← 返回 Skills 市场
1.
2.
3.
4.
5.
6.
Identity Trust
作者
Justin Liu
· GitHub ↗
· v1.0.0
264
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install identity-trust
功能描述
Decentralized Identity (DID) and Verifiable Credentials management for AI Agents
使用说明 (SKILL.md)
🔐 Identity Trust Skill
Decentralized Identity (DID) and Verifiable Credentials management system for AI Agents, built on W3C DID Core and W3C Verifiable Credentials standards.
📋 Overview
Identity Trust provides a complete solution for decentralized identity management, enabling AI agents to:
- Create and manage Decentralized Identifiers (DIDs)
- Issue and verify W3C-compliant Verifiable Credentials
- Establish trust relationships between agents
- Manage cryptographic keys securely
- Store identity data locally with privacy
📦 Installation
Step 1: Install the Package
Option A: Via npm (Recommended)
# Install globally for CLI access
npm install -g openclaw-identity-trust
# Verify installation
identity-trust --version
Option B: From GitHub
# Clone repository
git clone https://github.com/ZhenRobotics/openclaw-identity-trust.git
cd openclaw-identity-trust
# Install dependencies
npm install
# Build
npm run build
Step 2: Verify Installation
# Check CLI is working
identity-trust info
# Create your first DID
identity-trust did create
🚀 Usage
When to Use This Skill
AUTO-TRIGGER when user's message contains:
- Keywords:
DID,verifiable credential,identity,trust,decentralized identity - Asks about creating or managing digital identities
- Needs to verify credentials or establish trust
- Wants to implement W3C DID/VC standards
- Building agent authentication systems
TRIGGER EXAMPLES:
- "Create a DID for my AI agent"
- "Issue a verifiable credential"
- "How do I verify this credential?"
- "Set up decentralized identity for authentication"
- "Evaluate trust level of this agent"
DO NOT USE when:
- Only general identity/password management (use password managers)
- OAuth/SAML authentication (use standard auth libraries)
- Simple user accounts (use traditional databases)
🎯 Core Features
1. DID Management
- did:key - Self-contained, no registry needed
- did:web - Web-hosted DIDs for public verification
- did:ethr - Ethereum-based DIDs (basic support)
2. Verifiable Credentials
- W3C VC Data Model 1.1 compliant
- Ed25519 and secp256k1 signatures
- Expiration date management
- Custom claims support
3. Trust Evaluation
- Policy-based trust scoring
- Credential verification
- Issuer trust chains
- Reputation systems
4. Security
- Ed25519 modern cryptography (default)
- secp256k1 Ethereum-compatible signatures
- Local key storage at
~/.openclaw/identity/ - No external key dependencies
💻 Tools
This skill provides 6 core tools for AI agents:
1. did_create - Create Decentralized Identifiers
Create a new DID for an agent or entity.
Parameters:
method(string, optional): DID method -key,web, orethr(default:key)keyType(string, optional): Cryptographic key type -Ed25519orsecp256k1(default:Ed25519)save(boolean, optional): Save to local storage (default:true)
Returns:
did(string): The generated DID identifierdocument(object): Complete DID Document
Example:
identity-trust did create --method key --key-type Ed25519
2. did_resolve - Resolve DIDs to Documents
Resolve a DID to its DID Document.
Parameters:
did(string, required): DID to resolve (e.g.,did:key:z6Mkf...)
Returns:
document(object): DID Document with verification methods
Example:
identity-trust did resolve did:key:z6MkfzZZD5gxQ...
3. vc_issue - Issue Verifiable Credentials
Issue a W3C-compliant verifiable credential.
Parameters:
issuerDid(string, required): Issuer's DIDsubjectDid(string, required): Subject's DIDclaims(object, required): Claims to include in credentialtype(string, optional): Credential type (default:VerifiableCredential)expirationDays(number, optional): Expiration in days
Returns:
credential(object): Signed verifiable credential
Example:
identity-trust vc issue \
--issuer did:key:z6Mkf... \
--subject did:key:z6Mkp... \
--claims '{"role":"developer","level":"senior"}' \
--expiration 90
4. vc_verify - Verify Credentials
Verify the authenticity and validity of a verifiable credential.
Parameters:
credential(object, required): Credential to verifycheckExpiration(boolean, optional): Check expiration date (default:true)
Returns:
verified(boolean): Whether credential is validchecks(object): Detailed verification results
Example:
identity-trust vc verify \x3Ccredential-id>
5. identity_list - List Identities
List all stored DIDs and credentials.
Parameters: None
Returns:
dids(array): List of stored DIDscredentials(array): List of stored credentials
Example:
identity-trust did list
identity-trust vc list
6. trust_evaluate - Evaluate Agent Trust
Evaluate the trust level of an agent based on their credentials and policy.
Parameters:
agentDid(string, required): Agent DID to evaluatepolicy(object, optional): Trust policy configuration
Returns:
trustLevel(number): Trust score (0-100)credentials(array): Credentials used for evaluationpassed(boolean): Whether agent meets policy requirements
Example:
# Programmatic usage
import { evaluateTrust } from 'openclaw-identity-trust';
const result = await evaluateTrust('did:key:z6Mkf...', {
minimumTrustLevel: 60,
requiredCredentials: ['IdentityCredential'],
trustedIssuers: ['did:key:authority...']
});
📚 CLI Commands
Three command aliases available:
openclaw-identity-trustidentity-trustidt
DID Commands
# Create a new DID
identity-trust did create [--method \x3Ckey|web|ethr>] [--key-type \x3CEd25519|secp256k1>]
# Resolve a DID
identity-trust did resolve \x3Cdid>
# List all DIDs
identity-trust did list
Verifiable Credential Commands
# Issue a credential
identity-trust vc issue \
--issuer \x3Cdid> \
--subject \x3Cdid> \
--claims '\x3Cjson>' \
[--type \x3Ctype>] \
[--expiration \x3Cdays>]
# Verify a credential
identity-trust vc verify \x3Ccredential-id-or-json>
# List credentials
identity-trust vc list [--subject \x3Cdid>]
Utility Commands
# Export all data
identity-trust export
# Show system information
identity-trust info
🔧 Programmatic API
Use as a Node.js library in your applications:
import {
generateDID,
resolveDID,
issueCredential,
verifyCredential,
LocalStorage
} from 'openclaw-identity-trust';
// Initialize storage
const storage = new LocalStorage();
await storage.initialize();
// Create a DID
const { did, document, keyPair } = await generateDID('key', {
keyType: 'Ed25519'
});
console.log('Created DID:', did);
// Issue a credential
const credential = await issueCredential({
issuerDid: 'did:key:issuer...',
issuerKeyPair: keyPair,
subjectDid: did,
claims: {
role: 'ai-agent',
capabilities: ['read', 'write', 'execute']
},
expirationDate: new Date(Date.now() + 90 * 24 * 60 * 60 * 1000)
});
// Verify credential
const result = await verifyCredential(credential, {
checkExpiration: true,
localStore: storage.getDIDStore()
});
console.log('Verified:', result.verified);
🎓 Use Cases
1. AI Agent Identity
Create persistent identities for AI agents:
# Create agent DID
identity-trust did create --method key
# Issue capability credential
identity-trust vc issue \
--issuer did:key:authority... \
--subject did:key:agent... \
--claims '{"agent":"GPT-Agent-001","capabilities":["api_access","data_read"]}'
2. Service Authentication
Authenticate agents accessing services:
const credential = await storage.getCredential(credentialId);
const result = await verifyCredential(credential);
if (result.verified) {
// Grant access to service
console.log('Access granted');
} else {
console.log('Access denied:', result.error);
}
3. Trust Networks
Build trust relationships between agents:
const trust = await evaluateTrust(agentDid, {
minimumTrustLevel: 60,
requiredCredentials: ['IdentityCredential', 'CapabilityCredential'],
trustedIssuers: [authorityDid],
allowExpired: false
});
if (trust.passed) {
console.log(`Agent trusted with level: ${trust.trustLevel}%`);
}
📐 Technical Standards
This implementation follows:
- W3C DID Core 1.0 - Decentralized Identifiers specification
- W3C Verifiable Credentials Data Model 1.1 - Verifiable credentials standard
- Ed25519 Signature 2020 - Modern cryptographic signatures
- Multibase Encoding - Base58btc encoding for did:key
🔒 Security
Cryptography
- Ed25519 - Modern elliptic curve signatures (default)
- secp256k1 - Ethereum-compatible signatures
- @noble/curves - Audited cryptography library
- @noble/hashes - Secure hashing
Key Storage
- Private keys stored locally at
~/.openclaw/identity/ - No cloud storage or external dependencies
- User controls all cryptographic material
Best Practices
- Never share private keys
- Always set expiration dates on credentials
- Verify credentials before trusting
- Use strong trust policies for critical operations
- Rotate keys periodically
🛠️ Configuration
Storage Location
Default: ~/.openclaw/identity/
Structure:
~/.openclaw/identity/
├── dids.json # Stored DID documents
├── credentials.json # Issued/received credentials
└── keys.json # Encrypted private keys
Environment Variables
# Optional: Custom storage path
OPENCLAW_IDENTITY_PATH=/custom/path
# For did:web resolution (if using network)
OPENCLAW_IDENTITY_NETWORK_ENABLED=true
📊 Comparison with Alternatives
| Feature | Identity Trust | Traditional Auth | OAuth/SAML |
|---|---|---|---|
| Decentralized | ✅ | ❌ | ❌ |
| Self-sovereign | ✅ | ❌ | ❌ |
| W3C Standards | ✅ | ❌ | ❌ |
| No Central Authority | ✅ | ❌ | ❌ |
| Cryptographic Proofs | ✅ | 🟡 | 🟡 |
| Agent-to-Agent | ✅ | ❌ | 🟡 |
| Offline Verification | ✅ | ❌ | ❌ |
🐛 Troubleshooting
Common Issues
Problem: Error: Private key not found
# Solution: Ensure DID was saved when created
identity-trust did create --save
Problem: Error: Failed to resolve DID
# Solution: Check DID format and network settings
identity-trust did resolve did:key:z6Mkf...
Problem: Error: Signature verification failed
# Solution: Check issuer DID and credential integrity
identity-trust vc verify --no-expiration \x3Ccredential>
📖 Documentation
- Full Documentation: README.md
- Quick Start Guide: QUICKSTART.md
- API Reference: src/types.ts
- GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
- npm Package: https://www.npmjs.com/package/openclaw-identity-trust
🔄 Updates & Changelog
v1.0.0 (2026-03-08)
Initial release with:
- DID generation and resolution (did:key, did:web, did:ethr)
- Verifiable Credential issuance and verification
- Trust evaluation system
- CLI tool with 3 command aliases
- Programmatic API
- Local storage with encryption
- W3C standards compliance
🤝 Contributing
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
📄 License
MIT License - see LICENSE
🔗 Links
- GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
- npm: https://www.npmjs.com/package/openclaw-identity-trust
- ClawHub: https://clawhub.ai/ZhenStaff/identity-trust
- Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues
💬 Support
- Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues
- Discussions: https://github.com/ZhenRobotics/openclaw-identity-trust/discussions
- Email: [email protected]
Built with ❤️ for the OpenClaw ecosystem
安全使用建议
This skill describes a legitimate DID/Verifiable Credentials toolset, but the registry package contains only instructions — the actual implementation is an external npm/GitHub package (openclaw-identity-trust). Before installing or letting an agent run these commands: 1) Inspect the npm package and the GitHub repository (owner, recent commits, open issues, README, license) to ensure you trust the author. 2) Review the package code (especially code that writes keys.json/keys handling and any network calls). 3) Avoid global npm installs on a production machine; prefer installing in an isolated environment (container/VM) and verify package integrity (checksums). 4) Treat the local storage path (~/.openclaw/identity/) as sensitive: ensure keys are encrypted, use secure file permissions, and back up/rotate keys per best practices. 5) If you do not want the agent to autonomously install/run third‑party code, do not grant it permission to execute shell/npm commands — run the audit and installation manually. If you want me to, I can fetch and summarize the GitHub repo and npm package metadata (owner, versions, recent activity) to help you decide.
功能分析
Type: OpenClaw Skill
Name: identity-trust
Version: 1.0.0
The identity-trust skill provides a standard implementation of W3C Decentralized Identity (DID) and Verifiable Credentials (VC) management for AI agents. It includes tools for creating DIDs (did:key, did:web, did:ethr), issuing/verifying credentials, and evaluating trust scores. The skill uses local storage at ~/.openclaw/identity/ for keys and documents, and its instructions in SKILL.md are strictly aligned with its stated purpose. No evidence of malicious intent, data exfiltration, or prompt injection was found.
能力评估
Purpose & Capability
The name and description match the SKILL.md content (DID and Verifiable Credentials). However the SKILL.md advertises 6 runnable tools and a Node.js library while the registry contains no code or install spec — meaning the skill as published is instruction-only and relies on an external npm/GitHub package (openclaw-identity-trust) to provide the actual functionality. That mismatch is an incoherence (not necessarily malicious) the user should understand.
Instruction Scope
The instructions explicitly tell users/agents to install and run an external npm package or clone a GitHub repo, resolve DIDs potentially over the network (did:web), and read/write cryptographic material to ~/.openclaw/identity/ (dids.json, credentials.json, keys.json). Those file path operations and optional network calls are relevant to DID/VC tasks but are sensitive: private keys will be written to disk and network resolution may contact external endpoints. The SKILL.md also contains AUTO-TRIGGER rules for agent invocation — fine, but the runtime actions implied (installing and executing third-party code, file I/O, network access) are not captured in registry requirements.
Install Mechanism
The registry exposes no install spec, but SKILL.md recommends installing via npm (-g) or cloning a GitHub repo. Installing an npm package or code from GitHub runs third-party code on the user's machine and can execute arbitrary actions. While npm and GitHub are common sources, the registry's lack of bundled code or an explicit verified install spec means the skill depends on an external package that should be audited before installation.
Credentials
The skill declares no required environment variables, which matches the registry. SKILL.md mentions optional env vars (OPENCLAW_IDENTITY_PATH, OPENCLAW_IDENTITY_NETWORK_ENABLED) appropriate for customizing storage and network behavior. The main sensitivity is local private key storage (keys.json). No unrelated credentials are requested in metadata, which is proportionate, but storing private keys locally is inherently high-value and should be handled carefully.
Persistence & Privilege
always is false and there are no declared persistent privileges. The skill does instruct storing data under ~/.openclaw/identity/ but does not claim to modify other skills or system-wide configs. Autonomous invocation is allowed by default — combine that with other flags (if you plan to allow the agent to run installation commands) and consider restricting execution if you don't trust the external package.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install identity-trust - 安装完成后,直接呼叫该 Skill 的名称或使用
/identity-trust触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Identity Trust 是什么?
Decentralized Identity (DID) and Verifiable Credentials management for AI Agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 264 次。
如何安装 Identity Trust?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install identity-trust」即可一键安装,无需额外配置。
Identity Trust 是免费的吗?
是的,Identity Trust 完全免费(开源免费),可自由下载、安装和使用。
Identity Trust 支持哪些平台?
Identity Trust 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Identity Trust?
由 Justin Liu(@zhenstaff)开发并维护,当前版本 v1.0.0。
推荐 Skills