Identity Trust

Name: Identity Trust
Author: Justin Liu

Justin Liu

Identity Trust

v1.0.0

Decentralized Identity (DID) and Verifiable Credentials management for AI Agents

0· 225·0 当前·0 累计

by @zhenstaff (Justin Liu)·MIT-0

下载技能包

License

MIT-0

最后更新

2026/3/8

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

The skill's stated DID/VC functionality is coherent, but the package advertises concrete CLI/programmatic tools while providing no code or install spec in the registry — it instructs the user/agent to install a third‑party npm/GitHub package and to store private keys on disk, which is sensible for the purpose but introduces installation and local key handling risks that aren't represented in the registry metadata.

评估建议

This skill describes a legitimate DID/Verifiable Credentials toolset, but the registry package contains only instructions — the actual implementation is an external npm/GitHub package (openclaw-identity-trust). Before installing or letting an agent run these commands: 1) Inspect the npm package and the GitHub repository (owner, recent commits, open issues, README, license) to ensure you trust the author. 2) Review the package code (especially code that writes keys.json/keys handling and any netw...

详细分析 ▾

ℹ 用途与能力

The name and description match the SKILL.md content (DID and Verifiable Credentials). However the SKILL.md advertises 6 runnable tools and a Node.js library while the registry contains no code or install spec — meaning the skill as published is instruction-only and relies on an external npm/GitHub package (openclaw-identity-trust) to provide the actual functionality. That mismatch is an incoherence (not necessarily malicious) the user should understand.

⚠ 指令范围

The instructions explicitly tell users/agents to install and run an external npm package or clone a GitHub repo, resolve DIDs potentially over the network (did:web), and read/write cryptographic material to ~/.openclaw/identity/ (dids.json, credentials.json, keys.json). Those file path operations and optional network calls are relevant to DID/VC tasks but are sensitive: private keys will be written to disk and network resolution may contact external endpoints. The SKILL.md also contains AUTO-TRIGGER rules for agent invocation — fine, but the runtime actions implied (installing and executing third-party code, file I/O, network access) are not captured in registry requirements.

⚠ 安装机制

The registry exposes no install spec, but SKILL.md recommends installing via npm (-g) or cloning a GitHub repo. Installing an npm package or code from GitHub runs third-party code on the user's machine and can execute arbitrary actions. While npm and GitHub are common sources, the registry's lack of bundled code or an explicit verified install spec means the skill depends on an external package that should be audited before installation.

ℹ 凭证需求

The skill declares no required environment variables, which matches the registry. SKILL.md mentions optional env vars (OPENCLAW_IDENTITY_PATH, OPENCLAW_IDENTITY_NETWORK_ENABLED) appropriate for customizing storage and network behavior. The main sensitivity is local private key storage (keys.json). No unrelated credentials are requested in metadata, which is proportionate, but storing private keys locally is inherently high-value and should be handled carefully.

✓ 持久化与权限

always is false and there are no declared persistent privileges. The skill does instruct storing data under ~/.openclaw/identity/ but does not claim to modify other skills or system-wide configs. Autonomous invocation is allowed by default — combine that with other flags (if you plan to allow the agent to run installation commands) and consider restricting execution if you don't trust the external package.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/8

Initial release

● 无害

安装命令点击复制

官方npx clawhub@latest install identity-trust

镜像加速npx clawhub@latest install identity-trust --registry https://cn.clawhub-mirror.com

技能文档

Decentralized Identity (DID) and Verifiable Credentials management system for AI Agents, built on W3C DID Core and W3C Verifiable Credentials standards.

📋 Overview

Identity Trust provides a complete solution for decentralized identity management, enabling AI agents to:

Create and manage Decentralized Identifiers (DIDs)
Issue and verify W3C-compliant Verifiable Credentials
Establish trust relationships between agents
Manage cryptographic keys securely
Store identity data locally with privacy

📦 Installation

Step 1: Install the Package

Option A: Via npm (Recommended)

# Install globally for CLI access npm install -g openclaw-identity-trust

# Verify installation identity-trust --version

Option B: From GitHub

# Clone repository git clone https://github.com/ZhenRobotics/openclaw-identity-trust.git cd openclaw-identity-trust # Install dependencies npm install

# Build npm run build

Step 2: Verify Installation

# Check CLI is working identity-trust info

# Create your first DID identity-trust did create

🚀 Usage

When to Use This Skill

AUTO-TRIGGER when user's message contains:

Keywords: DID, verifiable credential, identity, trust, decentralized identity
Asks about creating or managing digital identities
Needs to verify credentials or establish trust
Wants to implement W3C DID/VC standards
Building agent authentication systems

TRIGGER EXAMPLES:

"Create a DID for my AI agent"
"Issue a verifiable credential"
"How do I verify this credential?"
"Set up decentralized identity for authentication"
"Evaluate trust level of this agent"

DO NOT USE when:

Only general identity/password management (use password managers)
OAuth/SAML authentication (use standard auth libraries)
Simple user accounts (use traditional databases)

🎯 Core Features

1. DID Management

did:key - Self-contained, no registry needed
did:web - Web-hosted DIDs for public verification
did:ethr - Ethereum-based DIDs (basic support)

2. Verifiable Credentials

W3C VC Data Model 1.1 compliant
Ed25519 and secp256k1 signatures
Expiration date management
Custom claims support

3. Trust Evaluation

Policy-based trust scoring
Credential verification
Issuer trust chains
Reputation systems

4. Security

Ed25519 modern cryptography (default)
secp256k1 Ethereum-compatible signatures
Local key storage at ~/.openclaw/identity/
No external key dependencies

💻 Tools

This skill provides 6 core tools for AI agents:

1. `did_create` - Create Decentralized Identifiers

Create a new DID for an agent or entity.

Parameters:

method (string, optional): DID method - key, web, or ethr (default: key)
keyType (string, optional): Cryptographic key type - Ed25519 or secp256k1 (default: Ed25519)
save (boolean, optional): Save to local storage (default: true)

Returns:

did (string): The generated DID identifier
document (object): Complete DID Document

Example:

identity-trust did create --method key --key-type Ed25519

2. `did_resolve` - Resolve DIDs to Documents

Resolve a DID to its DID Document.

Parameters:

did (string, required): DID to resolve (e.g., did:key:z6Mkf...)

Returns:

document (object): DID Document with verification methods

Example:

identity-trust did resolve did:key:z6MkfzZZD5gxQ...

3. `vc_issue` - Issue Verifiable Credentials

Issue a W3C-compliant verifiable credential.

Parameters:

issuerDid (string, required): Issuer's DID
subjectDid (string, required): Subject's DID
claims (object, required): Claims to include in credential
type (string, optional): Credential type (default: VerifiableCredential)
expirationDays (number, optional): Expiration in days

Returns:

credential (object): Signed verifiable credential

Example:

identity-trust vc issue \
  --issuer did:key:z6Mkf... \
  --subject did:key:z6Mkp... \
  --claims '{"role":"developer","level":"senior"}' \
  --expiration 90

4. `vc_verify` - Verify Credentials

Verify the authenticity and validity of a verifiable credential.

Parameters:

credential (object, required): Credential to verify
checkExpiration (boolean, optional): Check expiration date (default: true)

Returns:

verified (boolean): Whether credential is valid
checks (object): Detailed verification results

Example:

identity-trust vc verify

5. `identity_list` - List Identities

List all stored DIDs and credentials.

Parameters: None

Returns:

dids (array): List of stored DIDs
credentials (array): List of stored credentials

Example:

identity-trust did list
identity-trust vc list

6. `trust_evaluate` - Evaluate Agent Trust

Evaluate the trust level of an agent based on their credentials and policy.

Parameters:

agentDid (string, required): Agent DID to evaluate
policy (object, optional): Trust policy configuration

Returns:

trustLevel (number): Trust score (0-100)
credentials (array): Credentials used for evaluation
passed (boolean): Whether agent meets policy requirements

Example:

# Programmatic usage
import { evaluateTrust } from 'openclaw-identity-trust';const result = await evaluateTrust('did:key:z6Mkf...', {
  minimumTrustLevel: 60,
  requiredCredentials: ['IdentityCredential'],
  trustedIssuers: ['did:key:authority...']
});

📚 CLI Commands

Three command aliases available:

openclaw-identity-trust
identity-trust
idt

DID Commands

# Create a new DID
identity-trust did create [--method ] [--key-type ]
# Resolve a DID
identity-trust did resolve # List all DIDs
identity-trust did list

Verifiable Credential Commands

# Issue a credential
identity-trust vc issue \
  --issuer  \
  --subject  \
  --claims '' \
  [--type ] \
  [--expiration ]
# Verify a credential
identity-trust vc verify # List credentials
identity-trust vc list [--subject ]

Utility Commands

# Export all data identity-trust export

# Show system information identity-trust info

🔧 Programmatic API

Use as a Node.js library in your applications:

import {
  generateDID,
  resolveDID,
  issueCredential,
  verifyCredential,
  LocalStorage
} from 'openclaw-identity-trust';
// Initialize storage
const storage = new LocalStorage();
await storage.initialize();
// Create a DID
const { did, document, keyPair } = await generateDID('key', {
  keyType: 'Ed25519'
});
console.log('Created DID:', did);
// Issue a credential
const credential = await issueCredential({
  issuerDid: 'did:key:issuer...',
  issuerKeyPair: keyPair,
  subjectDid: did,
  claims: {
    role: 'ai-agent',
    capabilities: ['read', 'write', 'execute']
  },
  expirationDate: new Date(Date.now() + 90  24  60  60  1000)
});
// Verify credential
const result = await verifyCredential(credential, {
  checkExpiration: true,
  localStore: storage.getDIDStore()
});console.log('Verified:', result.verified);

🎓 Use Cases

1. AI Agent Identity

Create persistent identities for AI agents:

# Create agent DID identity-trust did create --method key

# Issue capability credential identity-trust vc issue \ --issuer did:key:authority... \ --subject did:key:agent... \ --claims '{"agent":"GPT-Agent-001","capabilities":["api_access","data_read"]}'

2. Service Authentication

Authenticate agents accessing services:

const credential = await storage.getCredential(credentialId);
const result = await verifyCredential(credential);if (result.verified) {
  // Grant access to service
  console.log('Access granted');
} else {
  console.log('Access denied:', result.error);
}

3. Trust Networks

Build trust relationships between agents:

const trust = await evaluateTrust(agentDid, {
  minimumTrustLevel: 60,
  requiredCredentials: ['IdentityCredential', 'CapabilityCredential'],
  trustedIssuers: [authorityDid],
  allowExpired: false
});if (trust.passed) {
  console.log(Agent trusted with level: ${trust.trustLevel}%);
}

📐 Technical Standards

This implementation follows:

W3C DID Core 1.0 - Decentralized Identifiers specification
W3C Verifiable Credentials Data Model 1.1 - Verifiable credentials standard
Ed25519 Signature 2020 - Modern cryptographic signatures
Multibase Encoding - Base58btc encoding for did:key

🔒 Security

Cryptography

Ed25519 - Modern elliptic curve signatures (default)
secp256k1 - Ethereum-compatible signatures
@noble/curves - Audited cryptography library
@noble/hashes - Secure hashing

Key Storage

Private keys stored locally at ~/.openclaw/identity/
No cloud storage or external dependencies
User controls all cryptographic material

Best Practices

Never share private keys
Always set expiration dates on credentials
Verify credentials before trusting
Use strong trust policies for critical operations
Rotate keys periodically

🛠️ Configuration

Storage Location

Default: ~/.openclaw/identity/

Structure:

~/.openclaw/identity/
├── dids.json          # Stored DID documents
├── credentials.json   # Issued/received credentials
└── keys.json          # Encrypted private keys

Environment Variables

# Optional: Custom storage path
OPENCLAW_IDENTITY_PATH=/custom/path# For did:web resolution (if using network)
OPENCLAW_IDENTITY_NETWORK_ENABLED=true

📊 Comparison with Alternatives

Feature	Identity Trust	Traditional Auth	OAuth/SAML
Decentralized	✅	❌	❌
Self-sovereign	✅	❌	❌
W3C Standards	✅	❌	❌
No Central Authority	✅	❌	❌
Cryptographic Proofs	✅	🟡	🟡
Agent-to-Agent	✅	❌	🟡
Offline Verification	✅	❌	❌

🐛 Troubleshooting

Common Issues

Problem: Error: Private key not found

# Solution: Ensure DID was saved when created
identity-trust did create --save

Problem: Error: Failed to resolve DID

# Solution: Check DID format and network settings
identity-trust did resolve did:key:z6Mkf...

Problem: Error: Signature verification failed

# Solution: Check issuer DID and credential integrity
identity-trust vc verify --no-expiration

📖 Documentation

Full Documentation: README.md
Quick Start Guide: QUICKSTART.md
API Reference: src/types.ts
GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
npm Package: https://www.npmjs.com/package/openclaw-identity-trust

🔄 Updates & Changelog

v1.0.0 (2026-03-08)

Initial release with:

DID generation and resolution (did:key, did:web, did:ethr)
Verifiable Credential issuance and verification
Trust evaluation system
CLI tool with 3 command aliases
Programmatic API
Local storage with encryption
W3C standards compliance

🤝 Contributing

Contributions welcome! Please:

Fork the repository
Create a feature branch
Make your changes
Submit a pull request

📄 License

MIT License - see LICENSE

🔗 Links

GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
npm: https://www.npmjs.com/package/openclaw-identity-trust
ClawHub: https://clawhub.ai/ZhenStaff/identity-trust
Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues

💬 Support

Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues
Discussions: https://github.com/ZhenRobotics/openclaw-identity-trust/discussions
Email: support@zhenrobot.com

Built with ❤️ for the OpenClaw ecosystem

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

📋 Overview

📦 Installation

Step 1: Install the Package

Step 2: Verify Installation

🚀 Usage

When to Use This Skill

🎯 Core Features

1. DID Management

2. Verifiable Credentials

3. Trust Evaluation

4. Security

💻 Tools

1. did_create - Create Decentralized Identifiers

2. did_resolve - Resolve DIDs to Documents

3. vc_issue - Issue Verifiable Credentials

4. vc_verify - Verify Credentials

5. identity_list - List Identities

6. trust_evaluate - Evaluate Agent Trust

📚 CLI Commands

DID Commands

Verifiable Credential Commands

Utility Commands

🔧 Programmatic API

🎓 Use Cases

1. AI Agent Identity

2. Service Authentication

3. Trust Networks

📐 Technical Standards

🔒 Security

Cryptography

Key Storage

Best Practices

🛠️ Configuration

Storage Location

Environment Variables

📊 Comparison with Alternatives

🐛 Troubleshooting

Common Issues

📖 Documentation

🔄 Updates & Changelog

v1.0.0 (2026-03-08)

🤝 Contributing

📄 License

🔗 Links

💬 Support

安装命令点击复制

1. `did_create` - Create Decentralized Identifiers

2. `did_resolve` - Resolve DIDs to Documents

3. `vc_issue` - Issue Verifiable Credentials

4. `vc_verify` - Verify Credentials

5. `identity_list` - List Identities

6. `trust_evaluate` - Evaluate Agent Trust