ClawHub

Humanos - Programmable Human Authorization for Agent Actions

v1.0.1

Require verifiable human approval before high-risk agent actions.

1· 394·0 current·0 all-time
byHumanos@lagosrui

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lagosrui/humanos-openclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Humanos - Programmable Human Authorization for Agent Actions" (lagosrui/humanos-openclaw) from ClawHub.
Skill page: https://clawhub.ai/lagosrui/humanos-openclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: VIA_API_KEY, VIA_SIGNATURE_SECRET
Required binaries: curl, jq, openssl, node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install humanos-openclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install humanos-openclaw
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactionsRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual requirements: VIA_API_KEY and VIA_SIGNATURE_SECRET are the expected credentials for the VIA/Humanos API, and required binaries (curl, jq, openssl, node) are used by the included scripts and optional Node hook.
Instruction Scope
SKILL.md and scripts focus on creating/verifying approval requests and mandate VCs via humanos API. The included guard hook intercepts 'tool.pre' events and can block any matching tool invocation — this is powerful but consistent with the stated goal of enforcing human approval before high-risk operations.
Install Mechanism
No remote download/install is performed by the skill metadata; files are provided in the skill bundle and setup is local (symlink into ~/.openclaw and an optional hook install). No external, untrusted URLs or archive extracts are used by an automated installer.
Credentials
Only VIA_API_KEY and VIA_SIGNATURE_SECRET are required (VIA_API_URL optional). These are proportionate to contacting and signing requests for the VIA/Humanos service; no unrelated credentials are requested.
Persistence & Privilege
always:false and normal autonomous invocation settings. The optional guard hook, if installed/enabled in OpenClaw, gains broad visibility of tool calls and can block execution — users should be aware they are granting the hook global 'tool.pre' enforcement capability within OpenClaw.
Assessment
This skill is internally consistent with its stated purpose, but review and deliberate before enabling the guard hook. Practical steps: (1) Verify you obtain the API key and signature secret only from the official Humanos dashboard (https://app.humanos.id) and store them securely (do not paste them publicly). (2) Inspect scripts/sign-request.sh and hooks/humanos-guard/handler.ts (already included) so you understand how HMAC signing and mandate checks work. (3) Be aware that enabling the humanos-guard hook gives it the ability to inspect and block agent tool calls across your OpenClaw environment — enable it only if you trust the skill and want global enforcement. (4) Confirm the API base URL (VIA_API_URL) is set to the official host if you are cautious about network endpoints. (5) Limit the VIA API key's permissions if the service supports scoped keys and rotate the key if compromised. If you want additional assurance, run the provided test suite with non-production credentials and/or audit network traffic to ensure requests go only to the expected API endpoints.
hooks/humanos-guard/handler.ts:46
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

shield Clawdis
OSmacOS · Linux
Binscurl, jq, openssl, node
EnvVIA_API_KEY, VIA_SIGNATURE_SECRET
Primary envVIA_API_KEY
latestvk97caw61zmafj7vavs9ypb9hj984r6et
394downloads
1stars
3versions
Updated 2w ago
v1.0.1
MIT-0
macOS, Linux
Humanos@lagosrui
latest
Download

Humanos - Programmable Human Authorization for Agent Actions

AI agents can execute actions. Humanos lets them prove human authorization before they do.

Require a mandate signature before high-risk execution.

What It Does

  • Collect human approval before sensitive agent actions
  • Issue machine-verifiable mandate signatures
  • Support scoped delegation (amount, duration, action type)
  • Enable revocation of previously granted authority

Humanos provides the authorization proof. Your runtime decides whether to execute.

When To Use It

Use Humanos when your agent can:

  • Move money or sign transactions
  • Initiate payouts, refunds, or batch payments
  • Modify or delete user data
  • Export or share sensitive data
  • Change account permissions or roles
  • Rotate API keys or security credentials
  • Update billing details or subscription plans
  • Execute contracts or legal agreements
  • Accept updated terms on behalf of a user
  • Grant third-party access to data
  • Release funds from escrow
  • Increase transaction or withdrawal limits
  • File claims, applications, or regulatory forms
  • Approve loan or credit changes
  • Post or publish under a user's identity
  • Control IoT or physical access devices
  • Act on behalf of a user
  • Delegate authority to another agent

If the action affects money, data, identity, ownership, or legal position, require a mandate signature.

How It Works

  1. Agent prepares a structured action
  2. Agent calls requestMandate(action, constraints)
  3. Human approves via SMS, email, wallet, API, or any programmable channel
  4. Humanos returns a signed mandate signature
  5. Agent verifies with verifyMandate(signature)
  6. Agent decides whether to execute

No valid mandate signature -> execution should not proceed.

Core API

requestMandate(action, constraints) -> mandate_signature verifyMandate(mandate_signature) -> true / false revokeMandate(mandate_signature)

Simple. Programmable. Deterministic.

VIA Humanos - Operational Instructions for Agents

Use this skill whenever the agent is about to do something that requires a human to say "yes" first. It sends a secure approval request to the right person - they receive a link, review the details, and approve or reject. The result comes back as a W3C Verifiable Credential with cryptographic proof that the action was authorized.

The agent should NEVER proceed with a sensitive action (payment, signing, data access, transfer) without first using this skill to get authorization.

When to use this skill

Use this skill when the user says things like:

  • "I need approval from [someone] before doing [something]"
  • "Get authorization from my manager for this payment"
  • "Send this contract/document to [someone] for signing"
  • "Check if [someone] approved the request"
  • "Has the mandate been approved or rejected?"
  • "Verify this person's identity before proceeding"
  • "Get consent from the user for data processing"
  • "Cancel the pending approval request"
  • "Look up user [email/phone/DID]"
  • "Is this mandate still valid?"

Also use this skill when the agent is about to:

  • Make a payment or transfer — get approval first
  • Sign or send a contract — collect digital signature
  • Access sensitive data — verify authorization exists
  • Execute a high-value action — check mandate constraints (amount limits, time bounds)
  • Start an onboarding flow — combine contract + form + consent in one request

Trigger keywords: approval, authorize, mandate, sign, consent, credential, KYC, identity verification, human approval, compliance, permission, delegation.

Prerequisites

  1. A VIA Protocol account with an API key from app.humanos.id
  2. Environment variables set:
    • VIA_API_KEY — Bearer token for API authentication
    • VIA_SIGNATURE_SECRET — HMAC secret for request signing
    • Optional: VIA_API_URL — Override API base URL (default: https://api.humanos.id)

Windows note: this skill is currently supported on macOS/Linux shells. On Windows, use WSL or Git Bash with bash, curl, jq, and openssl installed.

Authentication

All API requests require:

Authorization: Bearer $VIA_API_KEY
X-Timestamp: <unix-timestamp-ms>
X-Signature: <hmac-sha256 of (timestamp + "." + body) using VIA_SIGNATURE_SECRET>

Use the signing script: scripts/sign-request.sh

Official API documentation: https://humanos.mintlify.app/essentials/introduction

Operation Index (Fast Lookup)

Use this as the primary lookup table before reading detailed sections.

GoalScriptMethodEndpointRequired Args
Create approval requestscripts/create-request.shPOST/v1/request--contact, --type, --name
Check request statusscripts/get-request.shGET/v1/request/:id--id
Find requestsscripts/find-requests.shGET`/v1/request?contactdid
Get credential proofscripts/get-credential.shGET/v1/credential/:id--id
Get mandatescripts/get-mandate.shGET/v1/via/mandates/:id--id
Get mandate VCscripts/get-mandate-vc.shGET/v1/via/mandates/:id/vc--id
Resolve DIDscripts/resolve-did.shGET/v1/via/dids/:did--did
Look up userscripts/get-user.shGET`/v1/user?contactdid
Cancel requestscripts/cancel-request.shDELETE/v1/request/:id--id
Resend OTPscripts/resend-otp.shPATCH/v1/request/resend/:id--id (and optional --contact)

Create Request Rules (Critical)

Follow these rules to avoid generic 400 Failed to generate credentials request responses.

  1. Use --type as: document, consent, or json (lowercase input; script converts internally).
  2. form is not supported as inline credential in this script. Use resource IDs for forms.
  3. --data should be JSON array of fields. A single object is also accepted and auto-wrapped.
  4. Every field should follow:
    • label (string)
    • type (string, number, boolean, date, url, pdf, object, array)
    • value (matches type)
    • hidden (boolean; defaults to false)
  5. Type-specific mandatory fields:
    • consent: must include {"label":"text","type":"string","value":"...","hidden":false}
    • document: must include {"label":"pdf","type":"pdf","value":"<base64>","hidden":false}

Valid examples (copy/paste)

Consent (recommended for simple approvals):

scripts/create-request.sh \
  --contact "+351919307983" \
  --type "consent" \
  --name "Football approval" \
  --data '[{"label":"text","type":"string","value":"I approve football tomorrow.","hidden":false}]'

JSON mandate:

scripts/create-request.sh \
  --contact "user@example.com" \
  --type "json" \
  --name "Hotel Booking Authorization" \
  --data '[
    {"label":"amount","type":"number","value":450,"hidden":false},
    {"label":"currency","type":"string","value":"EUR","hidden":false}
  ]'

Document signature:

scripts/create-request.sh \
  --contact "user@example.com" \
  --type "document" \
  --name "NDA Signature" \
  --data '[{"label":"pdf","type":"pdf","value":"<base64-pdf>","hidden":false}]'

Signing Algorithm (Exact Bytes, Critical)

All 401 Invalid signature incidents should be debugged against this section.

  1. Build the request body once.
  2. Keep the body as a compact JSON string.
  3. Generate timestamp in unix milliseconds (13 digits).
  4. Compute payload as:
    • timestamp + "." + body when body is not empty
    • timestamp when body is empty
  5. Compute signature = HMAC_SHA256_HEX(payload, VIA_SIGNATURE_SECRET).
  6. Send exactly the same body bytes in the HTTP request.

Deterministic checklist

  • Use jq -c or jq -n to build compact JSON.
  • Use printf, not echo, when signing (avoid accidental newline).
  • Do not reformat body after signature generation.
  • Sign and send immediately (avoid stale timestamps).
  • Keep UTF-8 text unchanged (accents and symbols must match).

Common failure modes

  • Timestamp includes non-digits (for example, %3N incompatibility on macOS).
  • Body was pretty-printed for signing but compacted for sending (or vice versa).
  • Body key order/escaping changed between signature and request.
  • Wrong base URL or environment points to different backend.
  • Secret/token mismatch between environments.

Core Operations

1. Create a Credential Request (Get Human Approval)

When the agent needs human authorization for an action:

scripts/create-request.sh \
  --contact "user@example.com" \
  --type "json" \
  --name "Hotel Booking Authorization" \
  --security "CONTACT" \
  --data '[{"label":"amount","type":"number","value":450,"hidden":false}]'

Parameters:

  • --contact — Email or phone number of the person who must approve (required)
  • --type — Type of credential: document, json, or consent (required). form inline is not supported.
  • --name — Human-readable name for the approval (required)
  • --security — Security level: CONTACT, ORGANIZATION_KYC, HUMANOS_KYC (default: CONTACT)
  • --data — JSON array of mandate fields (optional for json; strongly recommended for consent/document)
  • --language — Language for the approval UI: ENG or PRT (default: ENG)
  • --redirect — URL to redirect user after approval (optional)
  • --internal-id — Your internal reference ID (optional)

What happens:

  1. The API creates the request and sends an OTP code to the contact
  2. The person opens the link, enters the code, and sees the approval
  3. They approve or reject with optional digital signature
  4. You receive a webhook or poll for the result

Response includes: requestId — save this to check status later.

2. Check Request Status

scripts/get-request.sh --id "request-id-here"

Returns the full request with all credentials and their statuses (PENDING, APPROVED, REJECTED).

3. Find Requests by User

scripts/find-requests.sh --contact "user@example.com"
# or
scripts/find-requests.sh --did "did:key:z6Mk..."
# or
scripts/find-requests.sh --internal-id "order-123"

4. Get a Credential with Proofs

scripts/get-credential.sh --id "credential-id-here"

Returns the W3C Verifiable Credential with cryptographic proofs that the human authorized the action.

5. Get a Mandate

scripts/get-mandate.sh --id "mdt_uuid-here"

Returns mandate details including scope, validity period, and constraints.

6. Get Mandate as Verifiable Credential

scripts/get-mandate-vc.sh --id "mdt_uuid-here"

Returns the mandate in W3C Verifiable Credential format for use in Verifiable Presentations.

7. Resolve a DID

scripts/resolve-did.sh --did "did:key:z6Mk..."

Returns the DID Document with verification methods. Use this to verify signatures on credentials.

8. Look Up a User

scripts/get-user.sh --contact "user@example.com"

Returns user details, identity information, and associated DIDs.

9. Cancel a Request

scripts/cancel-request.sh --id "request-id-here"

Cancels a pending request. This is irreversible.

10. Resend OTP

scripts/resend-otp.sh --id "request-id-here" --contact "user@example.com"

Resends the verification code to the user if they didn't receive it.

Decision Flow

When you need human approval, follow this flow:

  1. Create requestscripts/create-request.sh
  2. Wait for approval → Poll with scripts/get-request.sh or wait for webhook
  3. Check result:
    • APPROVED → Proceed with the action. The credential contains cryptographic proof.
    • REJECTED → Do NOT proceed. Inform the user the action was denied.
    • PENDING → Still waiting. Ask the user if they want to resend the OTP.

Security Levels

LevelDescriptionUse When
CONTACTOTP verification onlyLow-risk actions (view data, basic approvals)
ORGANIZATION_KYCOrganization-level identity checkMedium-risk (sign documents, access records)
HUMANOS_KYCFull KYC with identity verificationHigh-risk (payments, legal signatures)
HUMANOS_REVALIDATIONRe-verification of previously verified identityPeriodic re-checks

Credential Types

TypeDescriptionUser Experience
documentPDF document for review and signatureUser sees PDF, can draw signature
formDynamic form with fieldsUser fills form fields step by step
jsonStructured data for reviewUser sees data and approves/rejects
consentConsent text or URLUser reads and agrees to terms

Rate Limits

  • Request creation: 60 requests per 60 seconds
  • Max 10 credentials per request
  • Max 100 contacts per request

Error Handling

  • 401 Unauthorized — Check VIA_API_KEY and signature
  • 404 Not Found — Request or credential doesn't exist
  • 429 Too Many Requests — Rate limit hit, wait and retry
  • 400 Bad Request — Check request body format

401 Invalid Signature Playbook

Follow this exact sequence before escalating:

  1. Confirm endpoint is https://api.humanos.id.
  2. Confirm timestamp is 13-digit numeric milliseconds.
  3. Confirm signing payload is exactly:
    • timestamp + "." + body (non-empty body), or
    • timestamp (empty body).
  4. Confirm signed body bytes are the same bytes sent to curl.
  5. Confirm VIA_SIGNATURE_SECRET and VIA_API_KEY come from the same environment.
  6. Retry with a minimal JSON payload (single credential, no optional fields).
  7. If GET works and POST still fails, capture request metadata for backend support:
    • endpoint path
    • timestamp
    • body length
    • sha256(body)
    • signature format (hex/base64)

Escalation note for support: "GET succeeds with same key/secret, POST returns 401 Invalid signature using payload=timestamp.body."

Output Format

Always present results to the user in this format:

For request creation:

Request created successfully. An approval link has been sent to [contact]. Request ID: [id] Status: PENDING

For status checks:

Request [id] — Status: [APPROVED/REJECTED/PENDING] Credential: [name] — [status] Approved by: [contact] on [date]

For errors:

Failed to [action]: [error message] Suggestion: [what to do next]

External Endpoints

EndpointData SentPurpose
$VIA_API_URL/v1/requestContacts, credential dataCreate approval requests
$VIA_API_URL/v1/request/:idRequest IDCheck approval status
$VIA_API_URL/v1/credential/:idCredential IDRetrieve signed credentials
$VIA_API_URL/v1/via/mandates/:idMandate IDGet mandate details
$VIA_API_URL/v1/via/mandates?scope=<scope>&toolName=<tool>Scope, tool nameQuery mandates for policy checks
$VIA_API_URL/v1/via/dids/:didDID identifierResolve DID documents
$VIA_API_URL/v1/userContact/DID/internal IDLook up users

Default base URL is https://api.humanos.id when VIA_API_URL is not set.

Security and Privacy

  • API keys are read from environment variables at runtime, never hardcoded in scripts
  • When using OpenClaw, credentials are managed by the OpenClaw runtime via ~/.openclaw/openclaw.json (set secure file permissions: chmod 600)
  • All requests are signed with HMAC-SHA256 to prevent tampering
  • Credentials contain W3C Verifiable Credential proofs (EdDSA)
  • User contact information (email/phone) is sent to the VIA API for OTP delivery
  • No application data is stored locally by this skill
  • The optional guard hook (handler.ts) requires Node.js 18+ for native fetch and crypto support

Comments

Loading comments...