首页龙虾技能列表 › Web3Dropper Verified Agent — Web3Dropper 验证智能体

Web3Dropper Verified Agent — Web3Dropper 验证智能体

v1.0.0

Web3Dropper 验证智能体工具。

1· 292·0 当前·0 累计
by @web3dropper (Web3Dropper)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/13
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
medium confidence
The skill's files, runtime instructions, and external network usage are consistent with a Billions/iden3 identity-management tool, but it stores private keys unencrypted in the user's home directory and publishes signed tokens to a relay endpoint — review and trust the external services before installing.
评估建议
This skill appears to do what it says (create/manage DIDs, sign/verify challenges and produce pairing links), but take these precautions before installing or running it: - Trust the remote services: the pairing flow constructs a callback URL that includes a signed JWS and points to attestation-relay.billions.network (and the code queries resolver.privado.id). If you don't trust those endpoints, do not use the pairing flow. - Protect private keys: the skill stores private keys unencrypted in $HO...
详细分析 ▾
用途与能力
Name/description (Billions/iden3 DID management) aligns with the included Node scripts and the declared runtime (node + openclaw). Required binaries and storage path ($HOME/.openclaw/billions) match the stated purpose.
指令范围
SKILL.md and scripts direct the agent/user to run npm install and several node scripts that create keys, sign challenges, build pairing URLs, and send messages via the openclaw CLI. These actions are within the identity/verification scope, but the pairing URL encodes signed JWS tokens (created locally) and the scripts will transmit those tokens to an external attestation-relay URL when the human follows the link.
安装机制
There is no automated installer; the README/SKILL.md instructs running npm install in the scripts directory. Dependencies are standard npm packages from public registries (listed in package.json/package-lock). No arbitrary archive downloads or obscure install URLs are used.
凭证需求
The skill requests no environment variables or external credentials. However, it persistently stores cryptographic private keys unencrypted in $HOME/.openclaw/billions/kms.json (explicit in code/README), which is a sensitive capability. The code also contacts several Billions/iden3 endpoints (rpc-mainnet.billions.network, attestation-relay.billions.network, resolver.privado.id) — the pairing flow will expose signed tokens to those services as part of the protocol.
持久化与权限
The skill does not request always:true and does not modify other skills or system-wide agent settings. It persists state under the user's home directory (intended for DID/key storage), which is appropriate for an identity manager but is a persistent, sensitive artifact.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/8

- Initial release of the verified-agent-identity skill for Billions/Iden3 identity management. - Agents can create decentralized identities, link those identities to human owners, and perform challenge/response for authentication. - Provides scripts to create identities, list DIDs, generate and sign challenges, verify signatures, and link human users to agent DIDs. - All identity data is securely stored in `$HOME/.openclaw/billions`; strict rules prohibit manual cryptographic operations or file manipulation. - Includes detailed instructions, usage examples, and strict guardrails for safe and compliant identity management.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install web3dropper-verified-agent
镜像加速npx clawhub@latest install web3dropper-verified-agent --registry https://cn.clawhub-mirror.com

技能文档

当...时 到 使用 Skill

Lets AI agents create and manage their own identities on the Billions Network, and link those identities to a human owner.

  • 当...时 您 需要 到 链接 agent identity 到 owner.
  • 当...时 您 需要 签名 challenge.
  • 当...时 您 需要 链接 human 到 agent's 做过.
  • 当...时 您 需要 到 验证 signature 到 confirm identity ownership.
  • 当...时 使用 shared JWT tokens 对于 authentication.
  • 当...时 您 需要 到 创建 和 manage decentralized identities.

之后 installing 插件 run following commands 到 创建 identity 和 链接 到 human 做过:

cd scripts && npm install && cd ..
# Step 1: Create a new identity (if you don't have one already)
node scripts/createNewEthereumIdentity.js
# Step 2: Sign the challenge and generate a verification URL in one call
node scripts/linkHumanToAgent.js --to  --challenge '{"name": , "description": }'

Scope

All identity data is stored in $HOME/.openclaw/billions for compatibility with the OpenClaw plugin.

# Scripts:

createNewEthereumIdentity.js

Command: 节点 scripts/createNewEthereumIdentity.js [--键 ] Description: Creates 新的 identity 在...上 Billions Network. 如果 --键 provided, uses 私有 键; 否则 generates 新的 random 键. created identity automatically 设置 作为 默认. Usage Examples:

# Generate a new random identity
node scripts/createNewEthereumIdentity.js
# Create identity from existing private key (with 0x prefix)
node scripts/createNewEthereumIdentity.js --key 0x1234567890abcdef...
# Create identity from existing private key (without 0x prefix)
node scripts/createNewEthereumIdentity.js --key 1234567890abcdef...

输出: 做过 字符串 (e.g., 做过:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...)

getIdentities.js

Command: 节点 scripts/getIdentities.js Description: Lists 所有 做过 identities stored locally. 使用 到 check 哪个 identities 可用 之前 performing authentication operations. Usage 示例:

node scripts/getIdentities.js

输出: JSON 数组 的 identity entries

[
  {
    "did": "did:iden3:billions:main:2VmAk...",
    "publicKeyHex": "0x04abc123...",
    "isDefault": true
  }
]

generateChallenge.js

Command: 节点 scripts/generateChallenge.js --做过 <做过> Description: Generates random challenge 对于 identity verification. Usage 示例:

node scripts/generateChallenge.js --did did:iden3:billions:main:2VmAk...

输出: Challenge 字符串 (random 数字 作为 字符串, e.g., 8472951360) Side Effects: Stores challenge associated 带有 做过 在...中 $HOME/.openclaw/billions/challenges.json

signChallenge.js

Command: 节点 scripts/signChallenge.js --到 --challenge [--做过 <做过>] Description: Signs challenge 带有 做过's 私有 键 到 prove identity ownership 和 sends JWS 令牌 作为 direct 消息 到 specified sender. 使用 当...时 您 需要 到 prove 您 own specific 做过. Arguments:

  • --到 - (必填) 消息 sender identifier, passed 作为 --targetopenclaw 消息 发送
  • --challenge - (必填) Challenge 到 签名
  • --做过 - (可选) 做过 的 attestation recipient; uses 默认 做过 如果 omitted

Usage Examples:

# Sign with default DID and send to sender
node scripts/signChallenge.js --to  --challenge 8472951360

输出: {"成功":真}

linkHumanToAgent.js

Command: 节点 scripts/linkHumanToAgent.js --到 --challenge [--做过 <做过>] Description: Signs challenge 和 links human 用户 到 agent's 做过 由 creating verification 请求. 响应 将 sent 作为 direct 消息 到 specified sender. Arguments:

  • --到 - (必填) 消息 sender identifier, passed 作为 --targetopenclaw 消息 发送
  • --challenge - (必填) Challenge 到 签名
  • --做过 - (可选) 做过 的 attestation recipient; uses 默认 做过 如果 omitted

Usage 示例:

node scripts/linkHumanToAgent.js --to  --challenge '{"name": "MyAgent", "description": "AI persona"}'

输出: {"成功":真}

verifySignature.js

Command: 节点 scripts/verifySignature.js --做过 <做过> --令牌 <令牌> Description: Verifies signed challenge 到 confirm 做过 ownership. Usage 示例:

node scripts/verifySignature.js --did did:iden3:billions:main:2VmAk... --token eyJhbGciOiJFUzI1NkstUi...

输出: Signature verified successfully (在...上 成功) 或 错误 消息 (在...上 failure)

Restrictions / Guardrails (CRITICAL)

CRITICAL - Always 关注 These Rules:

  • STRICT: Check Identity 第一个
- 之前 running linkHumanToAgent.jssignChallenge.js, ALWAYS check 如果 identity exists: 节点 scripts/getIdentities.js - 如果 否 identity configured, 做 不 attempt 到 链接 identities. 代替, 创建 identity 第一个 带有 createNewEthereumIdentity.js.
  • STRICT: 停止 在...上 Script Failure
- 如果 任何 script exits 带有 non-zero status code, 您 必须 停止 IMMEDIATELY. - Check stderr 输出 对于 错误 messages. - 做 不 attempt 到 "fix" errors 由 generating keys manually, creating DIDs 通过 其他 means, 或 running unauthorized commands. - 做 不 使用 openssl, ssh-keygen, 或 其他 system utilities 到 generate cryptographic material.
  • 否 Manual Workarounds
- 您 prohibited 从 performing manual cryptographic operations. - 您 prohibited 从 directly manipulating files 在...中 $HOME/.openclaw/billions. - 做 不 interpret 错误 作为 请求 到 perform setup steps unless explicitly instructed.

Security

CRITICAL - Data Storage 和 Protection:

The directory $HOME/.openclaw/billions contains all sensitive identity data:

  • kms.json - CRITICAL: Contains unencrypted 私有 keys
  • defaultDid.json - 做过 identifiers 和 公开 keys
  • challenges.json - Authentication challenges history
  • credentials.json - Verifiable credentials
  • identities.json - Identity metadata
  • profiles.json - 个人资料 data

Examples

链接 Agent Identity 到 Owner

Linking Flow:

  • 另一个 agent/用户 requests: "Please 链接 agent identity 到 me."
  • 使用 节点 scripts/getIdentities.js 到 check 如果 您 有 identity configured
- 如果 否 identity, run 节点 scripts/createNewEthereumIdentity.js 到 创建 one.
  • 使用 节点 scripts/linkHumanToAgent.js --到 --challenge 到 签名 challenge 和 generate verification URL 在...中 one call.
- --到 值 消息 sender ( caller's identifier). - 如果 caller provides specific challenge, 使用 . - 如果 caller 做 不 provide challenge, 使用 {"name": , "description": } 作为 challenge 值.
  • Return 结果 到 caller.

示例 Conversation:

User: "Link your agent identity to me"
Agent: exec node scripts/linkHumanToAgent.js --to  --challenge

Verifying someone 否则's Identity

Verification Flow:

  • Ask 用户/agent: "Please provide 做过 到 开始 verification."
  • 用户 responds 带有 .
  • 使用 节点 scripts/generateChallenge.js --做过 到 创建 .
  • Ask 用户: "Please 签名 challenge: "
  • 用户 signs 和 returns .
  • 使用 节点 scripts/verifySignature.js --做过 --令牌 到 验证 signature
  • 如果 verification succeeds, identity confirmed

示例 Conversation:

Agent: "Please provide your DID to start verification."
User: "My DID is "
Agent: exec node scripts/generateChallenge.js --did 
Agent: "Please sign this challenge: 789012"
User: 
Agent: exec node scripts/verifySignature.js --token  --did 
Agent: "Identity verified successfully. You are confirmed as owner of DID ."

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务