← 返回 Skills 市场
erasmus

Whoareyou

作者 Erasmus Hagen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
106
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install whoareyou
功能描述
Show your verified wayID identity card when a user asks who you are
安全使用建议
This skill appears to do what it says, but exercise caution before installing or enabling it: 1) Source provenance: there is no homepage or code to inspect — verify the publisher (owner ID) and trustworthiness of way.je before use. 2) Private key risk: the file you must read (~/.openclaw/identity/device.json) contains a privateKey field; ensure the agent implementation only extracts the publicKey, does not print/log the full file, and never transmits the privateKey. 3) Network calls: confirm the agent uses HTTPS with proper certificate validation and only calls way.je endpoints as documented. 4) Testing: run the skill in a controlled environment first (or with a test identity) to confirm it cannot exfiltrate secrets. 5) Safer alternatives: if possible, expose a minimal API or OS-level accessor that returns only the public key or a fingerprint instead of giving file access to a blob containing a private key. If you cannot verify the implementation or origin, do not install/enabled the skill.
功能分析
Type: OpenClaw Skill Name: whoareyou Version: 1.0.0 The skill requires the agent to read '~/.openclaw/identity/device.json', a file containing both public and private keys, and then perform external network requests to 'way.je'. While the instructions in 'SKILL.md' state that only the 'publicKey' is needed, the proximity of the 'privateKey' in the same file and the transmission of data to an external API represent a high-risk pattern for potential secret leakage or accidental exposure.
能力评估
Purpose & Capability
The skill's name and description ('show your verified wayID identity card') align with its instructions: read the agent's public key and query way.je to fetch an identity card. No unrelated environment variables or extra binaries are requested. However the skill has no source/homepage listed (unknown origin), which reduces trust in provenance.
Instruction Scope
The runtime instructions require reading ~/.openclaw/identity/device.json which indeed contains both publicKey and privateKey fields. The SKILL.md explicitly says only the publicKey is needed, but it does not provide strict safeguards or verification steps to ensure the privateKey is never read, logged, or transmitted. The skill also instructs contacting an external API (https://way.je); that is expected for the purpose, but any implementation bug could leak sensitive material. The instructions are otherwise scoped to the described task and forbid opening a browser.
Install Mechanism
This is instruction-only (no install spec, no code files). That reduces the attack surface because nothing is downloaded or written by the installer, but it also means there is no code to audit — you must trust the agent runtime to implement the instructions safely.
Credentials
No environment variables or credentials are requested, which is appropriate. However, requiring access to a config file that contains the agent's private key is sensitive. Even without explicit env/secret requests, reading ~/.openclaw/identity/device.json gives access to a privateKey field — the skill should make it explicit (and the runtime should enforce) that only the publicKey value is read and transmitted.
Persistence & Privilege
The skill is user-invocable and not always-on; it does not request persistent privileges or modification of other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other high-risk flags here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install whoareyou
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /whoareyou 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
whoareyou 1.0.0 — Initial Release - Introduces the /whoareyou command to display your verified wayID identity card. - Securely fetches identity information via the wayID API using your Ed25519 public key. - Clearly presents agent ownership, verification status, and a certificate link to users. - Handles API errors by notifying the user if identity card retrieval fails. - No data is fabricated; only official API responses are shown.
元数据
Slug whoareyou
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Whoareyou 是什么?

Show your verified wayID identity card when a user asks who you are. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 106 次。

如何安装 Whoareyou?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install whoareyou」即可一键安装,无需额外配置。

Whoareyou 是免费的吗?

是的,Whoareyou 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Whoareyou 支持哪些平台?

Whoareyou 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Whoareyou?

由 Erasmus Hagen(@erasmus)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论