← 返回 Skills 市场
agungprabowo123

Verified Agent Identity

作者 Agung Prabowo · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
282
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install verified-agent-identity-5
功能描述
Billions/Iden3 authentication and identity management tools for agents. Link, proof, sign, and verify.
安全使用建议
What to consider before installing: - This package creates and stores private keys unencrypted in $HOME/.openclaw/billions/kms.json (and other identity files). If you install, expect long-lived plaintext key material on disk. Consider running in a sandbox, using an encrypted KMS, or adjusting file permissions (and verify permissions are actually enforced). - The skill will call external services (Billions RPC, attestation-relay, a DID resolver). The protocol embeds signed tokens into callback URLs; review those endpoints and privacy implications before using with production keys or real assets. - The repository expects Node >=20 and the openclaw CLI on PATH. The registry metadata omitted those required binaries — ensure you have the correct runtime installed and trust the openclaw binary before allowing it to send messages. - Installation requires running `npm install` (package-lock is provided). That pulls standard npm packages; consider auditing dependencies if you require high assurance. - The code validates inputs and uses execFileSync to call a fixed `openclaw message send` command; it applies tokenization and regex filtering to reduce shell-injection risk — but validation and sanitization are area to review if you expect untrusted input. - If you are not comfortable with plaintext key storage or with signing callbacks being sent to third-party relays, do not install or only use test identities in a controlled environment. If you want, I can list the exact files that write or read key material and suggest specific hardening changes (e.g., encrypt kms.json, set restrictive file modes, or switch to an OS-provided secure key store).
功能分析
Type: OpenClaw Skill Name: verified-agent-identity-5 Version: 0.1.0 The skill bundle provides a decentralized identity (DID) management toolkit for AI agents on the Billions Network using the Iden3 protocol. It facilitates creating identities, signing challenges, and linking agent DIDs to human owners. While it stores private keys unencrypted in '$HOME/.openclaw/billions/kms.json' (a significant security vulnerability), this behavior is explicitly documented in the README and SKILL.md as a known design choice. The implementation includes robust security controls, such as strict input sanitization using 'shell-quote' and regex validation in 'scripts/shared/utils.js' to prevent shell injection when calling the 'openclaw' CLI. No evidence of data exfiltration, malicious persistence, or deceptive prompt injection was found.
能力评估
Purpose & Capability
The name, description, and scripts all implement decentralized identity (DID) creation, signing, linking, and verification for the Billions/iden3 ecosystem — this is coherent. Minor inconsistency: SKILL.md metadata declares required binaries (node, openclaw) but the registry 'Requirements' section earlier lists none; the runtime instructions also require running `npm install` in scripts. Those missing declarations are an information gap but not by themselves malicious.
Instruction Scope
Runtime instructions are limited to creating/listing identities, generating/signing/verifying challenges, and sending messages via the `openclaw` CLI. The scripts read/write files under $HOME/.openclaw/billions and call remote endpoints (RPC, resolver, attestation relay). The SKILL.md includes strict guardrails forbidding manual manipulation of those files, yet the code itself persists unencrypted keys and identity data — this is expected for the skill but worth noting as sensitive scope.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the README/SKILL.md instructs `cd scripts && npm install`. The package.json and package-lock.json use mainstream npm packages (iden3, polygonid, ethers, etc.), not arbitrary downloads. Installing dependencies via npm is moderate risk (supply-chain exposure); there are no obfuscated external downloads or URL shorteners.
Credentials
The skill does not request environment variables or external credentials, which is appropriate. However, it persistently stores private keys (kms.json) in plaintext JSON under $HOME/.openclaw/billions by default. The code does not explicitly set file permission mode; the README claims 'owner-readable only' but that is not enforced in code. The code also embeds and uses several external endpoints (rpc-mainnet.billions.network, attestation-relay.billions.network, wallet.billions.network, resolver.privado.id) and constructs callback URLs that include signed tokens — all expected for the protocol but they expose signed data to third parties. These practices are sensitive and deserve scrutiny relative to the stated purpose.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It persists cryptographic material and identity state under $HOME/.openclaw/billions and will keep a KMS and stored DIDs across runs; this is normal for an identity tool but increases the impact if the machine or skill is compromised.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install verified-agent-identity-5
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /verified-agent-identity-5 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
verified-agent-identity v0.1.0 - Initial release with support for Billions/Iden3 agent authentication and identity management. - Provides scripts to create, list, and link decentralized identities, sign and verify challenges, and manage identity data. - Enforces strict guardrails for identity handling and cryptographic key management. - Stores all identity data in $HOME/.openclaw/billions for OpenClaw compatibility. - Includes detailed usage instructions and security guidelines for all operations.
元数据
Slug verified-agent-identity-5
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Verified Agent Identity 是什么?

Billions/Iden3 authentication and identity management tools for agents. Link, proof, sign, and verify. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 282 次。

如何安装 Verified Agent Identity?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install verified-agent-identity-5」即可一键安装,无需额外配置。

Verified Agent Identity 是免费的吗?

是的,Verified Agent Identity 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Verified Agent Identity 支持哪些平台?

Verified Agent Identity 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Verified Agent Identity?

由 Agung Prabowo(@agungprabowo123)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论