← 返回 Skills 市场
649
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install sovereign-id
功能描述
Manages decentralized identities, generates pairwise DIDs for B2C, signs mandates for B2B, and provides selective disclosure proofs without revealing private...
安全使用建议
What to check before installing or running this skill:
- Metadata mismatch: The registry metadata claims no required env vars, but skill.json/README and the scripts require CLAW_PASSWORD and expect AGENT_DID / AGENT_ENCRYPTED_KEY. Treat the skill as requiring a secret password and local encrypted key storage until the author clarifies this.
- Inspect .env.agent and file permissions: onboarding writes an encrypted private key to .env.agent in the repo root. Ensure this file is truly gitignored, has restrictive filesystem permissions, and that you are comfortable storing the encrypted key locally.
- Verify guardrail enforcement: SKILL.md promises identity_check and strict guardrails. Those appear as a standalone guardrail.ts script but are not wired into a runtime enforcement layer. Do not assume the skill will automatically run these checks for every outgoing call; the behavior depends on how the agent host integrates the scripts.
- Run tests offline in a sandbox: Run the e2e/test scripts locally in an isolated environment (no network) to confirm behavior, and verify the CLI scripts only perform local crypto and file writes.
- Confirm no network exfiltration: The codebase contains no explicit network calls, but verify you trust the repository owner and review package.json/respository pointers. If you cannot review the code, avoid providing CLAW_PASSWORD or running scripts on production systems.
- Ask the author to fix documentation gaps: Require the skill author to update registry metadata to list CLAW_PASSWORD and document AGENT_* env usage, and to either implement identity_check as a callable automatic guard or document how the agent host must call guardrail.ts before external interactions.
If you need to use this skill but are not comfortable auditing code, prefer running it in a tightly sandboxed environment and only after confirming the file outputs and behavior match your expectations.
功能分析
Type: OpenClaw Skill
Name: sovereign-id
Version: 0.1.1
The OpenClaw Sovereign Identity skill is designed for secure self-sovereign identity management, including DID generation, mandate signing, and selective disclosure. It implements robust security measures: private keys are encrypted locally using AES-256-GCM with a `CLAW_PASSWORD` and stored in a git-ignored `.env.agent` file (`onboard.ts`, `sign_proof.ts`). Crucially, both `SKILL.md` and `AGENT.md` explicitly instruct the AI agent to 'TERMINATE' sessions if private keys or passwords are requested, a defense reinforced by `guardrail.ts` which strictly filters inputs for sensitive keywords like 'private key' or 'secret'. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. All operations are local and cryptographic, aligning with the stated purpose of secure identity management.
能力评估
Purpose & Capability
The code implements DID generation, mandate signing, and SD-JWT creation/verification which matches the description. However the registry metadata at the top of the submission lists no required environment variables while skill.json and README explicitly require CLAW_PASSWORD and the runtime scripts expect AGENT_ENCRYPTED_KEY and AGENT_DID. That metadata mismatch is unexplained and reduces trust in the published manifest.
Instruction Scope
SKILL.md requires an identity_check(...) to run before any external API calls and lists helper functions (generate_did, sign_mandate, present_sd_jwt). There is no implementation named identity_check among the code files; the guardrail exists as a standalone script but is not wired into the other scripts or the SKILL.md 'brain'. The documentation implies the agent will automatically run these protections before contacting external parties, but the codebase provides only CLI scripts — there is no clear runtime integration that guarantees these checks are enforced.
Install Mechanism
No install spec (instruction-only / script-based). Dependencies are standard npm packages listed in package.json; there are no downloads from arbitrary URLs or extract/install steps. This is lower-risk from an install-source perspective.
Credentials
Scripts require CLAW_PASSWORD and rely on a local .env.agent containing AGENT_DID and AGENT_ENCRYPTED_KEY. The top-level registry metadata in the submission declared no required env vars (contradicting skill.json and README). The skill reads sensitive material (encrypted private key) and requires a password to decrypt it; those are reasonable for a local identity skill, but the mismatch between declared and actual required env variables and the presence of additional env variables (AGENT_ENCRYPTED_KEY, AGENT_DID) that are not documented in the registry metadata is an incoherence that should be resolved before trusting the skill.
Persistence & Privilege
The skill writes local files (.env.agent, signed_mandate.json, public_jwk.json, .jti_ledger.json) in its script directories and the repository root. It does not request always:true or modify other skills. Persisting an encrypted key locally and creating ledgers is consistent with identity tooling, but users should be aware these files are created and control their filesystem permissions and gitignore status.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sovereign-id - 安装完成后,直接呼叫该 Skill 的名称或使用
/sovereign-id触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
- Migrated scripts and documentation to a new directory structure under `.agent/skills/identity-sovereign/`
- Added project metadata and configuration files: `AGENT.md`, `CONTRIBUTING.md`, `README.md`, `package.json`, `skill.json`, `tsconfig.json`
- Removed old scripts from the root `scripts/` directory
- No changes to SKILL.md content
v0.1.0
- Initial release of the Sovereign Identity Skill.
- Enables the agent to manage its own Decentralized Identifiers (DIDs) and generate cryptographic proofs for trust in B2B and B2C interactions.
- Implements guidelines for privacy, selective disclosure, and unique identity management per interaction.
- Includes a decision matrix to choose the correct identity persona and protocol based on context (Financial, Public/Browsing, Personal).
- Provides helper tools for DID creation, authorization signing, and secure selective disclosure.
- Establishes strict security guardrails for private key protection, user consent, and data minimization.
元数据
常见问题
Sovereign Identity 是什么?
Manages decentralized identities, generates pairwise DIDs for B2C, signs mandates for B2B, and provides selective disclosure proofs without revealing private... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 649 次。
如何安装 Sovereign Identity?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sovereign-id」即可一键安装,无需额外配置。
Sovereign Identity 是免费的吗?
是的,Sovereign Identity 完全免费(开源免费),可自由下载、安装和使用。
Sovereign Identity 支持哪些平台?
Sovereign Identity 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sovereign Identity?
由 TamTunnel(@tamtunnel)开发并维护,当前版本 v0.1.1。
推荐 Skills