← 返回 Skills 市场
manuelfelipearias

Soulprint

作者 Manuel Felipe Arias · GitHub ↗ · v1.0.25
cross-platform ⚠ suspicious
740
总下载
4
收藏
1
当前安装
25
版本数
在 OpenClaw 中安装
/install soulprint
功能描述
Soulprint decentralized identity verification for AI agents. v0.6.4 — blockchain-first architecture (no libp2p): state lives on Base Sepolia, 4 validator nod...
安全使用建议
This skill is coherent with its stated purpose, but it deals with sensitive identity data and installs an npm package that runs code on your machine. Before installing or running it: 1) confirm the exact npm package(s) and publisher (inspect the package on npm and GitHub) to ensure you're installing the official project; 2) run the CLI in a sandbox or container first; 3) do not provide private keys (ADMIN_PRIVATE_KEY) unless you intend to run a validator and fully trust the code; 4) verify the claim that OCR/face matching is 100% local (read the package source to confirm there are no unexpected network uploads); 5) confirm on-chain contract addresses and endpoints are correct; and 6) if you care about privacy, audit or inspect the npm package contents and maintain backups before installing.
功能分析
Type: OpenClaw Skill Name: soulprint Version: 1.0.25 The skill is classified as suspicious due to its reliance on external npm packages (`soulprint`, `soulprint-network`, `mcp-colombia-hub`) executed via `npx` commands, which introduces a supply chain risk if these packages are compromised. Additionally, the instructions in `SKILL.md` detail the handling of highly sensitive identity data (OCR, face recognition, biometric proof) and private keys for validator nodes, along with making external network calls to blockchain networks and a government registry, representing significant inherent risks even if for the stated purpose.
能力评估
Purpose & Capability
Name/description (decentralized identity, ZK proofs, validator node) align with the declared binaries (node, npx) and the npm install specification (installs a soulprint CLI). The SKILL.md documents running validator nodes, CLI verify commands, and middleware integration which are appropriate for an identity/validator tool. Minor inconsistency: the install spec lists package "soulprint" while the README shows using packages/commands like `soulprint-network` and `npx soulprint ...` (multiple package names referenced). This is explainable (CLI vs subpackages) but worth confirming the exact package(s) the installer will fetch.
Instruction Scope
The SKILL.md instructs running local OCR, face-matching, and ZK proof generation (e.g., `npx soulprint install-deps` and `npx soulprint verify-me`) — all of which are within the stated purpose but involve sensitive local data (document images, face images). The instructions also reference on-chain queries and an optional Registraduría validation endpoint. The doc does not instruct reading unrelated system files or exfiltrating data, but it does expect network access (blockchain, validator endpoints) and use of local biometric/document data; confirm the tool truly keeps sensitive inputs local and does not transmit them to third-party services.
Install Mechanism
Installation is via an npm package (install spec: node package 'soulprint'), which is expected for a Node CLI. npm installs run arbitrary package code, so this is a moderate-risk mechanism compared with instruction-only skills. No external arbitrary download URLs or archive extraction are specified. Verify the package name/version and publisher on the npm registry and inspect package contents if possible before installing.
Credentials
requires.env is empty in metadata, which is reasonable for a general CLI. However SKILL.md examples show sensitive environment variables (ADMIN_PRIVATE_KEY, ADMIN_TOKEN) for running a validator node — appropriate for the documented operation but not declared as required. This is not inherently incoherent (validator nodes legitimately need private keys), but users should not provide private keys unless they intend to run a validator and trust the package. Also confirm whether the tool will prompt for or read files (images, camera) and whether those remain local.
Persistence & Privilege
No elevated platform privileges are requested: always is false, user-invocable true, and there is no indication the skill modifies other skills or system-wide agent settings. The npm install will write files to disk (normal for a CLI) but does not claim to persistently alter agent configuration beyond installing a binary.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install soulprint
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /soulprint 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.25
v0.6.4: disable Registraduría scraping, use local ZK verification, integrated with [email protected]
v1.0.24
v0.6.1: SKILL.md actualizado — arquitectura blockchain-first, sin libp2p, 4 nodos Railway, solo Colombia soportada, contratos Base Sepolia correctos
v1.0.23
v0.6.0: removed libp2p — pure blockchain architecture. 10x simpler, 5x faster Docker build, same security. The blockchain IS the network.
v1.0.22
v0.5.0: 4 validator nodes on Railway, Registraduría cédula validation, all workspace:* deps fixed, most stable release
v1.0.20
v0.4.4: P2P state sync — cada nodo guarda copia completa del estado, anti-entropy loop cada 60s, merge protocol, persistent state en disco
v1.0.19
v0.4.3: on-chain bootstrap — nodo lee PeerRegistry y conecta peers automáticamente al arrancar. Fix selector getAllPeers() en website.
v1.0.18
v0.4.2: PeerRegistry on-chain — nodos se descubren entre sí vía contrato Base Sepolia. /network/peers endpoint. 5/5 E2E tests passing.
v1.0.17
v0.4.1: ProtocolThresholds on-chain (Base Sepolia 0xD8f78d65...) — mutable threshold governance via superAdmin; GET /protocol/thresholds endpoint; validator auto-loads from blockchain at startup with 10-min cache; 17/17 real flow tests on Base Sepolia; [email protected] on npm
v1.0.16
v0.4.0: P2P auto-bootstrap (SOULPRINT_BOOTSTRAP_HTTP), GET /network/stats total_peers, 6 verify bugs fixed (selfie orientation, Tesseract logger, face-match JSON parse, CLI min-sim default 0.35). All 359 tests passing.
v1.0.15
v0.3.9: MCPRegistry admin movido a Soulprint validator. Endpoints GET /mcps/verified, POST /admin/mcp/verify, /admin/mcp/revoke. El protocolo de confianza es quien verifica MCPs — no un MCP individual.
v1.0.14
v0.3.8: DPoP (Demonstrating Proof of Possession) — SPT robados ahora son inútiles sin la llave privada. 8 ataques bloqueados (replay, MITM, firma falsa, token theft). requireDPoP option en middlewares Express y MCP. 303/303 tests.
v1.0.13
v0.3.7: Challenge-Response peer integrity (blocks ZK bypass attacks), SPT auto-renew (tokens renew automatically before expiry), snarkjs critical bug fix. New endpoints: POST /challenge, POST /token/renew. 283/283 tests passing.
v1.0.12
v0.3.5: 245 tests E2E (5 suites). Fix 1 = Groth16 real, admin bloqueado. Fix 2 = Code integrity hash. 43 nuevos pen tests + verificación on-chain exhaustiva.
v1.0.11
v0.3.4: Fix1=Groth16 real (no más mock), Fix2=Code integrity hash. Admin bloqueado on-chain. GET /health con codeHash. 202 tests E2E.
v1.0.10
v0.3.3: GovernanceModule on-chain — 70% supermayoría + 48h timelock + veto 25%. 193 tests E2E + pen testing. [email protected]
v1.0.9
v0.3.2: 169 tests E2E + pen testing + blockchain backup (P2P primario → Base Sepolia async). Contratos live en Base Sepolia. /anchor/stats endpoint.
v1.0.8
v0.3.2: P2P primario + blockchain async backup — [email protected], BlockchainAnchor con retry queue, /anchor/stats endpoint
v1.0.7
v0.3.1: BFT P2P consensus sin blockchain — PROPOSE/VOTE/COMMIT, 32 nuevos tests E2E, [email protected], [email protected]
v1.0.6
- Protocol upgrade: Network protocol constants are now enforced with a P2P-level hash (`PROTOCOL_HASH`), isolating nodes with mismatched constants. - Added details on `PROTOCOL_HASH` enforcement for validator nodes, including rejection of peers with incompatible protocol hashes. - Protocol Constants section now highlights dual enforcement (runtime and P2P hash) with TypeScript code examples. - No functional changes to usage or API; documentation update only.
v1.0.5
soulprint 1.0.5 - Documentation updates in SKILL.md; no functional or code changes. - Content remains consistent; existing instructions, usage guides, and protocol descriptions are unchanged.
元数据
Slug soulprint
版本 1.0.25
许可证
累计安装 1
当前安装数 1
历史版本数 25
常见问题

Soulprint 是什么?

Soulprint decentralized identity verification for AI agents. v0.6.4 — blockchain-first architecture (no libp2p): state lives on Base Sepolia, 4 validator nod... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 740 次。

如何安装 Soulprint?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install soulprint」即可一键安装,无需额外配置。

Soulprint 是免费的吗?

是的,Soulprint 完全免费(开源免费),可自由下载、安装和使用。

Soulprint 支持哪些平台?

Soulprint 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Soulprint?

由 Manuel Felipe Arias(@manuelfelipearias)开发并维护,当前版本 v1.0.25。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论