Know Your Agent (KYA). Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentication proofs. Based on iden3 self-sovereign identity protocol.
---
name: verified-agent-identity
description: Know Your Agent (KYA). Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentication proofs. Based on iden3 self-sovereign identity protocol.
metadata:
{
"category": "identity",
"clawdbot":
{
"requires": { "bins": ["node"] },
"config": { "optionalEnv": ["BILLIONS_NETWORK_MASTER_KMS_KEY"] },
},
}
homepage: https://billions.network/
---
## When to Use This Skill
This skill covers two capabilities. Read the **router table** below, then load the relevant reference before proceeding.
| Situation | Reference to load |
| ----------------------------------------------------------------------- | ----------------------------- |
| Create, list, link, verify, or sign with a decentralized identity (DID) | `reference/identity/SKILL.md` |
| Handle a **402 Payment Required** HTTP response | `reference/x402/SKILL.md` |
> **Always read the appropriate reference SKILL.md before running any script.**
> If a task spans both (e.g. you need an identity before you can sign a 402 payment), read both.
## Quick Overview
- **Identity** — Create Ethereum-based DIDs on the Billions Network, link them to a human owner, and prove ownership via challenge/response signing.
- **x402 Payment** — When a server returns `402 Payment Required`, build a signed `PAYMENT-SIGNATURE` header so you can retry the request and gain access.
## Shared Setup
All identity data is stored in `$HOME/.openclaw/billions`. Scripts live in `scripts/`.
```bash
cd scripts && npm install && cd ..
```
## Restrictions / Guardrails (CRITICAL)
**These rules apply to ALL references. Always follow them.**
1. **STRICT: Check Identity First**
- Before running `linkHumanToAgent.js`, `signChallenge.js`, or `buildX402Payment.js`, **ALWAYS** check if an identity exists: `node scripts/getIdentities.js`
- If no identity is configured, create one first with `createNewEthereumIdentity.js` after that run `linkHumanToAgent.js` to link it to a human owner.
- Continue processing the task only after confirming that an identity exists and is linked to a human owner.
2. **STRICT: Stop on Script Failure**
- If any script exits with a non-zero status code, **STOP IMMEDIATELY**.
- Check stderr for error messages.
- **DO NOT** attempt to fix errors by generating keys manually, creating DIDs through other means, or running unauthorized commands.
- **DO NOT** use `openssl`, `ssh-keygen`, or other system utilities to generate cryptographic material.
3. **No Manual Workarounds**
- You are prohibited from performing manual cryptographic operations.
- You are prohibited from directly manipulating files in `$HOME/.openclaw/billions`.
- Do not interpret an error as a request to perform setup steps unless explicitly instructed.
## Security
The directory `$HOME/.openclaw/billions` contains sensitive identity data:
- `kms.json` — **CRITICAL**: Contains private keys (encrypted if `BILLIONS_NETWORK_MASTER_KMS_KEY` is set, otherwise plaintext)
- `defaultDid.json` — DID identifiers and public keys
- `challenges.json` — Authentication challenges history
- `credentials.json` — Verifiable credentials
- `identities.json` — Identity metadata
- `profiles.json` — Profile data
After the first run, restrict access to this directory: chmod 700 ~/.openclaw/billions
There are several ways of storing private keys, to enable master key encryption as described in the KMS Encryption section below.
More about security: `./SECURITY.md`
Creator's repository · billionsnetwork/verified-agent-identity