📦 Identity Trust — 去中心化身份管理

v1.0.0

基于W3C DID Core和Verifiable Credentials标准的去中心化身份（DID）和可验证凭证管理系统，为AI代理提供创建、管理DID、签发和验证凭证、建立信任关系及安全存储密钥的功能。

0· 225·0 当前·0 累计

by @zhenstaff (Justin Liu)·MIT-0

生产力工具

下载技能包

License

MIT-0

最后更新

2026/3/8

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

该技能声明的DID/VC功能是一致的，但该包宣传了具体的CLI/编程工具，而注册表中没有提供代码或安装规范——它指示用户/代理安装第三方npm/GitHub包并将私钥存储到磁盘，这对于该目的是合理的，但引入了安装和本地密钥处理风险，这些风险未在注册表元数据中体现。

评估建议

该技能描述了一个合法的DID/Verifiable Credentials工具集，但注册表包仅包含说明——实际实现是一个外部npm/GitHub包（openclaw-identity-trust）。在安装或让代理运行这些命令之前：1) 检查npm包和GitHub仓库（所有者、最近的提交、开放问题、README、许可证）以确保您信任作者。2) 审查包代码（特别是写入keys.json/密钥处理的代码以及任何网络调用）。3) 避免在生产机器上进行全局npm安装；建议在隔离环境（容器/VM）中安装并验证包完整性（校验和）。4) 将本地存储路径（~/.openclaw/identity/）视为敏感位置：确保密钥已加密，使用安全的文件权限，并按照最佳实践备份/轮换密钥。5) 如果您不希望代理自主安装/运行第三方代码，请不要授予其执行shell/npm命令的权限——手动运行审计和安装。如果您愿意，我可以获取并总结GitHub仓库和npm包的元数据（所有者、版本、最近活动）来帮助您做决定。...

详细分析 ▾

ℹ 用途与能力

名称和描述与SKILL.md内容（DID和Verifiable Credentials）匹配。然而，SKILL.md宣传了6个可运行工具和一个Node.js库，而注册表中没有代码或安装规范——意味着发布的技能仅是说明性的，依赖外部npm/GitHub包（openclaw-identity-trust）来提供实际功能。这种不匹配是一种不一致性（不一定是恶意的），用户应该理解。

⚠ 指令范围

说明明确指示用户/代理安装并运行外部npm包或克隆GitHub仓库，通过网络解析DID（did:web），并读写加密材料到~/.openclaw/identity/（dids.json、credentials.json、keys.json）。这些文件路径操作和可选的网络调用与DID/VC任务相关但很敏感：私钥将被写入磁盘，网络解析可能联系外部端点。SKILL.md还包含代理调用的AUTO-TRIGGER规则——这很好，但隐含的运行时操作（安装和执行第三方代码、文件I/O、网络访问）未在注册表要求中捕获。

⚠ 安装机制

注册表没有公开安装规范，但SKILL.md建议通过npm（-g）或克隆GitHub仓库安装。从npm或GitHub安装包或代码会在用户机器上运行第三方代码并可执行任意操作。虽然npm和GitHub是常见来源，但注册表缺乏捆绑代码或明确的验证安装规范意味着该技能依赖外部包，应在安装前进行审计。

ℹ 凭证需求

该技能没有声明必需的环境变量，这与注册表匹配。SKILL.md提到了可选的环境变量（OPENCLAW_IDENTITY_PATH、OPENCLAW_IDENTITY_NETWORK_ENABLED），适合自定义存储和网络行为。主要敏感点是本地私钥存储（keys.json）。元数据中没有请求无关凭证，这是适当的，但在本地存储私钥本身是高价值的，应该谨慎处理。

✓ 持久化与权限

always为false，没有声明持久化权限。该技能确实指示在~/.openclaw/identity/下存储数据，但不声称修改其他技能或系统级配置。默认允许自主调用——如果您计划允许代理运行安装命令，请将其与其他标志结合使用，如果您不信任外部包，请考虑限制执行。

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/8

初始版本

● 无害

安装命令

点击复制

官方npx clawhub@latest install identity-trust

镜像加速npx clawhub@latest install identity-trust --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

技能文档

去中心化身份（DID）和AI代理可验证凭证管理系统，基于W3C DID Core和W3C Verifiable Credentials标准构建。

📋 Overview

Identity Trust提供完整的去中心化身份管理解决方案，使AI代理能够：

创建和管理去中心化标识符（DID）
签发和验证W3C兼容的可验证凭证
在代理之间建立信任关系
安全地管理加密密钥
本地存储身份数据以保护隐私

📦 Installation

Step 1: Install the Package

Option A: Via npm (Recommended)

# Install globally for CLI access npm install -g openclaw-identity-trust

# Verify installation identity-trust --version

Option B: From GitHub

# Clone repository git clone https://github.com/ZhenRobotics/openclaw-identity-trust.git cd openclaw-identity-trust # Install dependencies npm install

# Build npm run build

Step 2: Verify Installation

# Check CLI is working identity-trust info

# Create your first DID identity-trust did create

🚀 Usage

When to Use This Skill

AUTO-TRIGGER when user's message contains:

Keywords: DID, verifiable credential, identity, trust, decentralized identity
Asks about creating or managing digital identities
Needs to verify credentials or establish trust
Wants to implement W3C DID/VC standards
Building agent authentication systems

TRIGGER EXAMPLES:

"Create a DID for my AI agent"
"Issue a verifiable credential"
"How do I verify this credential?"
"Set up decentralized identity for authentication"
"Evaluate trust level of this agent"

DO NOT USE when:

Only general identity/password management (use password managers)
OAuth/SAML authentication (use standard auth libraries)
Simple user accounts (use traditional databases)

🎯 Core Features

1. DID Management

did:key - Self-contained, no registry needed
did:web - Web-hosted DIDs for public verification
did:ethr - Ethereum-based DIDs (basic support)

2. Verifiable Credentials

W3C VC Data Model 1.1 compliant
Ed25519 and secp256k1 signatures
Expiration date management
Custom claims support

3. Trust Evaluation

Policy-based trust scoring
Credential verification
Issuer trust chains
Reputation systems

4. Security

Ed25519 modern cryptography (default)
secp256k1 Ethereum-compatible signatures
Local key storage at ~/.openclaw/identity/
No external key dependencies

💻 Tools

This skill provides 6 core tools for AI agents:

1. `did_create` - Create Decentralized Identifiers

Create a new DID for an agent or entity.

Parameters:

method (string, optional): DID method - key, web, or ethr (default: key)
keyType (string, optional): Cryptographic key type - Ed25519 or secp256k1 (default: Ed25519)
save (boolean, optional): Save to local storage (default: true)

Returns:

did (string): The generated DID identifier
document (object): Complete DID Document

Example:

identity-trust did create --method key --key-type Ed25519

2. `did_resolve` - Resolve DIDs to Documents

Resolve a DID to its DID Document.

Parameters:

did (string, required): DID to resolve (e.g., did:key:z6Mkf...)

Returns:

document (object): DID Document with verification methods

Example:

identity-trust did resolve did:key:z6MkfzZZD5gxQ...

3. `vc_issue` - Issue Verifiable Credentials

Issue a W3C-compliant verifiable credential.

Parameters:

issuerDid (string, required): Issuer's DID
subjectDid (string, required): Subject's DID
claims (object, required): Claims to include in credential
type (string, optional): Credential type (default: VerifiableCredential)
expirationDays (number, optional): Expiration in days

Returns:

credential (object): Signed verifiable credential

Example:

identity-trust vc issue \
  --issuer did:key:z6Mkf... \
  --subject did:key:z6Mkp... \
  --claims '{"role":"developer","level":"senior"}' \
  --expiration 90

4. `vc_verify` - Verify Credentials

Verify the authenticity and validity of a verifiable credential.

Parameters:

credential (object, required): Credential to verify
checkExpiration (boolean, optional): Check expiration date (default: true)

Returns:

verified (boolean): Whether credential is valid
checks (object): Detailed verification results

Example:

identity-trust vc verify

5. `identity_list` - List Identities

List all stored DIDs and credentials.

Parameters: None

Returns:

dids (array): List of stored DIDs
credentials (array): List of stored credentials

Example:

identity-trust did list
identity-trust vc list

6. `trust_evaluate` - Evaluate Agent Trust

Evaluate the trust level of an agent based on their credentials and policy.

Parameters:

agentDid (string, required): Agent DID to evaluate
policy (object, optional): Trust policy configuration

Returns:

trustLevel (number): Trust score (0-100)
credentials (array): Credentials used for evaluation
passed (boolean): Whether agent meets policy requirements

Example:

# Programmatic usage
import { evaluateTrust } from 'openclaw-identity-trust';const result = await evaluateTrust('did:key:z6Mkf...', {
  minimumTrustLevel: 60,
  requiredCredentials: ['IdentityCredential'],
  trustedIssuers: ['did:key:authority...']
});

📚 CLI Commands

Three command aliases available:

openclaw-identity-trust
identity-trust
idt

DID Commands

# Create a new DID
identity-trust did create [--method ] [--key-type ]
# Resolve a DID
identity-trust did resolve # List all DIDs
identity-trust did list

Verifiable Credential Commands

# Issue a credential
identity-trust vc issue \
  --issuer  \
  --subject  \
  --claims '' \
  [--type ] \
  [--expiration ]
# Verify a credential
identity-trust vc verify # List credentials
identity-trust vc list [--subject ]

Utility Commands

# Export all data identity-trust export

# Show system information identity-trust info

🔧 Programmatic API

Use as a Node.js library in your applications:

import { generateDID, resolveDID, issueCredential, verifyCredential, LocalStorage } from 'openclaw-identity-trust';
// Initialize storage
const storage = new LocalStorage();
await storage.initialize();
// Create a DID
const { did, document, keyPair } = await generateDID('key', { keyType: 'Ed25519' });
console.log('Created DID:', did);
// Issue a credential
const credential = await issueCredential({
  issuerDid: 'did:key:issuer...',
  issuerKeyPair: keyPair,
  subjectDid: did,
  claims: {
    role: 'ai-agent',
    capabilities: ['read', 'write', 'execute']
  },
  expirationDate: new Date(Date.now() + 90  24  60  60  1000)
});// Verify credential
const result = await verifyCredential(credential, {
  checkExpiration: true,
  localStore: storage.getDIDStore()
});
console.log('Verified:', result.verified);

🎓 Use Cases

1. AI Agent Identity

Create persistent identities for AI agents:

# Create agent DID identity-trust did create --method key

# Issue capability credential identity-trust vc issue \ --issuer did:key:authority... \ --subject did:key:agent... \ --claims '{"agent":"GPT-Agent-001","capabilities":["api_access","data_read"]}'

2. Service Authentication

Authenticate agents accessing services:

const credential = await storage.getCredential(credentialId);
const result = await verifyCredential(credential);if (result.verified) {
  // Grant access to service
  console.log('Access granted');
} else {
  console.log('Access denied:', result.error);
}

3. Trust Networks

Build trust relationships between agents:

const trust = await evaluateTrust(agentDid, {
  minimumTrustLevel: 60,
  requiredCredentials: ['IdentityCredential', 'CapabilityCredential'],
  trustedIssuers: [authorityDid],
  allowExpired: false
});if (trust.passed) {
  console.log(Agent trusted with level: ${trust.trustLevel}%);
}

📐 Technical Standards

This implementation follows:

W3C DID Core 1.0 - Decentralized Identifiers specification
W3C Verifiable Credentials Data Model 1.1 - Verifiable credentials standard
Ed25519 Signature 2020 - Modern cryptographic signatures
Multibase Encoding - Base58btc encoding for did:key

🔒 Security

Cryptography

Ed25519 - Modern elliptic curve signatures (default)
secp256k1 - Ethereum-compatible signatures
@noble/curves - Audited cryptography library
@noble/hashes - Secure hashing

Key Storage

Private keys stored locally at ~/.openclaw/identity/
No cloud storage or external dependencies
User controls all cryptographic material

Best Practices

Never share private keys
Always set expiration dates on credentials
Verify credentials before trusting
Use strong trust policies for critical operations
Rotate keys periodically

🛠️ Configuration

Storage Location

Default: ~/.openclaw/identity/

Structure:

~/.openclaw/identity/
├── dids.json          # Stored DID documents
├── credentials.json   # Issued/received credentials
└── keys.json          # Encrypted private keys

Environment Variables

# Optional: Custom storage path
OPENCLAW_IDENTITY_PATH=/custom/path# For did:web resolution (if using network)
OPENCLAW_IDENTITY_NETWORK_ENABLED=true

📊 Comparison with Alternatives

Feature	Identity Trust	Traditional Auth	OAuth/SAML
Decentralized	✅	❌	❌
Self-sovereign	✅	❌	❌
W3C Standards	✅	❌	❌
No Central Authority	✅	❌	❌
Cryptographic Proofs	✅	🟡	🟡
Agent-to-Agent	✅	❌	🟡
Offline Verification	✅	❌	❌

🐛 Troubleshooting

Common Issues

Problem: Error: Private key not found

# Solution: Ensure DID was saved when created
identity-trust did create --save

Problem: Error: Failed to resolve DID

# Solution: Check DID format and network settings
identity-trust did resolve did:key:z6Mkf...

Problem: Error: Signature verification failed

# Solution: Check issuer DID and credential integrity
identity-trust vc verify --no-expiration

📖 Documentation

Full Documentation: README.md
Quick Start Guide: QUICKSTART.md
API Reference: src/types.ts
GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
npm Package: https://www.npmjs.com/package/openclaw-identity-trust

🔄 Updates & Changelog

v1.0.0 (2026-03-08)

Initial release with:

DID generation and resolution (did:key, did:web, did:ethr)
Verifiable Credential issuance and verification
Trust evaluation system
CLI tool with 3 command aliases
Programmatic API
Local storage with encryption
W3C standards compliance

🤝 Contributing

Contributions welcome! Please:

Fork the repository
Create a feature branch
Make your changes
Submit a pull request

📄 License

MIT License - see LICENSE

🔗 Links

GitHub: https://github.com/ZhenRobotics/openclaw-identity-trust
npm: https://www.npmjs.com/package/openclaw-identity-trust
ClawHub: https://clawhub.ai/ZhenStaff/identity-trust
Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues

💬 Support

Issues: https://github.com/ZhenRobotics/openclaw-identity-trust/issues
Discussions: https://github.com/ZhenRobotics/openclaw-identity-trust/discussions
Email: support@zhenrobot.com

Built with ❤️ for the OpenClaw ecosystem

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

License

运行时依赖

版本

安装命令

技能文档

📋 Overview

📦 Installation

Step 1: Install the Package

Step 2: Verify Installation

🚀 Usage

When to Use This Skill

🎯 Core Features

1. DID Management

2. Verifiable Credentials

3. Trust Evaluation

4. Security

💻 Tools

1. did_create - Create Decentralized Identifiers

2. did_resolve - Resolve DIDs to Documents

3. vc_issue - Issue Verifiable Credentials

4. vc_verify - Verify Credentials

5. identity_list - List Identities

6. trust_evaluate - Evaluate Agent Trust

📚 CLI Commands

DID Commands

Verifiable Credential Commands

Utility Commands

🔧 Programmatic API

🎓 Use Cases

1. AI Agent Identity

2. Service Authentication

3. Trust Networks

📐 Technical Standards

🔒 Security

Cryptography

Key Storage

Best Practices

🛠️ Configuration

Storage Location

Environment Variables

📊 Comparison with Alternatives

🐛 Troubleshooting

Common Issues

📖 Documentation

🔄 Updates & Changelog

v1.0.0 (2026-03-08)

🤝 Contributing

📄 License

🔗 Links

💬 Support

1. `did_create` - Create Decentralized Identifiers

2. `did_resolve` - Resolve DIDs to Documents

3. `vc_issue` - Issue Verifiable Credentials

4. `vc_verify` - Verify Credentials

5. `identity_list` - List Identities

6. `trust_evaluate` - Evaluate Agent Trust