Soulprint

v1.0.25

Soulprint decentralized identity verification for AI agents. v0.6.4 — blockchain-first architecture (no libp2p): state lives on Base Sepolia, 4 validator nod...

⭐ 4· 708·1 current·1 all-time

byManuel Felipe Arias@manuelfelipearias

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for manuelfelipearias/soulprint.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Soulprint" (manuelfelipearias/soulprint) from ClawHub.
Skill page: https://clawhub.ai/manuelfelipearias/soulprint
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node, npx
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install manuelfelipearias/soulprint

ClawHub CLI

Package manager switcher

npx clawhub@latest install soulprint

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description (decentralized identity, ZK proofs, validator node) align with the declared binaries (node, npx) and the npm install specification (installs a soulprint CLI). The SKILL.md documents running validator nodes, CLI verify commands, and middleware integration which are appropriate for an identity/validator tool. Minor inconsistency: the install spec lists package "soulprint" while the README shows using packages/commands like `soulprint-network` and `npx soulprint ...` (multiple package names referenced). This is explainable (CLI vs subpackages) but worth confirming the exact package(s) the installer will fetch.

ℹ

Instruction Scope

The SKILL.md instructs running local OCR, face-matching, and ZK proof generation (e.g., `npx soulprint install-deps` and `npx soulprint verify-me`) — all of which are within the stated purpose but involve sensitive local data (document images, face images). The instructions also reference on-chain queries and an optional Registraduría validation endpoint. The doc does not instruct reading unrelated system files or exfiltrating data, but it does expect network access (blockchain, validator endpoints) and use of local biometric/document data; confirm the tool truly keeps sensitive inputs local and does not transmit them to third-party services.

ℹ

Install Mechanism

Installation is via an npm package (install spec: node package 'soulprint'), which is expected for a Node CLI. npm installs run arbitrary package code, so this is a moderate-risk mechanism compared with instruction-only skills. No external arbitrary download URLs or archive extraction are specified. Verify the package name/version and publisher on the npm registry and inspect package contents if possible before installing.

ℹ

Credentials

requires.env is empty in metadata, which is reasonable for a general CLI. However SKILL.md examples show sensitive environment variables (ADMIN_PRIVATE_KEY, ADMIN_TOKEN) for running a validator node — appropriate for the documented operation but not declared as required. This is not inherently incoherent (validator nodes legitimately need private keys), but users should not provide private keys unless they intend to run a validator and trust the package. Also confirm whether the tool will prompt for or read files (images, camera) and whether those remain local.

✓

Persistence & Privilege

No elevated platform privileges are requested: always is false, user-invocable true, and there is no indication the skill modifies other skills or system-wide agent settings. The npm install will write files to disk (normal for a CLI) but does not claim to persistently alter agent configuration beyond installing a binary.

Assessment

This skill is coherent with its stated purpose, but it deals with sensitive identity data and installs an npm package that runs code on your machine. Before installing or running it: 1) confirm the exact npm package(s) and publisher (inspect the package on npm and GitHub) to ensure you're installing the official project; 2) run the CLI in a sandbox or container first; 3) do not provide private keys (ADMIN_PRIVATE_KEY) unless you intend to run a validator and fully trust the code; 4) verify the claim that OCR/face matching is 100% local (read the package source to confirm there are no unexpected network uploads); 5) confirm on-chain contract addresses and endpoints are correct; and 6) if you care about privacy, audit or inspect the npm package contents and maintain backups before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🌀 Clawdis

Binsnode, npx

Install

Install Soulprint CLI (npm)

Bins: soulprint

npm i -g soulprint

latestvk97f15evq7bfk1ez96hatnbz0x824690

708downloads

4stars

25versions

Updated 30m ago

v1.0.25

MIT-0

Soulprint — Decentralized Identity for AI Agents

Soulprint proves a real human is behind any AI bot using privacy-preserving ZK proofs — no centralized authority, no biometric cloud uploads. State lives on Base Sepolia blockchain.

GitHub: https://github.com/manuelariasfz/soulprint
npm: https://www.npmjs.com/package/soulprint-network
Docs: https://soulprint.digital
Network: 4 validator nodes on Railway (Base Sepolia testnet)
Version: v0.6.4

Architecture (v0.6.4 — blockchain-first, local ZK verification)

User verifies once → ZK proof generated locally (no Registraduría scraping)
→ Nullifier registered on-chain (Base Sepolia)
→ Any agent queries on-chain: isRegistered(nullifier) → true/false
No P2P sync, no central server — blockchain IS the network

Contracts on Base Sepolia:

PeerRegistry: 0x452fb66159dFCfC13f2fD9627aA4c56886BfB15b
NullifierRegistry: (pending deployment — requires testnet ETH)
ReputationRegistry: (pending deployment — requires testnet ETH)
ProtocolThresholds: 0xD8f78d65b35806101672A49801b57F743f2D2ab1
MCPRegistry: 0x59EA3c8f60ecbAe22B4c323A8dDc2b0BCd9D3C2a

When to Use

✅ USE this skill when:

"Verify my identity for an AI agent"
"Run a Soulprint validator node"
"Add identity verification to my MCP server or API"
"Check the reputation score of a bot or DID"
"Generate a privacy proof from a Colombian cédula"
"Verify a cédula against Registraduría Nacional"
"Issue or verify an SPT (Soulprint Token)"

❌ DON'T use this skill when:

Storing or transmitting biometric data remotely (Soulprint runs 100% locally)
Verifying identities from countries not yet supported (only Colombia is full)

Quick Start

1. Verify Your Identity (one-time)

npx soulprint install-deps   # OCR + face recognition — only once
npx soulprint verify-me      # all local, nothing uploaded

2. Run a Validator Node

npx soulprint-network
# or
ADMIN_PRIVATE_KEY=0x... ADMIN_TOKEN=... PORT=4888 node dist/server.js

Node API:

GET  /info                      — node version, network, contracts, capabilities
GET  /health                    — code integrity hash
POST /verify                    — verify ZK proof
GET  /verify/cedula?numero=X&fechaNac=YYYY-MM-DD  — Registraduría validation
GET  /network/stats             — live stats (peers, verified, MCPs)
GET  /mcps/verified             — verified MCPs from MCPRegistry on-chain
GET  /protocol/thresholds       — on-chain protocol thresholds

Integrate in Your API

MCP Server (3 lines)

import { requireSoulprint } from "soulprint-mcp";

server.tool("premium-tool", requireSoulprint({ minScore: 80 }), async (args, ctx) => {
  const { did, score } = ctx.soulprint;
});

Express / Fastify

import { soulprintMiddleware } from "soulprint-express";
app.use(soulprintMiddleware({ minScore: 65 }));
// req.soulprint.did, req.soulprint.score

Trust Score (0–100)

Component	Max	Source
Email verified	8	credential: email
Phone verified	12	credential: phone
GitHub account	16	credential: github
Document OCR	20	credential: document
Face match	16	credential: face_match
Biometric proof	8	credential: biometric
Bot reputation	20	Validator attestations
Total	100

Protocol Constants (on-chain via ProtocolThresholds)

Constant	Value
`SCORE_FLOOR`	65
`VERIFIED_SCORE_FLOOR`	52
`MIN_ATTESTER_SCORE`	65
`DEFAULT_REPUTATION`	10
`IDENTITY_MAX`	80
`REPUTATION_MAX`	20

Country Support

Country	Document	Status
🇨🇴 Colombia	Cédula de Ciudadanía	✅ Full (OCR + MRZ + face match + Registraduría)
Others	—	🚧 Planned

npm Packages

Package	Version	Purpose
`soulprint-network`	0.6.4	Validator node (HTTP + blockchain clients)
`soulprint-mcp`	latest	MCP middleware
`soulprint-express`	latest	Express/Fastify middleware
`soulprint-core`	latest	DID, tokens, protocol constants
`soulprint-zkp`	latest	ZK proofs (Circom + snarkjs)
`soulprint-verify`	latest	OCR + face match
`soulprint`	latest	CLI

Integration with mcp-colombia

mcp-colombia-hub@1.3.0 uses Soulprint natively — no extra setup needed.

soulprint_status tool available directly in mcp-colombia: checks on-chain identity and reputation
trabajo_aplicar (job applications) requires Soulprint score ≥ 40
Live validator: https://soulprint-node-production.up.railway.app

Install both together

# Add to your MCP config:
npx mcp-colombia-hub     # includes soulprint_status tool

# Verify your identity first (one-time):
npx soulprint verify-me

Once verified, your SPT token works across all tools in mcp-colombia automatically.

Comments

Loading comments...