功能描述

Integrate Didit Database Validation API to verify personal data against government databases. Use when the user wants to validate identity against government...

使用说明 (SKILL.md)

Didit Database Validation API

Name: Didit Database Validation
Author: rosasalberto

Overview

Verifies personal data and identity documents against trusted government and financial databases. Prevents synthetic identity fraud and ensures identity authenticity.

Key constraints:

Requires at least the national ID/document number for the target country
Coverage: 18 countries (primarily Latin America + Spain)
Results: full_match, partial_match, or no_match
Only charged per successful query — no charge if insufficient data

Matching methods:

Method	Description	Starting Price
1x1	Single data source validation	$0.05
2x2	Two data sources cross-validation	$0.30

API Reference: https://docs.didit.me/standalone-apis/database-validation Feature Guide: https://docs.didit.me/core-technology/database-validation/overview Supported Countries: https://docs.didit.me/core-technology/database-validation/database-validation-supported-countries

Authentication

All requests require x-api-key header. Get your key from Didit Business Console → API & Webhooks, or via programmatic registration (see below).

Getting Started (No Account Yet?)

If you don't have a Didit API key, create one in 2 API calls:

Register: POST https://apx.didit.me/auth/v2/programmatic/register/ with {"email": "[email protected]", "password": "MyStr0ng!Pass"}
Check email for a 6-character OTP code
Verify: POST https://apx.didit.me/auth/v2/programmatic/verify-email/ with {"email": "[email protected]", "code": "A3K9F2"} → response includes api_key

To add credits: GET /v3/billing/balance/ to check, POST /v3/billing/top-up/ with {"amount_in_dollars": 50} for a Stripe checkout link.

See the didit-verification-management skill for full platform management (workflows, sessions, users, billing).

Endpoint

POST https://verification.didit.me/v3/database-validation/

Headers

Header	Value	Required
`x-api-key`	Your API key	Yes
`Content-Type`	`application/json`	Yes

Body (JSON)

Parameter	Type	Required	Description
`id_number`	string	Yes	Universal ID number — auto-maps to correct country field
`first_name`	string	No	First name for matching
`last_name`	string	No	Last name for matching
`date_of_birth`	string	No	DOB in `YYYY-MM-DD` (required for some countries)
`issuing_state`	string	No	ISO 3166-1 alpha-3 country code
`save_api_request`	boolean	No	Save in Business Console
`vendor_data`	string	No	Your identifier for session tracking

The id_number field auto-maps to the correct country-specific field:

Country	Mapped Field	Document	Format
ARG	`document_number`	DNI	—
BOL	`document_number`	CI	—
BRA	`tax_number`	CPF	11 digits
CHL	`personal_number`	RUT	—
COL	`personal_number`	Cedula	—
CRI	`personal_number`	Cedula	—
DOM	`personal_number`	Cedula	11 digits
ECU	`personal_number`	Cedula	10 digits
ESP	`personal_number`	DNI/NIE	—
GTM	`document_number`	DPI	—
HND	`document_number`	DNI	—
MEX	`personal_number`	CURP	18 chars
PAN	`document_number`	Cedula	—
PER	`personal_number`	DNI	8 digits
PRY	`document_number`	CI	—
SLV	`document_number`	DUI	—
URY	`personal_number`	CI	—
VEN	`document_number`	Cedula	—

Example

import requests

response = requests.post(
    "https://verification.didit.me/v3/database-validation/",
    headers={"x-api-key": "YOUR_API_KEY", "Content-Type": "application/json"},
    json={
        "id_number": "12345678",
        "first_name": "Carlos",
        "last_name": "Garcia",
        "issuing_state": "PER",
    },
)
print(response.json())

const response = await fetch("https://verification.didit.me/v3/database-validation/", {
  method: "POST",
  headers: { "x-api-key": "YOUR_API_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({
    id_number: "12345678",
    first_name: "Carlos",
    last_name: "Garcia",
    issuing_state: "PER",
  }),
});

Response (200 OK)

{
  "request_id": "a1b2c3d4-...",
  "database_validation": {
    "status": "Approved",
    "match_type": "full_match",
    "issuing_state": "PER",
    "validation_type": "1x1",
    "screened_data": {
      "personal_number": "12345678",
      "first_name": "Carlos",
      "last_name": "Garcia"
    },
    "validations": {
      "full_name": "full_match",
      "identification_number": "full_match"
    }
  }
}

Status Values & Handling

Status	Meaning	Action
`"Approved"`	Full match against government records	Identity confirmed
`"Declined"`	No match found	Identity could not be verified
`"In Review"`	Partial match or insufficient data	Review screened_data and validations

Error Responses

Code	Meaning	Action
`400`	Invalid request	Check ID number format for target country
`401`	Invalid API key	Verify `x-api-key` header
`403`	Insufficient credits	Top up at business.didit.me

Matching Logic

Name Matching

Result	Criteria
Full Match	Full name concatenation at 85% similarity (Levenshtein), OR First + Last both full match
Partial Match	Any single name component full match
No Match	No component reaches 70% similarity

Individual name components use 70% Levenshtein threshold. Example: "Christophel" vs "Christopher" = Full Match; "Chris" vs "Christopher" = No Match.

1x1 Decision

Match Type	Name	ID Number
`full_match`	Full Match	Full Match
`partial_match`	Partial Match	Full Match
`no_match`	All other combinations	—

2x2 Decision

Requires matching against 2 independent data sources:

Match Type	Condition
`full_match`	Both sources confirm name + ID
`partial_match`	One source confirms
`no_match`	Neither source confirms

DOB and ID number matching is exact only — no fuzzy matching.

Warning Tags

Tag	Description
`COULD_NOT_PERFORM_DATABASE_VALIDATION`	Missing required data — provide ID number, name, and country
`DATABASE_VALIDATION_PARTIAL_MATCH`	Partial match found — requires investigation
`DATABASE_VALIDATION_NO_MATCH`	No match found in government records

When COULD_NOT_PERFORM_DATABASE_VALIDATION fires, session goes to "In Review". Validation auto-retriggers once missing data is provided.

Supported Countries

Country	Method	Coverage	Required Input
Argentina	1x1	95%	Document number
Bolivia	1x1	95%	Document number + DOB
Brazil	1x1	95%	Tax number (CPF)
Chile	1x1	95%	Personal number (RUT)
Colombia	1x1	95%	Document number + type
Costa Rica	1x1	95%	Personal number
Dominican Republic	1x1	95%	Personal number
Ecuador	1x1 / 2x2	90-96%	Personal number
El Salvador	1x1	95%	Document number + DOB
Guatemala	1x1	95%	Document number
Honduras	1x1	95%	Document number
Mexico	1x1	95%	Personal number (CURP)
Panama	1x1	95%	Document number + DOB
Paraguay	1x1	95%	Document number
Peru	1x1 / 2x2	95-99%	Personal number
Spain	1x1	95%	Personal number + doc type + expiry
Uruguay	1x1	95%	Personal number + DOB
Venezuela	1x1	95%	Document number

Utility Scripts

validate_database.py: Validate identity against government databases from the command line.

# Requires: pip install requests
export DIDIT_API_KEY="your_api_key"
python scripts/validate_database.py --id-number 12345678 --country PER --first-name Carlos --last-name Garcia
python scripts/validate_database.py --id-number GARC850315HDFRRL09 --country MEX

安全使用建议

This skill appears internally consistent, but it deals with sensitive personal identity data — proceed with caution. Before installing: (1) Verify the Didit domains/endpoints (verification.didit.me and apx.didit.me) and that the documentation links in SKILL.md are genuine; (2) Keep DIDIT_API_KEY secret (use a secure secret store) and avoid printing keys to logs; the provided script prints responses which may include PII, so restrict logging and retention; (3) Confirm you have legal basis and user consent to validate identities and to transmit government ID numbers to a third-party service; (4) Be aware queries may incur per-request charges — test with non-production/test keys and review billing policies; (5) Note the skill's publisher is not clearly identified in the registry — if you don't trust the source, consider validating the code and endpoints independently before granting the API key. If you want a deeper assurance, request a signed provenance or vendor contact and confirm the API behavior against your own test account.

功能分析

Type: OpenClaw Skill Name: didit-database-validation Version: 1.1.0 The `SKILL.md` file contains instructions for programmatic account registration and billing top-up (e.g., `POST https://apx.didit.me/auth/v2/programmatic/register/`, `POST /v3/billing/top-up/`). If interpreted by an AI agent, these instructions could lead to unauthorized account creation or financial transactions, representing a significant prompt injection vulnerability. While the Python script `scripts/validate_database.py` is benign and performs its stated function securely, the instructions in the markdown pose a risk of unintended agent actions beyond the skill's core purpose of database validation.

能力评估

✓ Purpose & Capability

The skill is an identity-validation integration that requires only a Didit API key and calls https://verification.didit.me/v3/database-validation/. The declared primary env var (DIDIT_API_KEY) and the included Python script align with the described functionality; there are no unrelated credentials, binaries, or config paths requested.

✓ Instruction Scope

SKILL.md and the included script instruct only to construct JSON requests to Didit endpoints and handle responses. There are no instructions to read unrelated files, harvest other environment variables, or send data to third-party endpoints outside Didit's documented endpoints. The README does include programmatic registration steps that require an email/OTP flow, but it does not instruct the agent to access mailboxes or other unrelated state.

✓ Install Mechanism

There is no install spec and no downloaded archives; the skill is instruction-only with a small helper script. The script uses the Python 'requests' library (a standard third-party dependency) but the package is not pulled from an arbitrary URL. No high-risk install actions are present.

✓ Credentials

Only DIDIT_API_KEY is required and declared as the primary credential, which is proportionate for a 3rd-party API integration. No additional secrets, broad cloud credentials, or unrelated tokens are requested.

✓ Persistence & Privilege

The skill does not request permanent/always-on inclusion (always:false) and does not modify other skills or system-wide settings. Model invocation is allowed (platform default), which is expected for an integration skill.

版本历史

v1.1.0

Updated API refs, added utility script and feature guide

v1.0.0

Initial release: Integrates the Didit Database Validation API for verifying identity against government databases across Latin America and Spain. - Supports identity document validation for 18 countries using 1x1 and 2x2 matching methods. - Allows verification of national ID numbers, CPF/CURP/DNI/cedula numbers, and other identity documents. - Results classified as: full_match, partial_match, or no_match. - Requires at least a national ID/document number; additional fields (name, date of birth) improve verification. - Only charges for successful queries (no charge for insufficient data). - Includes detailed API usage instructions, response structures, matching logic, error handling, and supported country documentation.

元数据

Slug didit-database-validation

版本 1.1.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Didit Database Validation 是什么？

Integrate Didit Database Validation API to verify personal data against government databases. Use when the user wants to validate identity against government... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 467 次。

如何安装 Didit Database Validation？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install didit-database-validation」即可一键安装，无需额外配置。

Didit Database Validation 是免费的吗？

是的，Didit Database Validation 完全免费（开源免费），可自由下载、安装和使用。

Didit Database Validation 支持哪些平台？

Didit Database Validation 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Didit Database Validation？

由 Didit（@rosasalberto）开发并维护，当前版本 v1.1.0。

Didit Database Validation