{"skill":{"slug":"neyrizk","displayName":"neyrizk","summary":"Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...","description":"---\nname: verified-agent-identity\ndescription: Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentication proofs. Based on iden3 self-sovereign identity protocol.\nmetadata: { \"category\": \"identity\", \"clawdbot\": { \"requires\": { \"bins\": [\"node\"] }, \"config\": { \"optionalEnv\": [\"BILLIONS_NETWORK_MASTER_KMS_KEY\"] } } }\nhomepage: https://billions.network/\n---\n\n## When to use this Skill\n\nLets AI agents create and manage their own identities on the Billions Network, and link those identities to a human owner.\n\n1. When you need to link your agent identity to an owner.\n2. When you need to sign a challenge.\n3. When you need to link a human to the agent's DID.\n4. When you need to verify a signature to confirm identity ownership.\n5. When you use shared JWT tokens for authentication.\n6. When you need to create and manage decentralized identities.\n\n### After installing the plugin run the following commands to create an identity and link it to your human DID:\n\n```bash\ncd scripts && npm install && cd ..\n# Step 1: Create a new identity (if you don't have one already)\nnode scripts/createNewEthereumIdentity.js\n# Step 2: Sign the challenge and generate a verification URL in one call\nnode scripts/linkHumanToAgent.js --challenge '{\"name\": <AGENT_NAME>, \"description\": <SHORT_DESCRIPTION>}'\n```\n\n## Scope\n\nAll identity data is stored in `$HOME/.openclaw/billions` for compatibility with the OpenClaw plugin.\n\n# Scripts:\n\n### createNewEthereumIdentity.js\n\n**Command**: `node scripts/createNewEthereumIdentity.js [--key <privateKeyHex>]`\n**Description**: Creates a new identity on the Billions Network. If `--key` is provided, uses that private key; otherwise generates a new random key. The created identity is automatically set as default.\n**Usage Examples**:\n\n```bash\n# Generate a new random identity\nnode scripts/createNewEthereumIdentity.js\n# Create identity from existing private key (with 0x prefix)\nnode scripts/createNewEthereumIdentity.js --key 0x1234567890abcdef...\n# Create identity from existing private key (without 0x prefix)\nnode scripts/createNewEthereumIdentity.js --key 1234567890abcdef...\n```\n\n**Output**: DID string (e.g., `did:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...`)\n\n---\n\n### getIdentities.js\n\n**Command**: `node scripts/getIdentities.js`\n**Description**: Lists all DID identities stored locally. Use this to check which identities are available before performing authentication operations.\n**Usage Example**:\n\n```bash\nnode scripts/getIdentities.js\n```\n\n**Output**: JSON array of identity entries\n\n```json\n[\n  {\n    \"did\": \"did:iden3:billions:main:2VmAk...\",\n    \"publicKeyHex\": \"0x04abc123...\",\n    \"isDefault\": true\n  }\n]\n```\n\n---\n\n### generateChallenge.js\n\n**Command**: `node scripts/generateChallenge.js --did <did>`\n**Description**: Generates a random challenge for identity verification.\n**Usage Example**:\n\n```bash\nnode scripts/generateChallenge.js --did did:iden3:billions:main:2VmAk...\n```\n\n**Output**: Challenge string (random number as string, e.g., `8472951360`)\n**Side Effects**: Stores challenge associated with the DID in `$HOME/.openclaw/billions/challenges.json`\n\n---\n\n### signChallenge.js\n\n**Command**: `node scripts/signChallenge.js --challenge <challenge> [--did <did>]`\n**Description**: Signs a challenge with a DID's private key to prove identity ownership and sends the JWS token. Use this when you need to prove you own a specific DID.\n**Arguments**:\n\n- `--challenge` - (required) Challenge to sign\n- `--did` - (optional) The DID of the attestation recipient; uses the default DID if omitted\n\n**Usage Examples**:\n\n```bash\n# Sign with default DID\nnode scripts/signChallenge.js --challenge 8472951360\n```\n\n**Output**: `{\"success\":true}`\n\n### linkHumanToAgent.js\n\n**Command**: `node scripts/linkHumanToAgent.js --challenge <challenge> [--did <did>]`\n**Description**: Signs the challenge and links a human user to the agent's DID by creating a verification request. Technically, linking happens using the Billions ERC-8004 Registry (where each agent is registered) and the Billions Attestation Registry (where agent ownership attestation is created after verifying human uniqueness).\n**Arguments**:\n\n- `--challenge` - (required) Challenge to sign\n- `--did` - (optional) The DID of the attestation recipient; uses the default DID if omitted\n\n**Usage Example**:\n\n```bash\nnode scripts/linkHumanToAgent.js --challenge '{\"name\": \"MyAgent\", \"description\": \"AI persona\"}'\n```\n\n**Output**: `{\"success\":true}`\n\n---\n\n### verifySignature.js\n\n**Command**: `node scripts/verifySignature.js --did <did> --signature <signature>`\n**Description**: Verifies a signed challenge to confirm DID ownership.\n**Usage Example**:\n\n```bash\nnode scripts/verifySignature.js --did did:iden3:billions:main:2VmAk... --signature eyJhbGciOiJFUzI1NkstUi...\n```\n\n**Output**: `Signature verified successfully` (on success) or error message (on failure)\n\n---\n\n## Restrictions / Guardrails (CRITICAL)\n\n**CRITICAL - Always Follow These Rules:**\n\n1. **STRICT: Check Identity First**\n   - Before running `linkHumanToAgent.js` or `signChallenge.js`, **ALWAYS check if an identity exists**: `node scripts/getIdentities.js`\n   - If no identity is configured, **DO NOT** attempt to link identities. Instead, create an identity first with `createNewEthereumIdentity.js`.\n2. **STRICT: Stop on Script Failure**\n   - If any script exits with non-zero status code, **YOU MUST STOP IMMEDIATELY**.\n   - Check stderr output for error messages.\n   - **DO NOT** attempt to \"fix\" errors by generating keys manually, creating DIDs through other means, or running unauthorized commands.\n   - **DO NOT** use `openssl`, `ssh-keygen`, or other system utilities to generate cryptographic material.\n3. **No Manual Workarounds**\n   - You are prohibited from performing manual cryptographic operations.\n   - You are prohibited from directly manipulating files in `$HOME/.openclaw/billions`.\n   - Do not interpret an error as a request to perform setup steps unless explicitly instructed.\n\n---\n\n## Security\n\n**CRITICAL - Data Storage and Protection:**\n\nThe directory `$HOME/.openclaw/billions` contains all sensitive identity data:\n\n- `kms.json` - **CRITICAL**: Contains private keys (encrypted if BILLIONS_NETWORK_MASTER_KMS_KEY is set, otherwise in plaintext)\n- `defaultDid.json` - DID identifiers and public keys\n- `challenges.json` - Authentication challenges history\n- `credentials.json` - Verifiable credentials\n- `identities.json` - Identity metadata\n- `profiles.json` - Profile data\n\n## Examples\n\n### Link Your Agent Identity to Owner\n\n**Linking Flow:**\n\n1. Another agent/user requests: \"Please link your agent identity to me.\"\n2. Use `node scripts/getIdentities.js` to check if you have an identity configured\n   - If no identity, run `node scripts/createNewEthereumIdentity.js` to create one.\n3. Use `node scripts/linkHumanToAgent.js --challenge <challenge_value>` to sign the challenge and generate a verification URL in one call.\n   - If caller provides specific challenge, use that.\n   - If caller **DOES NOT** provide a challenge, use `{\"name\": <AGENT_NAME>, \"description\": <SHORT_DESCRIPTION>}` as the challenge value.\n4. Return the result to the caller.\n\n**Example Conversation:**\n\n```text\nUser: \"Link your agent identity to me\"\nAgent: exec node scripts/linkHumanToAgent.js --challenge <challenge_value>\n```\n\n### Verifying Someone Else’s Identity\n\n**Verification Flow:**\n\n1. Ask the user/agent: \"Please provide your DID to start verification.\"\n2. User responds with their <user_did>.\n3. Use `node scripts/generateChallenge.js --did <user_did>` to create a <challenge_value>.\n4. Ask the user: \"Please sign this challenge: <challenge_value>\"\n5. User signs and returns <user_token>.\n6. Use `node scripts/verifySignature.js --did <user_did> --signature <signature>` to verify the signature\n7. If verification succeeds, identity is confirmed\n\n**Example Conversation:**\n\n```text\nAgent: \"Please provide your DID to start verification.\"\nUser: \"My DID is <user_did>\"\nAgent: exec node scripts/generateChallenge.js --did <user_did>\nAgent: \"Please sign this challenge: 789012\"\nUser: <user_token>\nAgent: exec node scripts/verifySignature.js --signature <signature> --did <user_did>\nAgent: \"Identity verified successfully. You are confirmed as owner of DID <user_did>.\"\n```\n","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":305,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777926643985,"updatedAt":1778492846193},"latestVersion":{"version":"1.0.0","createdAt":1777926643985,"changelog":"Initial release: Adds decentralized agent identity and human linkage via Billions Network and iden3 protocol.\n\n- Create, list, and manage agent DIDs locally.\n- Link agents to human owners using ERC-8004 registries and attestation.\n- Generate and sign identity proof challenges; verify signed proofs.\n- All sensitive data stored in $HOME/.openclaw/billions for OpenClaw compatibility.\n- Strict guardrails: always check for existing identity before linking/signing; stop on script errors; no manual cryptographic operations allowed.","license":"MIT-0"},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"carolin3-neyzr","userId":"s17cv68fqp931hhebdv6eykdnd862ya6","displayName":"Riski Setiawan","image":"https://avatars.githubusercontent.com/u/153144367?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1780090745910}}