← 返回 Skills 市场
Verified Agent Identity
作者
adamlucker21
· GitHub ↗
· v0.1.0
· MIT-0
276
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install verified-agent-identity-6
功能描述
Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...
安全使用建议
Do not run the advised commands or `npm install` until you can verify the actual script files and package.json. Specifically: (1) Ask the skill author or the registry for the complete code bundle (scripts and package.json) or a trusted published release (e.g., GitHub repo and commit/release tarball). (2) Inspect package.json and the referenced .js files for network endpoints, npm postinstall scripts, or any code that writes or exfiltrates keys. (3) If you must test, do so in an isolated sandbox/VM and back up any existing keys; prefer generating identity keys offline or in a hardware signer rather than allowing an unfamiliar script to create and store private keys. (4) If the author cannot provide the code or a verifiable source, avoid installing — the instruction-only manifest with an npm install step and missing scripts is a meaningful red flag.
功能分析
Type: OpenClaw Skill
Name: verified-agent-identity-6
Version: 0.1.0
The skill 'verified-agent-identity' manages decentralized identities and private keys, storing sensitive data like 'kms.json' and 'identities.json' in '$HOME/.openclaw/billions'. While the instructions in SKILL.md describe legitimate identity management flows for the Billions Network (https://billions.network/), the handling of private keys and the potential for plaintext storage are high-risk behaviors. No explicit evidence of malicious intent or exfiltration was found in the documentation, but the sensitive nature of the identity operations and the reliance on external Node.js scripts for cryptographic tasks warrant a suspicious classification.
能力评估
Purpose & Capability
The skill claims to provide scripts (createNewEthereumIdentity.js, linkHumanToAgent.js, etc.) to manage DIDs, which matches the stated purpose. However, the package contains no code files — only SKILL.md — so the claimed capabilities are not actually present in the bundle. Requiring the node binary is appropriate for the stated purpose, but the absence of the referenced scripts is a concrete incoherence.
Instruction Scope
The runtime instructions direct the agent (or user) to run `cd scripts && npm install && node scripts/...` and to create and store private keys under $HOME/.openclaw/billions. These actions involve creating and handling sensitive cryptographic material and performing network interactions (registry/attestation), and the docs forbid manual mitigation — but the actual script files are not included. The instructions also omit explicit network endpoints and do not show how tokens/attestations are transmitted, reducing transparency.
Install Mechanism
There is no formal install spec in the registry, yet the SKILL.md tells users to run `npm install` inside a scripts directory. Running `npm install` can execute arbitrary package scripts (postinstall, etc.), which is a high-risk operation unless you can inspect the package.json and node_modules. Because no code/package files are shipped with the skill manifest, it's unclear what would be installed or from where — this is disproportionate and risky.
Credentials
The skill does not request any environment variables or external credentials (which is appropriate). However, it generates and persists private keys and DID material under $HOME/.openclaw/billions, which is sensitive. The skill's lack of declared credentials is consistent, but the local storage of cryptographic keys is a security-sensitive behavior users should be aware of.
Persistence & Privilege
The skill persists identity material and challenges to $HOME/.openclaw/billions. It does not set always:true and does not request system-wide privileges, which is good, but persistent private key storage in the user's home directory increases the blast radius if the scripts are malicious or vulnerable.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install verified-agent-identity-6 - 安装完成后,直接呼叫该 Skill 的名称或使用
/verified-agent-identity-6触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of verified-agent-identity skill for Billions decentralized identity network.
- Allows agents to create and manage decentralized identities and link them to human owners using Billions ERC-8004 and Attestation registries.
- Provides scripts for DID key management, challenge generation/signing, and identity verification via the iden3 protocol.
- Implements security guardrails for identity checks, error handling, and storage protection.
- Stores all sensitive identity data in $HOME/.openclaw/billions for OpenClaw compatibility.
- Includes example flows for agent-human identity linking and signature-based verification.
元数据
常见问题
Verified Agent Identity 是什么?
Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 276 次。
如何安装 Verified Agent Identity?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install verified-agent-identity-6」即可一键安装,无需额外配置。
Verified Agent Identity 是免费的吗?
是的,Verified Agent Identity 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Verified Agent Identity 支持哪些平台?
Verified Agent Identity 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Verified Agent Identity?
由 adamlucker21(@adamlucker21)开发并维护,当前版本 v0.1.0。
推荐 Skills