首页龙虾技能列表 › Blockchain & DID — 技能工具

Blockchain & DID — 技能工具

v1.0.1

Decentralized identity (DID) management, on-chain KYC status, and membership tiers with token staking.

0· 102·0 当前·0 累计
by @d9m1n1c (D9m1n1c)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/14
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The skill claims to perform DID, KYC, and staking operations via authenticated API calls, but its declared requirements and runtime instructions are inconsistent (it only asks for an API base URL, marks that URL as the 'primary credential', and uses a development API hostname) — this mismatch and lack of publisher info merit caution.
评估建议
Do not install or grant credentials to this skill until the author clarifies authentication and the endpoint. Specific checks to request or perform before using: (1) Ask the publisher for a verifiable homepage, documentation, and a production API base URL (not a -dev host). (2) Ask which auth scheme is required and which exact environment variable name(s) you must provide for bearer tokens or API keys. Prefer short-lived, scope-limited tokens if you must provide credentials. (3) Verify the owner...
详细分析 ▾
用途与能力
The skill's name and description line up with the listed REST endpoints (DID, KYC, membership/staking). However, all endpoints are marked 'Requires auth' while the registry only declares AIOT_API_BASE_URL (a URL) as the required environment variable and as the primary credential. Expectation: a DID/KYC/staking integration should declare how auth is supplied (API key, bearer token env var name, OAuth flow, or platform session). Marking a URL as the primary credential is incoherent.
指令范围
SKILL.md gives clear endpoint flows and sensible runtime rules (e.g., ask for PINs, don't persist secrets). But it repeatedly requires authenticated requests and instructs the agent to 'verify the session has a valid bearer token' without specifying how to obtain or where to store that token. The default base URL points to a development hostname (payment-api-dev.aiotnetwork.io), which is unusual for a published skill and may cause unexpected behavior if used in production.
安装机制
This is an instruction-only skill with no install specification and no code files; there is no filesystem install activity. That lowers supply-chain risk.
凭证需求
Only AIOT_API_BASE_URL is required, but the runtime requires authentication for every endpoint. There is no declared env var for an API token, client secret, or other credential names (e.g., AIOT_API_KEY, AIOT_BEARER_TOKEN). This gap is disproportionate and ambiguous. Also, marking a URL as the 'primary credential' is misleading.
持久化与权限
The skill does not request persistent/always-on inclusion and does not declare modifications to other skills or system settings. It explicitly advises not to log or cache secrets, which is appropriate. Autonomous invocation is allowed by default (not flagged here), but should be considered in user guidance given other concerns.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/20

- Updated documentation for clearer setup and usage of decentralized identity (DID), on-chain KYC, and membership tiers with token staking. - Added detailed recommended flows for DID creation, KYC completion, and membership tier upgrade. - Clarified rules on one-time DID creation, staking mechanics, and tier benefits. - Included agent guidance and security best practices for handling authentication and user secrets. - Specified required environment configuration for API access.

● 无害

安装命令 点击复制

官方npx clawhub@latest install aiotnetwork-blockchain-did
镜像加速npx clawhub@latest install aiotnetwork-blockchain-did --registry https://cn.clawhub-mirror.com

技能文档

Use this skill when the user needs to set up a decentralized identity, complete on-chain KYC, or manage membership tiers.

Configuration

The default API base URL is https://payment-api-dev.aiotnetwork.io. All endpoints are relative to this URL.

To override (e.g. for local development):

export AIOT_API_BASE_URL="http://localhost:8080"

If AIOT_API_BASE_URL is not set, use https://payment-api-dev.aiotnetwork.io as the base for all requests.

Available Tools

  • get_did_status — Get the user's decentralized identity (DID) status | GET /api/v1/blockchain/did | Requires auth
  • create_did — Create a new decentralized identity on-chain | POST /api/v1/blockchain/did | Requires auth
  • get_blockchain_kyc — Get on-chain KYC verification status | GET /api/v1/blockchain/kyc | Requires auth
  • complete_blockchain_kyc — Complete on-chain KYC at a given level (basic, standard, or enhanced) | POST /api/v1/blockchain/kyc/complete | Requires auth
  • get_membership — Get membership status and tier | GET /api/v1/blockchain/membership/status | Requires auth
  • get_membership_tiers — Get available membership tier configurations | GET /api/v1/blockchain/membership/tiers | Requires auth
  • stake_tokens — Stake tokens to upgrade membership tier | POST /api/v1/blockchain/membership/stake | Requires auth

Recommended Flows

Setup Decentralized Identity

Create a DID and complete on-chain KYC

  • Check DID: GET /api/v1/blockchain/did — see if user already has a DID
  • Create DID: POST /api/v1/blockchain/did — if none exists
  • Check on-chain KYC: GET /api/v1/blockchain/kyc
  • Complete KYC: POST /api/v1/blockchain/kyc/complete with {level: basic|standard|enhanced}

Upgrade Membership

Stake tokens to reach a higher membership tier

  • View tiers: GET /api/v1/blockchain/membership/tiers — see requirements
  • Check current: GET /api/v1/blockchain/membership/status
  • Stake: POST /api/v1/blockchain/membership/stake with {amount}

Rules

  • DID creation is a one-time operation — once active, it cannot be recreated
  • On-chain KYC and off-chain (MasterPay) KYC are independent — completing one does not require the other
  • Staking records the token amount for tier calculation — tier is determined by the staked amount
  • Higher tiers unlock lower fees and additional features (Tier 1: 10%, Tier 2: 15%, Tier 3: 20%, Tier 4: 25% discount)

Agent Guidance

Follow these instructions when executing this skill:

  • Always follow the documented flow order. Do not skip steps.
  • If a tool requires authentication, verify the session has a valid bearer token before calling it.
  • If a tool requires a transaction PIN, ask the user for it fresh each time. Never cache or log PINs.
  • Never expose, log, or persist secrets (passwords, tokens, full card numbers, CVVs).
  • If the user requests an operation outside this skill's scope, decline and suggest the appropriate skill.
  • If a step fails, check the error and follow the recovery guidance below before retrying.
  • DID creation is a one-time operation. Once active, it cannot be recreated. Confirm with the user before calling create_did.
  • On-chain KYC and off-chain (MasterPay) KYC are independent systems. Completing complete_blockchain_kyc does not require MasterPay KYC to be approved.
  • complete_blockchain_kyc requires a level parameter: one of "basic", "standard", or "enhanced". Always ask the user which level they want.
  • Staking sets the token amount that determines the membership tier. Tier is calculated from the staked amount: Tier 1 (0 tokens, 10%), Tier 2 (15,000 tokens, 15%), Tier 3 (20,000 tokens, 20%), Tier 4 (25,000 tokens, 25%).
  • Higher membership tiers unlock lower transaction fees and additional platform features.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务