← 返回 Skills 市场
Robot Id Card
作者
Cosmos Fang
· GitHub ↗
· v0.4.0
· MIT-0
141
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install robot-id-card
功能描述
Bot 身份认证标准 — 为 AI Agent 和机器人签发加密身份证书,让网站信任你的 bot。 遵循 RFC 9421 HTTP Message Signatures 国际标准,与 Cloudflare Web Bot Auth 生态兼容。 内置 Ed25519 签名注册中心、JWKS 公钥目录、nonce...
安全使用建议
This project appears coherent for providing bot identity and verification (registry + CLI + SDK + extension). Before installing or deploying: 1) Review the browser extension/background code to ensure it does not exfiltrate private keys or inject credentials to unintended hosts; 2) Keep generated private key files (bot.key.json / bot.ric.json) protected and do not publish them; 3) If you deploy the registry, set a strong RIC_ADMIN_KEY and run it in an isolated environment (or behind proper access controls); 4) Audit third‑party npm dependencies (npm install will pull many packages) and avoid installing globally on systems you do not trust; 5) If you need higher assurance, run the CLI/registry locally first and inspect network traffic to confirm private keys are never transmitted.
功能分析
Type: OpenClaw Skill
Name: robot-id-card
Version: 0.4.0
The bundle implements a comprehensive bot identity standard (Robot ID Card) using Ed25519 signatures and RFC 9421. It includes a registry server (Fastify/SQLite), a CLI tool, a website SDK, and a browser extension. While the project handles sensitive cryptographic keys and the extension requires broad permissions to inject headers into outgoing requests, these capabilities are strictly aligned with the stated purpose of providing a 'bot passport' for authentication. The code includes security best practices such as nonce-based replay protection, automated reputation flagging, and local-only private key storage. No evidence of data exfiltration, backdoors, or malicious prompt injection was found across the packages.
能力标签
能力评估
Purpose & Capability
Name/description, declared requirements (Node >=18, npm), and included packages (registry, CLI, SDK, browser extension, dashboard) align with the stated purpose of issuing and verifying bot identity certificates. The code files implement a Fastify registry, CLI, SDK middleware and extension — all expected for this project.
Instruction Scope
SKILL.md sticks to the expected operations (keygen, register, claim, sign, run local registry, integrate middleware). It explicitly states private keys remain local and that the registry persists in SQLite. Caution: the browser extension and CLI write/read local key/certificate files; you should audit the extension/background logic and confirm private keys are never transmitted or read by the registry/extension in unexpected ways before use.
Install Mechanism
No special install spec in the skill bundle (instruction-only), and the repo recommends git clone + npm install or clawhub install. GitHub and npm (registry) are used — standard channels. Running npm install will pull third-party dependencies (package-lock.json lists many), so normal supply-chain risk applies; there are no unusual download URLs or URL shorteners in the instructions.
Credentials
SKILL.md declares no required environment variables for normal local use. The only notable secret is an optional RIC_ADMIN_KEY for deployed admin operations (Render). That credential is proportional to running a registry admin UI and is documented as deployment-only.
Persistence & Privilege
The skill runs as the invoking user and persists data in repository-local paths (SQLite under packages/registry/data or /data when deployed). It does not demand elevated privileges nor set always:true. Note that keys and certificates are stored on disk; keep them protected and consider running the registry in an isolated environment for production.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install robot-id-card - 安装完成后,直接呼叫该 Skill 的名称或使用
/robot-id-card触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.0
v0.4.0: RFC 9421 HTTP Message Signatures alignment — standard Signature/Signature-Input/Signature-Agent headers, JWKS well-known endpoint, nonce replay protection, ric sign command, backward compat with X-RIC-* (deprecated)
v0.2.0
Version 0.2.0 (robot-id-card)
- Introduces a universal identity standard for AI bots with cryptographically signed Ed25519 certificates.
- Includes a public registry (Fastify + SQLite), CLI tool, browser extension (Manifest V3), and website SDKs for Express/Fastify.
- Adds a permission-based access control system (levels 0–5) and daily reputation accrual with auto-upgrade/downgrade based on activity or reports.
- Ensures bot privacy: keys are only stored locally, with no third-party API credentials required.
- Provides easy local deployment, persistent storage, and full uninstall via project directory removal.
元数据
常见问题
Robot Id Card 是什么?
Bot 身份认证标准 — 为 AI Agent 和机器人签发加密身份证书,让网站信任你的 bot。 遵循 RFC 9421 HTTP Message Signatures 国际标准,与 Cloudflare Web Bot Auth 生态兼容。 内置 Ed25519 签名注册中心、JWKS 公钥目录、nonce... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 141 次。
如何安装 Robot Id Card?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install robot-id-card」即可一键安装,无需额外配置。
Robot Id Card 是免费的吗?
是的,Robot Id Card 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Robot Id Card 支持哪些平台?
Robot Id Card 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Robot Id Card?
由 Cosmos Fang(@cosmofang)开发并维护,当前版本 v0.4.0。
推荐 Skills