← 返回 Skills 市场
holdcc

holdcc_eth

作者 Holdcc Ether · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
402
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install verified-agent-identity-3
功能描述
Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...
安全使用建议
Do not run the provided commands or npm install until you have the actual script files and have reviewed them. Specific checks to perform before installing or running anything: - Confirm the package includes the scripts/ directory and inspect every script (createNewEthereumIdentity.js, linkHumanToAgent.js, etc.) for network calls, where private keys are created/stored, and any external URLs or npm packages they fetch. - Verify how private keys are stored: are they encrypted, do they rely on a KMS, or are they written plaintext under $HOME/.openclaw/billions? If plaintext, treat as high risk. - Ask the publisher for required environment variables (RPC URL, provider, private key or KMS configuration) and for the exact smart contract addresses the scripts will interact with. - Avoid running npm install or executing node scripts from an untrusted source; run them in an isolated environment (VM/container) after review. - If you need this capability, request the upstream repository or signed release (e.g., GitHub repo with commit history and release artifacts) so you can audit the code. If the author cannot provide the scripts or clear provenance, do not install.
功能分析
Type: OpenClaw Skill Name: verified-agent-identity-3 Version: 1.0.0 The skill manages decentralized identities and sensitive private keys, storing them in $HOME/.openclaw/billions/kms.json. It is classified as suspicious because it explicitly documents that private keys are stored in plaintext by default unless a specific environment variable (BILLIONS_NETWORK_MASTER_KMS_KEY) is provided, which is a significant security vulnerability. While SKILL.md includes safety guardrails for the agent, the combination of high-privilege credential management and the requirement to execute scripts that handle these keys (e.g., signChallenge.js and linkHumanToAgent.js) without the underlying source code present for review poses a high risk.
能力标签
cryptorequires-walletrequires-sensitive-credentials
能力评估
Purpose & Capability
The skill's stated purpose (create/verify Billions ERC-8004 DIDs and attestations) would normally require on-chain interaction, an Ethereum/RPC endpoint, and either an existing private key or a way to sign transactions. The SKILL.md requests only the 'node' binary and optionally a KMS key; it lists no RPC URL, wallet/private-key environment variable, or network configuration. That mismatch suggests the declared requirements are incomplete or the skill expects external code/assets that are not provided.
Instruction Scope
The runtime instructions tell the agent to run commands in a scripts/ directory (npm install; node scripts/... ), create and store private keys and challenges under $HOME/.openclaw/billions, and interact with registries — but this skill package contains no scripts or code files. Instructions also prohibit manual cryptographic work and direct the agent not to touch stored files, which restricts remediation. Because the actual scripts are absent, following these instructions would fail or require fetching external code, which is not specified.
Install Mechanism
There is no install spec (instruction-only), which is low-risk by itself. However the SKILL.md explicitly tells users to run 'cd scripts && npm install', which would execute package installs from the network if scripts/package.json were present. Since no code files are included, the install instructions are inconsistent with the package contents and could lead to arbitrary network package installation if a user later obtains the missing scripts.
Credentials
The skill declares no required environment variables (only an optional BILLIONS_NETWORK_MASTER_KMS_KEY in metadata), yet its functionality implies needing sensitive items: a signing key or KMS, and an RPC/provider URL to interact with Ethereum-based registries. The SKILL.md also stores private keys and challenges in the user's home directory, which is sensitive. The absence of clear, justified credential requirements is disproportionate to the described on-chain operations.
Persistence & Privilege
The skill stores identity data under $HOME/.openclaw/billions, which is expected for an identity manager but means private keys and challenges may be persisted locally. always is false and the skill does not request broader system privileges. You should confirm how keys are encrypted at rest (KMS usage) before use.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install verified-agent-identity-3
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /verified-agent-identity-3 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Major update: skill scripts and documentation removed, leaving only the skill manifest and instructions. - All executable scripts and related files were removed, including agent identity, challenge, signature, and attestation management tools. - Usage instructions now only describe expected commands and flows, without providing the actual script files. - Security and critical guardrails remain documented as guidance, but enforcement now depends on external implementation. - Skill metadata updated to reflect new configuration options and dependencies.
v0.1.1
No changes detected in this release. - Version 0.1.1 has no file changes compared to the previous version. - Functionality, documentation, and usage remain the same.
v0.1.0
verified-agent-identity-3 v0.1.0 - Initial release with scripts for decentralized agent identity creation, authentication, and management using Billions/Iden3. - Supports linking agent DIDs to human owners, signing/verifying challenges, and managing verifiable credentials. - Includes strict security guardrails preventing manual cryptographic operations or unauthorized file access. - All sensitive identity data is stored under $HOME/.openclaw/billions for compatibility with OpenClaw.
元数据
Slug verified-agent-identity-3
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

holdcc_eth 是什么?

Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 402 次。

如何安装 holdcc_eth?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install verified-agent-identity-3」即可一键安装,无需额外配置。

holdcc_eth 是免费的吗?

是的,holdcc_eth 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

holdcc_eth 支持哪些平台?

holdcc_eth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 holdcc_eth?

由 Holdcc Ether(@holdcc)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论