Self zkID verification
v1.0.0Integrate Self (self.xyz) — a privacy-first identity protocol using zero-knowledge proofs to verify passports and ID cards. Use when the user mentions Self protocol, Self identity, self.xyz, passport verification, zero-knowledge identity verification, SelfAppBuilder, SelfBackendVerifier, SelfVerificationRoot, or wants to add privacy-preserving KYC, age verification, nationality checks, OFAC screening, or Sybil resistance using real-world identity documents. Covers frontend QR code integration, backend proof verification, and on-chain smart contract verification on Celo.
⭐ 0· 599·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Self zk identity, passport/ID verification, frontend QR + backend verification + Celo on-chain) align with the instructions and the npm packages (@selfxyz/qrcode, @selfxyz/core) that the SKILL.md tells you to install. Nothing requested (no extra env vars, no unrelated binaries) appears outside the stated purpose.
Instruction Scope
Runtime instructions are narrowly scoped to building a frontend QR, receiving proofs at an endpoint, verifying them server-side, and optionally wiring a Celo smart contract. They do not ask the agent to read unrelated files or secrets. The doc does recommend making your endpoint publicly accessible (ngrok for local dev) which is expected but carries normal exposure risks for test data.
Install Mechanism
This is an instruction-only skill that tells the developer to npm install @selfxyz/qrcode and @selfxyz/core. Using npm packages is a normal, moderate-risk install vector — verify the packages and their provenance on the npm registry / upstream repo before installing. There are no opaque download URLs or archive extracts in the install instructions.
Credentials
The skill declares no required environment variables, credentials, or config paths. The example code uses only parameters needed for verification (scope, endpoint, disclosures). No unrelated secrets or system access are requested.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide settings. It is user-invocable and allows normal autonomous invocation (platform default). This is expected and not excessive here.
Assessment
This skill appears to do what it says (frontend QR integration, backend proof verification, optional Celo contract wiring). Before installing or using it in production: 1) Verify the npm packages (@selfxyz/qrcode, @selfxyz/core) on the npm registry and confirm they come from the official Self organization and a real source repo (the skill has no homepage/source listed). 2) Double-check the provided on-chain addresses and network naming — the docs refer to 'Celo' but also use the name 'Sepolia' (an Ethereum testnet) which is inconsistent; confirm the correct Celo testnet (e.g., Alfajores) and Hub addresses with official Self docs. 3) Use ngrok only for local testing and avoid exposing production endpoints or real user proofs during development. 4) Review what attributes you request (name, idNumber, nationality, OFAC) — these are sensitive; request only the minimum disclosures required. 5) Confirm package version compatibility (SKILL.md references a beta version) and audit the packages' source code or repository before trusting them in production. If you want higher assurance, ask the publisher for a homepage/repo or for signed package sources; absence of that increases risk and is why confidence is medium rather than high.Like a lobster shell, security has layers — review code before you run it.
latestvk970ffd8qfq4sbvehvnfdkzh51810775
License
MIT-0
Free to use, modify, and redistribute. No attribution required.