ERC8004 Agent
v0.0.28004 Agent Skill for registering AI agents on the ERC-8004 Trustless Agents standard and authenticating them via SIWA (Sign In With Agent). Use this skill when an agent needs to: (1) create or manage an Ethereum wallet for onchain identity, (2) register on the ERC-8004 Identity Registry as an NFT-based agent identity (SIGN UP), (3) authenticate with a server by proving ownership of an ERC-8004 identity using a signed challenge (SIGN IN / SIWA), (4) build or update an ERC-8004 registration file (metadata JSON with endpoints, trust models, services), (5) upload agent metadata to IPFS or base64 data URI, (6) look up or verify an agent's onchain registration. The agent persists public identity state in MEMORY.md. Private keys are held in a separate keyring proxy server — the agent can request signatures but never access the key itself. Triggers on: ERC-8004, trustless agents, agent registration, SIWA, Sign In With Agent, agent identity NFT, Agent0 SDK, agent wallet, agent keystore, keyring proxy.
⭐ 1· 1.4k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (onchain agent registration, SIWA authentication, building registration metadata, storing public state in MEMORY.md) matches the documentation and assets. However, the runtime instructions require a keyring proxy and the @buildersgarden/siwa SDK; the registry metadata incorrectly lists no required env vars or binaries. Asking the agent to manage an onchain identity legitimately requires a signer backend and network tooling, but the metadata should have declared KEYRING_PROXY_* env vars and required Node/npm/pnpm if those are needed.
Instruction Scope
SKILL.md instructs the agent to install an npm package, run pnpm/npm CLI commands in a specific workspace path (/home/node/.openclaw/workspace/siwa/packages/siwa-testing), read/write MEMORY.md (which will hold session tokens), and deploy or trust a remote keyring proxy (Railway link provided). The instructions also include a manual HMAC fallback protocol. These runtime steps go beyond a simple 'instruction-only' skill: they assume Node toolchain availability and explicitly direct interacting with external services and filesystem paths, and they instruct storing short-lived session tokens in MEMORY.md — a moderate-sensitivity artifact.
Install Mechanism
There is no install spec (instruction-only), which is low disk-write risk. However, the SKILL.md requires installing the @buildersgarden/siwa SDK via npm/pnpm and running pnpm scripts; the manifest does not declare required binaries (node/npm/pnpm) or provide a packaged SDK. The missing explicit install requirements is an inconsistency that could cause the agent to try to run commands it cannot, or prompt users to install external packages from npm without additional provenance.
Credentials
The docs and SKILL.md rely on environment variables such as KEYRING_PROXY_URL and KEYRING_PROXY_SECRET (and on the proxy side AGENT_PRIVATE_KEY / KEYSTORE_PASSWORD), but the skill metadata listed no required env vars. Requiring a shared HMAC secret and possibly an AGENT_PRIVATE_KEY (on the proxy) is a high-impact trust decision: whoever controls the proxy (and has the secret or hosts AGENT_PRIVATE_KEY) can cause signatures to be produced. The skill's claims that the private key 'never enters the agent' depend entirely on trusting the proxy; that trust and the lack of declared env requirements are notable red flags.
Persistence & Privilege
The skill is not always-enabled and uses normal model invocation. It does not request to modify other skills or system-wide settings. It does, however, instruct writing and reading MEMORY.md in the workspace to persist public identity state and sessions; MEMORY.md may contain short-lived session tokens (medium sensitivity). No explicit long-lived privileged persistence (e.g., always:true) is requested.
What to consider before installing
This skill appears to implement ERC-8004 registration and a SIWA signing workflow, but be cautious: 1) The SKILL.md expects you to deploy or trust a keyring proxy and set KEYRING_PROXY_URL and KEYRING_PROXY_SECRET, yet the skill metadata lists no required env vars — verify environment requirements before installing. 2) The skill also expects Node/npm/pnpm and installing @buildersgarden/siwa from npm; confirm the SDK's source (repository, maintainer, published package integrity) before installing third-party packages. 3) The signing model delegates all cryptographic authority to the keyring proxy — whoever runs that proxy and holds AGENT_PRIVATE_KEY or the HMAC secret can cause signatures to be minted; prefer self-hosting the proxy or auditing its code and deployment (do not blindly use the Railway one-click unless you trust it). 4) MEMORY.md stores public state but may include session tokens; treat that file as moderately sensitive and control access. What would increase confidence: the skill metadata declaring required env vars and binaries, an install spec or packaged SDK with provenance (GitHub repo, pinned release), and an auditable keyring-proxy implementation you can self-host. If you cannot verify the proxy/SDK, do not grant it signing authority for keys you care about.Like a lobster shell, security has layers — review code before you run it.
latestvk97d0hn12h90bknm3pn96sqdgd80m5j2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.