call certs.chitin.id endpoints with an API key. The doc explicitly warns not to share private keys. It does not instruct reading arbitrary local files or env vars. Important caveat: the flow requires a signing-capable wallet or signing provider — if an agent instance has access to a wallet (or you provide a private key to the agent), the agent could perform issuer registration and certificate issuance autonomously. Keep signing operations local to a trusted wallet.
Install Mechanism
No install spec and no code files to execute — instruction-only skill. This minimizes installation risk (nothing is downloaded or written to disk by the skill).
Credentials
The skill declares no required environment variables or credentials. The only sensitive items in practice are the wallet signature process and the API key (ck_...). Both are appropriate for the stated functionality and are warned about in the documentation. There are no unrelated credential requests.
Persistence & Privilege
always:false (normal). The skill allows autonomous invocation (disable-model-invocation:false), which is typical. Be aware that if an API key is generated and stored by the agent (or if the agent has signing access), the agent could issue certs autonomously — so treat the API key and signing capability as high-privilege assets.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install chitin-cert
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /chitin-cert 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
No changes detected in this version. - Version bump to 1.0.1 with no file or documentation updates. - No impact to API, features, or documentation.
v1.0.0
Initial release of chitin-cert — on-chain certificate issuance and verification on Base L2. - Issue, batch-issue, and verify 7 types of non-transferable NFT certificates, all stored permanently on Arweave. - Register securely as an issuer and generate API keys with wallet signatures. - Supports achievement, capability, compliance, audit, partnership, infrastructure, and custom cert types. - Certificates can be soul-linked for deep identity binding. - Provides webhooks for real-time cert minting notifications. - Comprehensive API for issuing, querying, and verifying certificates.
元数据
Slug chitin-cert
版本 1.0.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Chitin Cert 是什么?

Issue and verify on-chain certificates on Base L2. Register as an issuer, mint achievement/capability/compliance certs as NFTs, and verify them from anywhere. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 495 次。

如何安装 Chitin Cert?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install chitin-cert」即可一键安装,无需额外配置。

Chitin Cert 是免费的吗?

是的,Chitin Cert 完全免费(开源免费),可自由下载、安装和使用。

Chitin Cert 支持哪些平台?

Chitin Cert 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Chitin Cert?

由 Tiida Tech(@eijiac24)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论