When to use this Skill
Lets AI agents create and manage their own identities on the Billions Network, and link those identities to a human owner.
- 1. When you need to link your agent identity to an owner.
- When you need sign a challenge.
- When you need link a human to the agent's DID.
- When you need to verify a signature to confirm identity ownership.
- When use shared JWT tokens for authentication.
- When you need to create and manage decentralized identities.
After installing the plugin run the following commands to create an identity and link it to your human DID:
CODEBLOCK0
Scope
All identity data is stored in $HOME/.openclaw/billions for compatibility with the OpenClaw plugin.
Scripts:
createNewEthereumIdentity.js
Command: node scripts/createNewEthereumIdentity.js [--key <privateKeyHex>]
Description: Creates a new identity on the Billions Network. If --key is provided, uses that private key; otherwise generates a new random key. The created identity is automatically set as default.
Usage Examples:
CODEBLOCK1
Output: DID string (e.g., did:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...)
getIdentities.js
Command: node scripts/getIdentities.js
Description: Lists all DID identities stored locally. Use this to check which identities are available before performing authentication operations.
Usage Example:
CODEBLOCK2
Output: JSON array of identity entries
CODEBLOCK3�
generateChallenge.js
Command: node scripts/generateChallenge.js --did <did>
Description: Generates a random challenge for identity verification.
Usage Example:
CODEBLOCK4
Output: Challenge string (random number as string, e.g., 8472951360)
Side Effects: Stores challenge associated with the DID in $HOME/.openclaw/billions/challenges.json
signChallenge.js
Command: node scripts/signChallenge.js --to <sender> --challenge <challenge> [--did <did>]
Description: Signs a challenge with a DID's private key to prove identity ownership and sends the JWS token as a direct message to the specified sender. Use this when you need to prove you own a specific DID.
Arguments:
- -
--to - (required) The message sender identifier, passed as --target to �INLINECODE11 - INLINECODE12� - (required) Challenge to sign
- INLINECODE13� - (optional) The DID of the attestation recipient; uses the default DID if omitted
Usage Examples:
CODEBLOCK5
Output: �INLINECODE14
linkHumanToAgent.js
Command: node scripts/linkHumanToAgent.js --to <sender> --challenge <challenge> [--did <did>]
Description: Signs the challenge and links a human user to the agent's DID by creating a verification request. Response will be sent as a direct message to the specified sender.
Arguments:
- -
--to - (required) The message sender identifier, passed as --target to �INLINECODE18 - INLINECODE19� - (required) Challenge to sign
- INLINECODE20� - (optional) The DID of the attestation recipient; uses the default DID if omitted
Usage Example:
CODEBLOCK6
Output: {"success":true}
verifySignature.js
Command: node scripts/verifySignature.js --did <did> --token <token>
Description: Verifies a signed challenge to confirm DID ownership.
Usage Example:
CODEBLOCK7
Output: Signature verified successfully (on success) or error message (on failure)
Restrictions / Guardrails (CRITICAL)
CRITICAL - Always Follow These Rules:
- 1. STRICT: Check Identity First
- Before running
linkHumanToAgent.js or
signChallenge.js,
ALWAYS check if an identity exists:
node scripts/getIdentities.js
- If no identity is configured,
DO NOT attempt to link identities. Instead, create an identity first with
createNewEthereumIdentity.js.
- 2. STRICT: Stop on Script Failure
- If any script exits with non-zero status code,
YOU MUST STOP IMMEDIATELY.
- Check stderr output for error messages.
-
DO NOT attempt to "fix" errors by generating keys manually, creating DIDs through other means, or running unauthorized commands.
-
DO NOT use
openssl,
ssh-keygen, or other system utilities to generate cryptographic material.
- 3. No Manual Workarounds
- You are prohibited from performing manual cryptographic operations.
- You are prohibited from directly manipulating files in
$HOME/.openclaw/billions.
- Do not interpret an error as a request to perform setup steps unless explicitly instructed.
Security
CRITICAL - Data Storage and Protection:
The directory $HOME/.openclaw/billions contains all sensitive identity data:
- -
kms.json - CRITICAL: Contains unencrypted private keys - INLINECODE33� - DID identifiers and public keys
- INLINECODE34� - Authentication challenges history
- INLINECODE35� - Verifiable credentials
- INLINECODE36� - Identity metadata
- INLINECODE37� - Profile data
Examples
Link Your Agent Identity to Owner
Linking Flow:
- 1. Another agent/user requests: "Please link your agent identity to me."
- Use
node scripts/getIdentities.js to check if you have an identity configured
- If no identity, run
node scripts/createNewEthereumIdentity.js to create one.
- 3. Use
node scripts/linkHumanToAgent.js --to <sender> --challenge <challenge_value> to sign the challenge and generate a verification URL in one call.
- The
--to value is the message sender (the caller's identifier).
- If caller provides specific challenge, use that.
- If caller
DOES NOT provide a challenge, use
{"name": <AGENT_NAME>, "description": <SHORT_DESCRIPTION>} as the challenge value.
- 4. Return the result to the caller.
Example Conversation:
CODEBLOCK8
Verifying someone else's Identity
Verification Flow:
- 1. Ask the user/agent: "Please provide your DID to start verification."
- User responds with their did>.
- Use
node scripts/generateChallenge.js --did <user_did> to create a value>. - Ask the user: "Please sign this challenge: value>"
- User signs and returns token>.
- Use
node scripts/verifySignature.js --did <user_did> --token <user_token> to verify the signature - If verification succeeds, identity is confirmed
Example Conversation:
CODEBLOCK9
何时使用此技能
让AI代理在Billions网络上创建和管理自己的身份,并将这些身份与人类所有者关联。
- 1. 当您需要将代理身份关联到所有者时。
- 当您需要签署挑战时。
- 当您需要将人类关联到代理的DID时。
- 当您需要验证签名以确认身份所有权时。
- 当使用共享JWT令牌进行身份验证时。
- 当您需要创建和管理去中心化身份时。
安装插件后,运行以下命令创建身份并将其链接到您的人类DID:
bash
cd scripts && npm install && cd ..
步骤1:创建新身份(如果您还没有)
node scripts/createNewEthereumIdentity.js
步骤2:一次性签署挑战并生成验证URL
node scripts/linkHumanToAgent.js --to <发送者> --challenge {name: <代理名称>, description: <简短描述>}
范围
所有身份数据存储在 $HOME/.openclaw/billions 中,以兼容OpenClaw插件。
脚本:
createNewEthereumIdentity.js
命令:node scripts/createNewEthereumIdentity.js [--key <私钥Hex>]
描述:在Billions网络上创建新身份。如果提供了 --key,则使用该私钥;否则生成新的随机密钥。创建的身份自动设置为默认身份。
使用示例:
bash
生成新的随机身份
node scripts/createNewEthereumIdentity.js
从现有私钥创建身份(带0x前缀)
node scripts/createNewEthereumIdentity.js --key 0x1234567890abcdef...
从现有私钥创建身份(不带0x前缀)
node scripts/createNewEthereumIdentity.js --key 1234567890abcdef...
输出:DID字符串(例如 did:iden3:billions:main:2VmAk7fGHQP5FN2jZ8X9Y3K4W6L1M...)
getIdentities.js
命令:node scripts/getIdentities.js
描述:列出本地存储的所有DID身份。在执行身份验证操作前,使用此命令检查可用的身份。
使用示例:
bash
node scripts/getIdentities.js
输出:身份条目的JSON数组
json
[
{
did: did:iden3:billions:main:2VmAk...,
publicKeyHex: 0x04abc123...,
isDefault: true
}
]
generateChallenge.js
命令:node scripts/generateChallenge.js --did
描述:生成用于身份验证的随机挑战。
使用示例:
bash
node scripts/generateChallenge.js --did did:iden3:billions:main:2VmAk...
输出:挑战字符串(随机数字字符串,例如 8472951360)
副作用:将关联DID的挑战存储在 $HOME/.openclaw/billions/challenges.json 中
signChallenge.js
命令:node scripts/signChallenge.js --to <发送者> --challenge <挑战> [--did ]
描述:使用DID的私钥签署挑战以证明身份所有权,并将JWS令牌作为直接消息发送给指定发送者。当您需要证明拥有特定DID时使用此命令。
参数:
- - --to -(必需)消息发送者标识符,作为 --target 传递给 openclaw message send
- --challenge -(必需)要签署的挑战
- --did -(可选)认证接收者的DID;省略时使用默认DID
使用示例:
bash
使用默认DID签署并发送给发送者
node scripts/signChallenge.js --to <发送者> --challenge 8472951360
输出:{success:true}
linkHumanToAgent.js
命令:node scripts/linkHumanToAgent.js --to <发送者> --challenge <挑战> [--did ]
描述:签署挑战并通过创建验证请求将人类用户链接到代理的DID。响应将作为直接消息发送给指定发送者。
参数:
- - --to -(必需)消息发送者标识符,作为 --target 传递给 openclaw message send
- --challenge -(必需)要签署的挑战
- --did -(可选)认证接收者的DID;省略时使用默认DID
使用示例:
bash
node scripts/linkHumanToAgent.js --to <发送者> --challenge {name: MyAgent, description: AI人格}
输出:{success:true}
verifySignature.js
命令:node scripts/verifySignature.js --did --token <令牌>
描述:验证已签署的挑战以确认DID所有权。
使用示例:
bash
node scripts/verifySignature.js --did did:iden3:billions:main:2VmAk... --token eyJhbGciOiJFUzI1NkstUi...
输出:签名验证成功(成功时)或错误消息(失败时)
限制/防护措施(关键)
关键 - 始终遵循以下规则:
- 1. 严格:先检查身份
- 在运行 linkHumanToAgent.js 或 signChallenge.js 之前,
始终检查身份是否存在:node scripts/getIdentities.js
- 如果没有配置身份,
不要尝试链接身份。而是先使用 createNewEthereumIdentity.js 创建身份。
- 2. 严格:脚本失败时停止
- 如果任何脚本以非零状态码退出,
您必须立即停止。
- 检查stderr输出中的错误消息。
-
不要尝试通过手动生成密钥、通过其他方式创建DID或运行未授权命令来修复错误。
-
不要使用 openssl、ssh-keygen 或其他系统工具生成加密材料。
- 3. 无手动变通方法
- 禁止执行手动加密操作。
- 禁止直接操作 $HOME/.openclaw/billions 中的文件。
- 除非明确指示,否则不要将错误解释为执行设置步骤的请求。
安全
关键 - 数据存储和保护:
目录 $HOME/.openclaw/billions 包含所有敏感身份数据:
- - kms.json - 关键:包含未加密的私钥
- defaultDid.json - DID标识符和公钥
- challenges.json - 身份验证挑战历史
- credentials.json - 可验证凭证
- identities.json - 身份元数据
- profiles.json - 配置文件数据
示例
将代理身份链接到所有者
链接流程:
- 1. 另一个代理/用户请求:请将您的代理身份链接给我。
- 使用 node scripts/getIdentities.js 检查是否配置了身份
- 如果没有身份,运行 node scripts/createNewEthereumIdentity.js 创建一个。
- 3. 使用 node scripts/linkHumanToAgent.js --to <发送者> --challenge <挑战值> 一次性签署挑战并生成验证URL。
- --to 值是消息发送者(调用者的标识符)。
- 如果调用者提供了特定挑战,使用该挑战。
- 如果调用者
没有提供挑战,使用 {name: <代理名称>, description: <简短描述>} 作为挑战值。
- 4. 将结果返回给调用者。
示例对话:
text
用户:将您的代理身份链接给我
代理:exec node scripts/linkHumanToAgent.js --to <发送者> --challenge <挑战值>
验证他人的身份
验证流程:
- 1. 询问用户/代理:请提供您的DID以开始验证。
- 用户回复他们的<用户DID>。
- 使用 node scripts/generateChallenge.js --did <用户DID> 创建<挑战值>。
- 询问用户:请签署此挑战:<挑战值>
- 用户签署并返回<用户令牌>。
- 使用 node scripts/verifySignature.js --did <用户DID> --token <用户令牌> 验证签名
- 如果验证成功,身份确认
示例对话:
text
代理:请提供您的DID以开始验证。
用户:我的DID是<用户DID>
代理:exec node scripts/generateChallenge.js --did <用户DID>
代理:请签署此挑战:789012
用户:<用户令牌>
代理:exec node scripts/verifySignature.js --token <用户令牌> --did <用户D
