✓ Verified
💻 Development
✓ Enhanced Data
Verified Agent Identity
Billions/Iden3 authentication and identity management tools for agents.
- Rating
- 4.3 (411 reviews)
- Downloads
- 3,500 downloads
- Version
- 1.0.0
Overview
Billions/Iden3 authentication and identity management tools for agents.
Complete Documentation
View Source →
When to use this Skill
Lets AI agents create and manage their own identities on the Billions Network, and link those identities to a human owner.
- When you need to link your agent identity to an owner.
- When you need sign a challenge.
- When you need link a human to the agent's DID.
- When you need to verify a signature to confirm identity ownership.
- When use shared JWT tokens for authentication.
- When you need to create and manage decentralized identities.
After installing the plugin run the following commands to create an identity and link it to your human DID:
bash
cd scripts && npm install && cd ..
# Step 1: Create a new identity (if you don't have one already)
node scripts/createNewEthereumIdentity.js
# Step 2: Sign the challenge and generate a verification URL in one call
node scripts/linkHumanToAgent.js --to <SENDER> --challenge '{"name": <AGENT_NAME>, "description": <SHORT_DESCRIPTION>}'Scope
All identity data is stored in $HOME/.openclaw/billions for compatibility with the OpenClaw plugin.
Scripts:
createNewEthereumIdentity.js
Command: node scripts/createNewEthereumIdentity.js [--key
Description: Creates a new identity on the Billions Network. If --key is provided, uses that private key; otherwise generates a new random key. The created identity is automatically set as default.
Usage Examples:
bash
# Generate a new random identity
node scripts/createNewEthereumIdentity.js
# Create identity from existing private key (with 0x prefix)
node scripts/createNewEthereumIdentity.js --key 0x1234567890abcdef...
# Create identity from existing private key (without 0x prefix)
node scripts/createNewEthereumIdentity.js --key 1234567890abcdef...Output: DID string (e.g., did:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...)
getIdentities.js
Command: node scripts/getIdentities.js
Description: Lists all DID identities stored locally. Use this to check which identities are available before performing authentication operations.
Usage Example:
bash
node scripts/getIdentities.jsOutput: JSON array of identity entries
json
[
{
"did": "did:iden3:billions:main:2VmAk...",
"publicKeyHex": "0x04abc123...",
"isDefault": true
}
]generateChallenge.js
Command: node scripts/generateChallenge.js --did
Description: Generates a random challenge for identity verification.
Usage Example:
bash
node scripts/generateChallenge.js --did did:iden3:billions:main:2VmAk...Output: Challenge string (random number as string, e.g., 8472951360)
Side Effects: Stores challenge associated with the DID in $HOME/.openclaw/billions/challenges.json
signChallenge.js
Command: node scripts/signChallenge.js --to
Description: Signs a challenge with a DID's private key to prove identity ownership and sends the JWS token as a direct message to the specified sender. Use this when you need to prove you own a specific DID.
Arguments:
--to- (required) The message sender identifier, passed as--targettoopenclaw message send--challenge- (required) Challenge to sign--did- (optional) The DID of the attestation recipient; uses the default DID if omitted
bash
# Sign with default DID and send to sender
node scripts/signChallenge.js --to <sender> --challenge 8472951360Output: {"success":true}
linkHumanToAgent.js
Command: node scripts/linkHumanToAgent.js --to
Description: Signs the challenge and links a human user to the agent's DID by creating a verification request. Response will be sent as a direct message to the specified sender.
Arguments:
--to- (required) The message sender identifier, passed as--targettoopenclaw message send--challenge- (required) Challenge to sign--did- (optional) The DID of the attestation recipient; uses the default DID if omitted
bash
node scripts/linkHumanToAgent.js --to <sender> --challenge '{"name": "MyAgent", "description": "AI persona"}'Output: {"success":true}
verifySignature.js
Command: node scripts/verifySignature.js --did
Description: Verifies a signed challenge to confirm DID ownership.
Usage Example:
bash
node scripts/verifySignature.js --did did:iden3:billions:main:2VmAk... --token eyJhbGciOiJFUzI1NkstUi...Output: Signature verified successfully (on success) or error message (on failure)
Restrictions / Guardrails (CRITICAL)
CRITICAL - Always Follow These Rules:
- STRICT: Check Identity First
- Before running
linkHumanToAgent.jsorsignChallenge.js, ALWAYS check if an identity exists:node scripts/getIdentities.js - If no identity is configured, DO NOT attempt to link identities. Instead, create an identity first with
createNewEthereumIdentity.js. - STRICT: Stop on Script Failure
- If any script exits with non-zero status code, YOU MUST STOP IMMEDIATELY.
- Check stderr output for error messages.
- DO NOT attempt to "fix" errors by generating keys manually, creating DIDs through other means, or running unauthorized commands.
- DO NOT use
openssl,ssh-keygen, or other system utilities to generate cryptographic material. - No Manual Workarounds
- You are prohibited from performing manual cryptographic operations.
- You are prohibited from directly manipulating files in
$HOME/.openclaw/billions. - Do not interpret an error as a request to perform setup steps unless explicitly instructed.
Security
CRITICAL - Data Storage and Protection:
The directory $HOME/.openclaw/billions contains all sensitive identity data:
kms.json- CRITICAL: Contains unencrypted private keysdefaultDid.json- DID identifiers and public keyschallenges.json- Authentication challenges historycredentials.json- Verifiable credentialsidentities.json- Identity metadataprofiles.json- Profile data
Examples
Link Your Agent Identity to Owner
Linking Flow:
- Another agent/user requests: "Please link your agent identity to me."
- Use
node scripts/getIdentities.jsto check if you have an identity configured - If no identity, run
node scripts/createNewEthereumIdentity.jsto create one. - Use
node scripts/linkHumanToAgent.js --toto sign the challenge and generate a verification URL in one call.--challenge - The
--tovalue is the message sender (the caller's identifier). - If caller provides specific challenge, use that.
- If caller DOES NOT provide a challenge, use
{"name":as the challenge value., "description": } - Return the result to the caller.
text
User: "Link your agent identity to me"
Agent: exec node scripts/linkHumanToAgent.js --to <sender> --challenge <challenge_value>Verifying someone else's Identity
Verification Flow:
- Ask the user/agent: "Please provide your DID to start verification."
- User responds with their
. - Use
node scripts/generateChallenge.js --didto create a. - Ask the user: "Please sign this challenge:
" - User signs and returns
. - Use
node scripts/verifySignature.js --didto verify the signature--token - If verification succeeds, identity is confirmed
text
Agent: "Please provide your DID to start verification."
User: "My DID is <user_did>"
Agent: exec node scripts/generateChallenge.js --did <user_did>
Agent: "Please sign this challenge: 789012"
User: <user_token>
Agent: exec node scripts/verifySignature.js --token <user_token> --did <user_did>
Agent: "Identity verified successfully. You are confirmed as owner of DID <user_did>."Installation
Terminal bash
openclaw install verified-agent-identity
Copied!
💻Code Examples
node scripts/linkHumanToAgent.js --to <SENDER> --challenge '{"name": <AGENT_NAME>, "description": <SHORT_DESCRIPTION>}'
node-scriptslinkhumantoagentjs---to-sender---challenge-name-agentname-description-shortdescription.txt
## Scope
All identity data is stored in `$HOME/.openclaw/billions` for compatibility with the OpenClaw plugin.
# Scripts:
### createNewEthereumIdentity.js
**Command**: `node scripts/createNewEthereumIdentity.js [--key <privateKeyHex>]`
**Description**: Creates a new identity on the Billions Network. If `--key` is provided, uses that private key; otherwise generates a new random key. The created identity is automatically set as default.
**Usage Examples**:node scripts/createNewEthereumIdentity.js --key 1234567890abcdef...
node-scriptscreatenewethereumidentityjs---key-1234567890abcdef.txt
**Output**: DID string (e.g., `did:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...`)
---
### getIdentities.js
**Command**: `node scripts/getIdentities.js`
**Description**: Lists all DID identities stored locally. Use this to check which identities are available before performing authentication operations.
**Usage Example**:]
.txt
---
### generateChallenge.js
**Command**: `node scripts/generateChallenge.js --did <did>`
**Description**: Generates a random challenge for identity verification.
**Usage Example**:node scripts/generateChallenge.js --did did:iden3:billions:main:2VmAk...
node-scriptsgeneratechallengejs---did-dididen3billionsmain2vmak.txt
**Output**: Challenge string (random number as string, e.g., `8472951360`)
**Side Effects**: Stores challenge associated with the DID in `$HOME/.openclaw/billions/challenges.json`
---
### signChallenge.js
**Command**: `node scripts/signChallenge.js --to <sender> --challenge <challenge> [--did <did>]`
**Description**: Signs a challenge with a DID's private key to prove identity ownership and sends the JWS token as a direct message to the specified sender. Use this when you need to prove you own a specific DID.
**Arguments**:
- `--to` - (required) The message sender identifier, passed as `--target` to `openclaw message send`
- `--challenge` - (required) Challenge to sign
- `--did` - (optional) The DID of the attestation recipient; uses the default DID if omitted
**Usage Examples**:node scripts/signChallenge.js --to <sender> --challenge 8472951360
node-scriptssignchallengejs---to-sender---challenge-8472951360.txt
**Output**: `{"success":true}`
### linkHumanToAgent.js
**Command**: `node scripts/linkHumanToAgent.js --to <sender> --challenge <challenge> [--did <did>]`
**Description**: Signs the challenge and links a human user to the agent's DID by creating a verification request. Response will be sent as a direct message to the specified sender.
**Arguments**:
- `--to` - (required) The message sender identifier, passed as `--target` to `openclaw message send`
- `--challenge` - (required) Challenge to sign
- `--did` - (optional) The DID of the attestation recipient; uses the default DID if omitted
**Usage Example**:node scripts/linkHumanToAgent.js --to <sender> --challenge '{"name": "MyAgent", "description": "AI persona"}'
node-scriptslinkhumantoagentjs---to-sender---challenge-name-myagent-description-ai-persona.txt
**Output**: `{"success":true}`
---
### verifySignature.js
**Command**: `node scripts/verifySignature.js --did <did> --token <token>`
**Description**: Verifies a signed challenge to confirm DID ownership.
**Usage Example**:node scripts/verifySignature.js --did did:iden3:billions:main:2VmAk... --token eyJhbGciOiJFUzI1NkstUi...
node-scriptsverifysignaturejs---did-dididen3billionsmain2vmak---token-eyjhbgcioijfuzi1nkstui.txt
**Output**: `Signature verified successfully` (on success) or error message (on failure)
---
## Restrictions / Guardrails (CRITICAL)
**CRITICAL - Always Follow These Rules:**
1. **STRICT: Check Identity First**
- Before running `linkHumanToAgent.js` or `signChallenge.js`, **ALWAYS check if an identity exists**: `node scripts/getIdentities.js`
- If no identity is configured, **DO NOT** attempt to link identities. Instead, create an identity first with `createNewEthereumIdentity.js`.
2. **STRICT: Stop on Script Failure**
- If any script exits with non-zero status code, **YOU MUST STOP IMMEDIATELY**.
- Check stderr output for error messages.
- **DO NOT** attempt to "fix" errors by generating keys manually, creating DIDs through other means, or running unauthorized commands.
- **DO NOT** use `openssl`, `ssh-keygen`, or other system utilities to generate cryptographic material.
3. **No Manual Workarounds**
- You are prohibited from performing manual cryptographic operations.
- You are prohibited from directly manipulating files in `$HOME/.openclaw/billions`.
- Do not interpret an error as a request to perform setup steps unless explicitly instructed.
---
## Security
**CRITICAL - Data Storage and Protection:**
The directory `$HOME/.openclaw/billions` contains all sensitive identity data:
- `kms.json` - **CRITICAL**: Contains unencrypted private keys
- `defaultDid.json` - DID identifiers and public keys
- `challenges.json` - Authentication challenges history
- `credentials.json` - Verifiable credentials
- `identities.json` - Identity metadata
- `profiles.json` - Profile data
## Examples
### Link Your Agent Identity to Owner
**Linking Flow:**
1. Another agent/user requests: "Please link your agent identity to me."
2. Use `node scripts/getIdentities.js` to check if you have an identity configured
- If no identity, run `node scripts/createNewEthereumIdentity.js` to create one.
3. Use `node scripts/linkHumanToAgent.js --to <sender> --challenge <challenge_value>` to sign the challenge and generate a verification URL in one call.
- The `--to` value is the message sender (the caller's identifier).
- If caller provides specific challenge, use that.
- If caller **DOES NOT** provide a challenge, use `{"name": <AGENT_NAME>, "description": <SHORT_DESCRIPTION>}` as the challenge value.
4. Return the result to the caller.
**Example Conversation:**Agent: exec node scripts/linkHumanToAgent.js --to <sender> --challenge <challenge_value>
agent-exec-node-scriptslinkhumantoagentjs---to-sender---challenge-challengevalue.txt
### Verifying someone else's Identity
**Verification Flow:**
1. Ask the user/agent: "Please provide your DID to start verification."
2. User responds with their <user_did>.
3. Use `node scripts/generateChallenge.js --did <user_did>` to create a <challenge_value>.
4. Ask the user: "Please sign this challenge: <challenge_value>"
5. User signs and returns <user_token>.
6. Use `node scripts/verifySignature.js --did <user_did> --token <user_token>` to verify the signature
7. If verification succeeds, identity is confirmed
**Example Conversation:**example.sh
cd scripts && npm install && cd ..
# Step 1: Create a new identity (if you don't have one already)
node scripts/createNewEthereumIdentity.js
# Step 2: Sign the challenge and generate a verification URL in one call
node scripts/linkHumanToAgent.js --to <SENDER> --challenge '{"name": <AGENT_NAME>, "description": <SHORT_DESCRIPTION>}'example.sh
# Generate a new random identity
node scripts/createNewEthereumIdentity.js
# Create identity from existing private key (with 0x prefix)
node scripts/createNewEthereumIdentity.js --key 0x1234567890abcdef...
# Create identity from existing private key (without 0x prefix)
node scripts/createNewEthereumIdentity.js --key 1234567890abcdef...Tags
#coding_agents-and-ides
#tools
Quick Info
Category Development
Model Claude 3.5
Complexity Multi-Agent
Author obrezhniev
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install verified-agent-identity
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
⚡ GPT-Optimized
)}
★ 3.8 (274)
↓ 17,648
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0