ClawHub

Agent Identity

v1.0.5

Cryptographic identity for AI agents - sign and verify agent messages

0· 576·0 current·0 all-time
byIvan Cetta@nantes

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for nantes/agent-id-osiris.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agent Identity" (nantes/agent-id-osiris) from ClawHub.
Skill page: https://clawhub.ai/nantes/agent-id-osiris
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-id-osiris

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-id-osiris
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent identity, sign/verify) matches the shipped Python CLI: key generation, signing, verification, agent ID and signed agent card. Required binary (python) and dependency (cryptography) are appropriate. Minor inconsistencies: SKILL.md references a PowerShell wrapper (agent-identity.ps1) that is not present in the bundle and the SKILL.md metadata/homepage are generic; version strings differ between metadata and registry. These are implementation quirks, not indicators of mismatched purpose.
Instruction Scope
SKILL.md instructs only local key generation and signature operations and warns about insecure CLI password usage — scope stays within the stated purpose. Two issues to be aware of: (1) the PowerShell wrapper is referenced but not included, so the recommended Windows flow may be missing; (2) in identity.py the sign_agent_card() function calls private_key.sign(card_json) without handling RSA signing parameters (padding/hash), which will work for Ed25519 but likely raises errors for RSA keys — a functional bug rather than malicious behavior.
Install Mechanism
There is no download/install script; SKILL.md simply instructs installing the standard 'cryptography' Python package via pip. No remote URLs, archive extraction, or third-party installers are used in the skill bundle.
Credentials
The skill requests no environment variables or external credentials. It stores keys in a local 'keys/' directory; SKILL.md warns about file permissions and password handling. Requested scope of access (local filesystem for keys) is proportionate to the stated function.
Persistence & Privilege
The skill does not request always: true or any elevated/platform-wide privileges. It does not modify other skills or system configs. Default autonomous invocation is allowed (platform default) but the skill itself performs only local operations.
Assessment
This skill appears to do what it says: create and manage local cryptographic keys for an AI agent. Before installing: (1) verify the missing PowerShell wrapper if you need the Windows flow or use the provided Python CLI instead; (2) don't pass private-key passwords on the command line in production — use interactive input or environment-secure methods; (3) test RSA workflows (signing agent cards) because identity.py currently uses a generic private_key.sign call that may fail for RSA keys; (4) protect the keys/ directory with proper file permissions and backups; (5) review the small code bundle yourself if you need to ensure there are no changes (no network calls are present). If any of these issues worry you, run the tool in an isolated environment or request an updated release that fixes the RSA signing and includes the promised PowerShell wrapper.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🆔 Clawdis
Binspython
latestvk97bspph60zj8nxsrgt08achyh81m1gr
576downloads
0stars
6versions
Updated 2mo ago
v1.0.5
MIT-0
Ivan Cetta@nantes
latest
Download

Agent Identity Skill

Cryptographic identity system for AI agents. Sign messages, verify agents, prove who you are.

Files included:

  • identity.py - Python CLI (cross-platform)
  • agent-identity.ps1 - PowerShell wrapper (Windows)

What it does

  • Generate Key Pair - Create Ed25519 or RSA keys for your agent
  • Sign Messages - Cryptographically sign messages
  • Verify Signatures - Verify messages from other agents
  • Agent ID - Generate persistent agent ID from public key
  • Agent Card - Generate signed Agent Card for A2A/MCP

Installation

# Install Python dependency
pip install cryptography

Usage

Option 1: PowerShell (recommended on Windows)

.\agent-identity.ps1 -Action generate -AgentName "MyAgent" -KeyType ed25519 -Password "secret123"

Option 2: Python CLI (cross-platform)

python identity.py generate --name MyAgent --key-type ed25519 --password secret123

Available Commands

All commands work with both PowerShell and Python:

Generate Identity (with password encryption)

.\agent-identity.ps1 -Action generate -AgentName "MyAgent" -KeyType ed25519 -Password "secret123"

Sign Message

.\agent-identity.ps1 -Action sign -Message "Hello world" -PrivateKeyPath "keys/private.pem" -Password "secret123"

Verify Signature

.\agent-identity.ps1 -Action verify -Message "Hello world" -Signature "base64-signature" -PublicKeyPath "keys/public.pem"

Get Agent ID

.\agent-identity.ps1 -Action id -PublicKeyPath "keys/public.pem"

Sign Agent Card

.\agent-identity.ps1 -Action card -PublicKeyPath "keys/public.pem" -PrivateKeyPath "keys/private.pem" -Name "MyAgent" -Description "Research agent" -Capabilities "research,analysis" -Endpoint "https://myagent.com/a2a" -Password "secret123"

⚠️ Security Warnings

Password on Command Line

WARNING: Passing passwords on the command line is insecure because:

  • CLI arguments can be visible to other processes
  • Command history is stored in logs
  • Use only for testing, not production

For production, use interactive password input or environment variables.

Private Key Storage

  • Keys are stored in keys/ directory
  • Ensure proper file permissions
  • Back up your keys securely
  • Never share your private key

Requirements

  • Python 3.8+
  • cryptography library

License

MIT

Comments

Loading comments...