🔐 Identity Trust Skill
Decentralized Identity (DID) and Verifiable Credentials management system for AI Agents, built on W3C DID Core and W3C Verifiable Credentials standards.
📋 Overview
Identity Trust provides a complete solution for decentralized identity management, enabling AI agents to:
- - Create and manage Decentralized Identifiers (DIDs)
- Issue and verify W3C-compliant Verifiable Credentials
- Establish trust relationships between agents
- Manage cryptographic keys securely
- Store identity data locally with privacy
📦 Installation
Step 1: Install the Package
Option A: Via npm (Recommended)
CODEBLOCK0
Option B: From GitHub
CODEBLOCK1
Step 2: Verify Installation
CODEBLOCK2
🚀 Usage
When to Use This Skill
AUTO-TRIGGER when user's message contains:
- - Keywords:
DID, verifiable credential, identity, trust, �INLINECODE4 - Asks about creating or managing digital identities
- Needs to verify credentials or establish trust
- Wants to implement W3C DID/VC standards
- Building agent authentication systems
TRIGGER EXAMPLES:
- - "Create a DID for my AI agent"
- "Issue a verifiable credential"
- "How do I verify this credential?"
- "Set up decentralized identity for authentication"
- "Evaluate trust level of this agent"
DO NOT USE when:
- - Only general identity/password management (use password managers)
- OAuth/SAML authentication (use standard auth libraries)
- Simple user accounts (use traditional databases)
🎯 Core Features
1. DID Management
- - did:key - Self-contained, no registry needed
- did:web - Web-hosted DIDs for public verification
- did:ethr - Ethereum-based DIDs (basic support)
2. Verifiable Credentials
- - W3C VC Data Model 1.1 compliant
- Ed25519 and secp256k1 signatures
- Expiration date management
- Custom claims support
3. Trust Evaluation
- - Policy-based trust scoring
- Credential verification
- Issuer trust chains
- Reputation systems
4. Security
- - Ed25519 modern cryptography (default)
- secp256k1 Ethereum-compatible signatures
- Local key storage at �INLINECODE5
- No external key dependencies
💻 Tools
This skill provides 6 core tools for AI agents:
1. did_create - Create Decentralized Identifiers
Create a new DID for an agent or entity.
Parameters:
- -
method (string, optional): DID method - key, web, or ethr (default: key) - INLINECODE12� (string, optional): Cryptographic key type -
Ed25519 or secp256k1 (default: Ed25519) - INLINECODE16� (boolean, optional): Save to local storage (default:
true)
Returns:
- -
did (string): The generated DID identifier - INLINECODE19� (object): Complete DID Document
Example:
�CODEBLOCK3
2. did_resolve - Resolve DIDs to Documents
Resolve a DID to its DID Document.
Parameters:
- -
did (string, required): DID to resolve (e.g., did:key:z6Mkf...)
Returns:
- -
document (object): DID Document with verification methods
Example:
�CODEBLOCK4
3. vc_issue - Issue Verifiable Credentials
Issue a W3C-compliant verifiable credential.
Parameters:
- -
issuerDid (string, required): Issuer's DID - INLINECODE26� (string, required): Subject's DID
- INLINECODE27� (object, required): Claims to include in credential
- INLINECODE28� (string, optional): Credential type (default:
VerifiableCredential) - INLINECODE30� (number, optional): Expiration in days
Returns:
- -
credential (object): Signed verifiable credential
Example:
�CODEBLOCK5
4. vc_verify - Verify Credentials
Verify the authenticity and validity of a verifiable credential.
Parameters:
- -
credential (object, required): Credential to verify - INLINECODE34� (boolean, optional): Check expiration date (default:
true)
Returns:
- -
verified (boolean): Whether credential is valid - INLINECODE37� (object): Detailed verification results
Example:
�CODEBLOCK6
5. identity_list - List Identities
List all stored DIDs and credentials.
Parameters: None
Returns:
- -
dids (array): List of stored DIDs - INLINECODE40� (array): List of stored credentials
Example:
�CODEBLOCK7
6. trust_evaluate - Evaluate Agent Trust
Evaluate the trust level of an agent based on their credentials and policy.
Parameters:
- -
agentDid (string, required): Agent DID to evaluate - INLINECODE43� (object, optional): Trust policy configuration
Returns:
- -
trustLevel (number): Trust score (0-100) - INLINECODE45� (array): Credentials used for evaluation
- INLINECODE46� (boolean): Whether agent meets policy requirements
Example:
�CODEBLOCK8
📚 CLI Commands
Three command aliases available:
- - �INLINECODE47
- INLINECODE48
- INLINECODE49
DID Commands
CODEBLOCK9
Verifiable Credential Commands
CODEBLOCK10
Utility Commands
CODEBLOCK11
🔧 Programmatic API
Use as a Node.js library in your applications:
CODEBLOCK12
🎓 Use Cases
1. AI Agent Identity
Create persistent identities for AI agents:
CODEBLOCK13
2. Service Authentication
Authenticate agents accessing services:
CODEBLOCK14
3. Trust Networks
Build trust relationships between agents:
CODEBLOCK15
📐 Technical Standards
This implementation follows:
- - W3C DID Core 1.0 - Decentralized Identifiers specification
- W3C Verifiable Credentials Data Model 1.1 - Verifiable credentials standard
- Ed25519 Signature 2020 - Modern cryptographic signatures
- Multibase Encoding - Base58btc encoding for did:key
🔒 Security
Cryptography
- - Ed25519 - Modern elliptic curve signatures (default)
- secp256k1 - Ethereum-compatible signatures
- @noble/curves - Audited cryptography library
- @noble/hashes - Secure hashing
Key Storage
- - Private keys stored locally at �INLINECODE50
- No cloud storage or external dependencies
- User controls all cryptographic material
Best Practices
- 1. Never share private keys
- Always set expiration dates on credentials
- Verify credentials before trusting
- Use strong trust policies for critical operations
- Rotate keys periodically
🛠️ Configuration
Storage Location
Default: �INLINECODE51
Structure:
�CODEBLOCK16
Environment Variables
CODEBLOCK17
📊 Comparison with Alternatives
| Feature | Identity Trust | Traditional Auth | OAuth/SAML |
|---|
| Decentralized | ✅ | ❌ | ❌ |
| Self-sovereign |
✅ | ❌ | ❌ |
| W3C Standards | ✅ | ❌ | ❌ |
| No Central Authority | ✅ | ❌ | ❌ |
| Cryptographic Proofs | ✅ | 🟡 | 🟡 |
| Agent-to-Agent | ✅ | ❌ | 🟡 |
| Offline Verification | ✅ | ❌ | ❌ |
🐛 Troubleshooting
Common Issues
Problem: Error: Private key not found
�CODEBLOCK18
Problem: Error: Failed to resolve DID
�CODEBLOCK19
Problem: Error: Signature verification failed
�CODEBLOCK20
📖 Documentation
- - Full Documentation: README.md
- Quick Start Guide: QUICKSTART.md
- API Reference: src/types.ts
- GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
- npm Package: https://www.npmjs.com/package/openclaw-identity-trust
🔄 Updates & Changelog
v1.0.0 (2026-03-08)
Initial release with:
- - DID generation and resolution (did:key, did:web, did:ethr)
- Verifiable Credential issuance and verification
- Trust evaluation system
- CLI tool with 3 command aliases
- Programmatic API
- Local storage with encryption
- W3C standards compliance
🤝 Contributing
Contributions welcome! Please:
- 1. Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
📄 License
MIT License - see LICENSE
🔗 Links
- - GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
- npm: https://www.npmjs.com/package/openclaw-identity-trust
- ClawHub: https://clawhub.ai/ZhenStaff/identity-trust
- Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues
💬 Support
- - Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues
- Discussions: https://github.com/ZhenRobotics/openclaw-identity-trust/discussions
- Email: support@zhenrobot.com
Built with ❤️ for the OpenClaw ecosystem🔐 身份信任技能
面向AI代理的去中心化身份(DID)与可验证凭证管理系统,基于W3C DID核心标准和W3C可验证凭证标准构建。
📋 概述
身份信任为去中心化身份管理提供完整解决方案,使AI代理能够:
- - 创建和管理去中心化标识符(DID)
- 签发和验证符合W3C标准的可验证凭证
- 建立代理间的信任关系
- 安全管理加密密钥
- 本地存储身份数据,保护隐私
📦 安装
步骤1:安装软件包
选项A:通过npm安装(推荐)
bash
全局安装以获得CLI访问权限
npm install -g openclaw-identity-trust
验证安装
identity-trust --version
选项B:从GitHub安装
bash
克隆仓库
git clone https://github.com/ZhenRobotics/openclaw-identity-trust.git
cd openclaw-identity-trust
安装依赖
npm install
构建
npm run build
步骤2:验证安装
bash
检查CLI是否正常工作
identity-trust info
创建您的第一个DID
identity-trust did create
🚀 使用指南
何时使用此技能
自动触发条件:用户消息包含以下内容时:
- - 关键词:DID、可验证凭证、身份、信任、去中心化身份
- 询问创建或管理数字身份
- 需要验证凭证或建立信任
- 希望实现W3C DID/VC标准
- 构建代理认证系统
触发示例:
- - 为我的AI代理创建一个DID
- 签发一个可验证凭证
- 如何验证这个凭证?
- 为认证设置去中心化身份
- 评估此代理的信任等级
不适用场景:
- - 仅涉及通用身份/密码管理(请使用密码管理器)
- OAuth/SAML认证(请使用标准认证库)
- 简单用户账户(请使用传统数据库)
🎯 核心功能
1. DID管理
- - did:key - 自包含,无需注册表
- did:web - 基于Web的DID,用于公开验证
- did:ethr - 基于以太坊的DID(基础支持)
2. 可验证凭证
- - 符合W3C VC数据模型1.1标准
- Ed25519和secp256k1签名
- 过期日期管理
- 自定义声明支持
3. 信任评估
- - 基于策略的信任评分
- 凭证验证
- 签发者信任链
- 声誉系统
4. 安全特性
- - Ed25519现代密码学(默认)
- secp256k1以太坊兼容签名
- 本地密钥存储于~/.openclaw/identity/
- 无外部密钥依赖
💻 工具
此技能为AI代理提供6个核心工具:
1. did_create - 创建去中心化标识符
为代理或实体创建新的DID。
参数:
- - method(字符串,可选):DID方法 - key、web或ethr(默认:key)
- keyType(字符串,可选):加密密钥类型 - Ed25519或secp256k1(默认:Ed25519)
- save(布尔值,可选):保存到本地存储(默认:true)
返回:
- - did(字符串):生成的DID标识符
- document(对象):完整的DID文档
示例:
bash
identity-trust did create --method key --key-type Ed25519
2. did_resolve - 将DID解析为文档
将DID解析为其DID文档。
参数:
- - did(字符串,必需):要解析的DID(例如:did:key:z6Mkf...)
返回:
- - document(对象):包含验证方法的DID文档
示例:
bash
identity-trust did resolve did:key:z6MkfzZZD5gxQ...
3. vc_issue - 签发可验证凭证
签发符合W3C标准的可验证凭证。
参数:
- - issuerDid(字符串,必需):签发者的DID
- subjectDid(字符串,必需):主体的DID
- claims(对象,必需):凭证中包含的声明
- type(字符串,可选):凭证类型(默认:VerifiableCredential)
- expirationDays(数字,可选):过期天数
返回:
- - credential(对象):已签名的可验证凭证
示例:
bash
identity-trust vc issue \
--issuer did:key:z6Mkf... \
--subject did:key:z6Mkp... \
--claims {role:developer,level:senior} \
--expiration 90
4. vc_verify - 验证凭证
验证可验证凭证的真实性和有效性。
参数:
- - credential(对象,必需):要验证的凭证
- checkExpiration(布尔值,可选):检查过期日期(默认:true)
返回:
- - verified(布尔值):凭证是否有效
- checks(对象):详细的验证结果
示例:
bash
identity-trust vc verify
5. identity_list - 列出身份
列出所有存储的DID和凭证。
参数:无
返回:
- - dids(数组):存储的DID列表
- credentials(数组):存储的凭证列表
示例:
bash
identity-trust did list
identity-trust vc list
6. trust_evaluate - 评估代理信任
基于代理的凭证和策略评估其信任等级。
参数:
- - agentDid(字符串,必需):要评估的代理DID
- policy(对象,可选):信任策略配置
返回:
- - trustLevel(数字):信任评分(0-100)
- credentials(数组):用于评估的凭证
- passed(布尔值):代理是否满足策略要求
示例:
bash
编程方式使用
import { evaluateTrust } from openclaw-identity-trust;
const result = await evaluateTrust(did:key:z6Mkf..., {
minimumTrustLevel: 60,
requiredCredentials: [IdentityCredential],
trustedIssuers: [did:key:authority...]
});
📚 CLI命令
提供三个命令别名:
- - openclaw-identity-trust
- identity-trust
- idt
DID命令
bash
创建新的DID
identity-trust did create [--method
] [--key-type ]
解析DID
identity-trust did resolve
列出所有DID
identity-trust did list
可验证凭证命令
bash
签发凭证
identity-trust vc issue \
--issuer \
--subject \
--claims \
[--type ] \
[--expiration ]
验证凭证
identity-trust vc verify
列出凭证
identity-trust vc list [--subject ]
实用命令
bash
导出所有数据
identity-trust export
显示系统信息
identity-trust info
🔧 编程API
在您的应用程序中作为Node.js库使用:
typescript
import {
generateDID,
resolveDID,
issueCredential,
verifyCredential,
LocalStorage
} from openclaw-identity-trust;
// 初始化存储
const storage = new LocalStorage();
await storage.initialize();
// 创建DID
const { did, document, keyPair } = await generateDID(key, {
keyType: Ed25519
});
console.log(创建的DID:, did);
// 签发凭证
const credential = await issueCredential({
issuerDid: did:key:issuer...,
issuerKeyPair: keyPair,
subjectDid: did,
claims: {
role: ai-agent,
capabilities: [read, write, execute]
},
expirationDate: new Date(Date.now() + 90 24 60 60 1000)
});
// 验证凭证
const result = await verifyCredential(credential, {
checkExp
