← 返回 Skills 市场
rosasalberto

Didit Email Verification

作者 Didit · GitHub ↗ · v1.2.0
cross-platform ✓ 安全检测通过
375
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install didit-email-verification
功能描述
Integrate Didit Email Verification standalone API to verify email addresses via OTP. Use when the user wants to verify emails, send email OTP codes, check em...
使用说明 (SKILL.md)

Didit Email Verification API

Overview

Two-step email verification via one-time code:

  1. Send a verification code to an email address
  2. Check the code the user provides

Key constraints:

  • Code expires after 5 minutes
  • Maximum 3 verification attempts per code (then must resend)
  • Maximum 2 resend requests within 24 hours
  • You must call Send before Check — Check returns "Expired or Not Found" otherwise

Capabilities: Detects breached emails (via known data breaches), disposable/temporary email providers, and undeliverable addresses. Supports fraud signals for risk scoring.

API Reference: Send Code | Check Code Feature Guide: https://docs.didit.me/core-technology/email-verification/overview

Authentication

All requests require an API key via the x-api-key header.

How to obtain: Didit Business Console → API & Webhooks → Copy API key, or via programmatic registration (see below).

x-api-key: your_api_key_here

401 = API key missing or invalid. 403 = key lacks permissions or insufficient credits.

Getting Started (No Account Yet?)

If you don't have a Didit API key, create one in 2 API calls:

  1. Register: POST https://apx.didit.me/auth/v2/programmatic/register/ with {"email": "[email protected]", "password": "MyStr0ng!Pass"}
  2. Check email for a 6-character OTP code
  3. Verify: POST https://apx.didit.me/auth/v2/programmatic/verify-email/ with {"email": "[email protected]", "code": "A3K9F2"} → response includes api_key

To add credits: GET /v3/billing/balance/ to check, POST /v3/billing/top-up/ with {"amount_in_dollars": 50} for a Stripe checkout link.

See the didit-verification-management skill for full platform management (workflows, sessions, users, billing).

Step 1: Send Email Code

Sends a one-time verification code to the specified email address.

Request

POST https://verification.didit.me/v3/email/send/

Headers

Header Value Required
x-api-key Your API key Yes
Content-Type application/json Yes

Body (JSON)

Parameter Type Required Default Constraints Description
email string Yes Valid email Email address to send code to
options.code_size integer No 6 Min: 4, Max: 8 Length of the verification code
options.alphanumeric_code boolean No false true = A-Z + 0-9 (case-insensitive)
options.locale string No Max 5 chars Locale for email template. e.g. en-US
signals.ip string No IPv4 or IPv6 User's IP for fraud detection
signals.device_id string No Max 255 chars Unique device identifier
signals.user_agent string No Max 512 chars Browser/client user agent
vendor_data string No Your identifier for session tracking

Example

import requests

response = requests.post(
    "https://verification.didit.me/v3/email/send/",
    headers={"x-api-key": "YOUR_API_KEY", "Content-Type": "application/json"},
    json={
        "email": "[email protected]",
        "options": {"code_size": 6},
        "signals": {"ip": "203.0.113.42"},
        "vendor_data": "session-abc-123",
    },
)
print(response.status_code, response.json())

const response = await fetch("https://verification.didit.me/v3/email/send/", {
  method: "POST",
  headers: { "x-api-key": "YOUR_API_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({
    email: "[email protected]",
    options: { code_size: 6 },
    signals: { ip: "203.0.113.42" },
  }),
});

Response (200 OK)

{
  "request_id": "e39cb057-92fc-4b59-b84e-02fec29a0f24",
  "status": "Success",
  "reason": null
}

Status Values & Handling

Status Meaning Action
"Success" Code sent Proceed — wait for user to provide code, then call Check
"Retry" Temporary delivery issue Wait a few seconds and retry Send (max 2 retries)
"Undeliverable" Email cannot receive mail Inform user the email is invalid or cannot receive messages

Error Responses

Code Meaning Action
400 Invalid request body or email Check email format and parameter constraints
401 Invalid or missing API key Verify x-api-key header
403 Insufficient credits/permissions Check credits in Business Console
429 Rate limited Back off and retry after indicated period

Step 2: Check Email Code

Verifies the code the user received. Must be called after a successful Send. Optionally auto-declines risky emails.

Request

POST https://verification.didit.me/v3/email/check/

Headers

Header Value Required
x-api-key Your API key Yes
Content-Type application/json Yes

Body (JSON)

Parameter Type Required Default Values Description
email string Yes Valid email Same email used in Step 1
code string Yes 4-8 chars The code the user received
duplicated_email_action string No "NO_ACTION" "NO_ACTION" / "DECLINE" Decline if email already verified by another user
breached_email_action string No "NO_ACTION" "NO_ACTION" / "DECLINE" Decline if email found in data breaches
disposable_email_action string No "NO_ACTION" "NO_ACTION" / "DECLINE" Decline if email is disposable/temporary
undeliverable_email_action string No "NO_ACTION" "NO_ACTION" / "DECLINE" Decline if email is undeliverable

Policy note: When an action is "DECLINE", verification is rejected even if the code is correct. The email.* fields are still populated so you can inspect why.

Example

response = requests.post(
    "https://verification.didit.me/v3/email/check/",
    headers={"x-api-key": "YOUR_API_KEY", "Content-Type": "application/json"},
    json={
        "email": "[email protected]",
        "code": "123456",
        "breached_email_action": "DECLINE",
        "disposable_email_action": "DECLINE",
    },
)

const response = await fetch("https://verification.didit.me/v3/email/check/", {
  method: "POST",
  headers: { "x-api-key": "YOUR_API_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({
    email: "[email protected]",
    code: "123456",
    breached_email_action: "DECLINE",
    disposable_email_action: "DECLINE",
  }),
});

Response (200 OK)

{
  "request_id": "e39cb057-92fc-4b59-b84e-02fec29a0f24",
  "status": "Approved",
  "message": "The verification code is correct.",
  "email": {
    "status": "Approved",
    "email": "[email protected]",
    "is_breached": false,
    "breaches": [],
    "is_disposable": false,
    "is_undeliverable": false,
    "verification_attempts": 1,
    "verified_at": "2025-09-15T17:36:19.963451Z",
    "warnings": [],
    "lifecycle": [
      {"type": "EMAIL_VERIFICATION_MESSAGE_SENT", "timestamp": "...", "fee": 0.03},
      {"type": "VALID_CODE_ENTERED", "timestamp": "...", "fee": 0}
    ]
  },
  "created_at": "2025-09-15T17:36:19.703719+00:00"
}

Status Values & Handling

Status Meaning Action
"Approved" Code correct, no policy violations Email verified — proceed with your flow
"Failed" Code incorrect Ask user to re-enter. After 3 failures, resend a new code
"Declined" Code correct but policy violation Inform user. Check email.warnings for reason
"Expired or Not Found" No pending code Code expired (>5 min) or Send was never called. Resend

Error Responses

Code Meaning Action
400 Invalid request body Check email and code format
401 Invalid or missing API key Verify x-api-key header
403 Insufficient credits/permissions Check credits in Business Console
404 Code expired or not found Resend a new code via Step 1

Response Field Reference

email Object

Field Type Description
status string "Approved", "Failed", "Declined"
email string The email address verified
is_breached boolean Found in known data breaches
breaches array Breach details: {name, domain, breach_date, data_classes, breach_emails_count}
is_disposable boolean From a disposable/temporary provider
is_undeliverable boolean Cannot receive email
verification_attempts integer Number of check attempts (max 3)
verified_at string ISO 8601 timestamp when verified (null if not)
warnings array Risk warnings: {risk, log_type, short_description, long_description}
lifecycle array Event log: {type, timestamp, fee}

Warning Tags

Tag Description Auto-Decline
EMAIL_CODE_ATTEMPTS_EXCEEDED Max code entry attempts exceeded Yes
EMAIL_IN_BLOCKLIST Email is in blocklist Yes
UNDELIVERABLE_EMAIL_DETECTED Email cannot be delivered Yes
BREACHED_EMAIL_DETECTED Found in known data breaches Configurable
DISPOSABLE_EMAIL_DETECTED Disposable/temporary provider Configurable
DUPLICATED_EMAIL Already verified by another user Configurable

Warning severity levels: error (critical), warning (requires attention), information (informational).

Common Workflows

Basic Email Verification

1. POST /v3/email/send/   → {"email": "[email protected]"}
2. Wait for user to provide the code
3. POST /v3/email/check/  → {"email": "[email protected]", "code": "123456"}
4. If "Approved"            → email is verified
   If "Failed"              → ask user to retry (up to 3 attempts)
   If "Expired or Not Found"→ go back to step 1

Strict Security Verification

1. POST /v3/email/send/   → include signals.ip, signals.device_id, signals.user_agent
2. Wait for user to provide the code
3. POST /v3/email/check/  → set all *_action fields to "DECLINE"
4. If "Approved"  → safe to proceed
   If "Declined" → check email.warnings for reason, block or warn user

Utility Scripts

verify_email.py: Send and check email verification codes from the command line.

# Requires: pip install requests
export DIDIT_API_KEY="your_api_key"

python scripts/verify_email.py send [email protected]
python scripts/verify_email.py check [email protected] 123456 --decline-breached --decline-disposable

Can also be imported as a library:

from scripts.verify_email import send_code, check_code

send_result = send_code("[email protected]")
check_result = check_code("[email protected]", "123456", decline_breached=True)
安全使用建议
This skill appears to do only what it says: call Didit's email verification endpoints. Before installing, verify you trust Didit and are comfortable sending email addresses and optional fraud signals (IP, device_id, user_agent) to their service. Note: the package includes a Python script that requires a Python runtime and the 'requests' library but the skill lists no install steps or binaries—ensure your agent environment can run it or that the agent will instead call the REST endpoints directly. Be aware the SKILL.md documents a programmatic registration flow that will send an email and password to Didit to obtain an API key; only use that if you trust the endpoint. Finally, check billing/credit implications in Didit's docs (the skill references account/credits endpoints).
功能分析
Type: OpenClaw Skill Name: didit-email-verification Version: 1.2.0 The skill bundle is designed for email verification using the Didit API. The `SKILL.md` documentation clearly outlines the API endpoints and usage, including instructions for programmatic account registration and billing, which are legitimate API features. The `scripts/verify_email.py` utility script correctly retrieves the `DIDIT_API_KEY` from environment variables and makes standard HTTP requests to the documented Didit API endpoints (`verification.didit.me`, `apx.didit.me`). There is no evidence of intentional harmful behavior such as credential theft, data exfiltration to unauthorized destinations, arbitrary command execution, persistence mechanisms, or explicit prompt injection attempts against the agent to perform malicious actions. All observed behaviors align with the stated purpose of email verification.
能力评估
Purpose & Capability
Name/description match the behavior: the SKILL.md and the included Python script call Didit endpoints to send and check OTPs and optionally supply fraud signals. The single required env var (DIDIT_API_KEY) is appropriate for this purpose.
Instruction Scope
Runtime instructions focus on sending/checking email OTPs and optional fraud signals (ip, device_id, user_agent). They do not instruct the agent to read unrelated system files or other credentials. The SKILL.md does include a programmatic registration flow (to obtain an API key) which will send an email/password to Didit—this is consistent with onboarding but worth noting.
Install Mechanism
There is no install spec (instruction-only), but a runnable Python script is included that uses the 'requests' library. The skill does not declare Python or the 'requests' dependency or required binaries; deploying or running the script will require a Python runtime and the requests package present in the environment.
Credentials
Only DIDIT_API_KEY is required and it is the primary credential for the Didit API. No additional unrelated secrets or config paths are requested.
Persistence & Privilege
always is false, the skill does not request permanent/global agent presence, and it does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install didit-email-verification
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /didit-email-verification 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Email OTP verification with fraud signals, updated API refs
v1.0.0
Didit Email Verification v1.2.0 — Feature and security enhancements - Introduced options for policy-based auto-decline of risky emails (breached, disposable, undeliverable, or already-verified emails). - Expanded API documentation with clear error codes, status handling, and policy options. - Added support for fraud detection via IP, device ID, and user agent signals. - Code expiration, resend, and verification attempt limits now explicitly documented. - Enhanced input customization: configurable code length (4–8 digits) and alphanumeric codes.
元数据
Slug didit-email-verification
版本 1.2.0
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Didit Email Verification 是什么?

Integrate Didit Email Verification standalone API to verify email addresses via OTP. Use when the user wants to verify emails, send email OTP codes, check em... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 375 次。

如何安装 Didit Email Verification?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install didit-email-verification」即可一键安装,无需额外配置。

Didit Email Verification 是免费的吗?

是的,Didit Email Verification 完全免费(开源免费),可自由下载、安装和使用。

Didit Email Verification 支持哪些平台?

Didit Email Verification 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Didit Email Verification?

由 Didit(@rosasalberto)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论