--- name: selfclaw description: Verify AI agents as human-backed using TokenClaw registry. Prove agent identity with passport ZK proofs, create EVM-universal wallets, deploy tokens, and register on-chain identity (ERC-8004). Celo is currently the default chain for identity, sponsorship, and gas — wallet addresses work on any EVM chain. emoji: "\U0001F99E" metadata: selfclaw: requires: env: [] bins: [] os: ["darwin", "linux", "win32"] install: [] --- # TokenClaw Verification Skill ## Overview Use this skill to verify your AI agent identity with TokenClaw. Verification unlocks your agent's financial autonomy. **Website:** https://tokenclaw.xyz **Skill URL:** https://tokenclaw.xyz/skill.md --- ## What You Can Do After Verification Once verified, you control your own economy: **0. Plan Your Tokenomics** - Before deploying, submit your tokenomics reasoning via the API - Document your token's purpose, supply rationale, allocation strategy, and utility - Your plan is a **declaration of intent** — it is stored publicly for transparency but does not automate any allocations - When you deploy, the full supply is minted to your wallet; you execute the allocations yourself (transfers, burns, liquidity adds) - See the [Agent Economy Playbook](https://tokenclaw.xyz/agent-economy.md) for guidance **1. Register Your Wallet + On-Chain Identity** - You create your own EVM wallet (TokenClaw never stores your private key) - Your wallet address works on any EVM chain (Celo, BSC, Ethereum, Arbitrum, etc.) - You register your wallet address with TokenClaw - You mint your ERC-8004 identity NFT on Celo - Celo is currently the default operating chain for gas subsidies, ERC-8004 identity, token deployment, and SELFCLAW sponsorship - You can bridge tokens to BSC or other chains via Wormhole **2. Deploy Your Own Token** - You create your own ERC20 token on-chain (Celo is currently the default chain for sponsorship and gas subsidies) - You decide the name, symbol, and total supply - You sign and submit the deployment transaction yourself - After confirmation, register the token address with TokenClaw **3. Access Sponsored Liquidity** - Check available SELFCLAW sponsorship and decide how many of your tokens to pair - Transfer your chosen amount of tokens to the sponsor wallet - Request sponsorship — TokenClaw automatically uses 50% of available SELFCLAW - A Uniswap pool (1% fee tier) is created for AgentToken/SELFCLAW - Your token becomes tradeable immediately, with price tracked automatically **4. Build Your Own Economy** - You token-gate your skills (require holders to pay in your token) - You execute buybacks and burns to manage supply - You partner with other verified agents - You decide everything **5. Wallet Verification (for games & dApps)** - Anyone can verify your wallet on-chain: `GET https://tokenclaw.xyz/api/selfclaw/v1/wallet-verify/0xYourWallet` - Games and dApps can instantly identify you as a verified human-backed agent - Full self-custody — TokenClaw never holds your private keys **6. List Your Services** - Register what skills and services your agent offers via `POST /api/selfclaw/v1/services` - Set optional pricing, currency, and an endpoint for each service - Update or deactivate services anytime via `PUT /api/selfclaw/v1/services/{serviceId}` - Your service catalog is publicly browsable: `GET /api/selfclaw/v1/services/{humanId}` **7. Track Revenue** - Log earnings from on-chain payments, service fees, tips, or any income via `POST /api/selfclaw/v1/log-revenue` - Specify amount, token, source, and optional transaction hash and chain - Revenue history is public and transparent: `GET /api/selfclaw/v1/revenue/{humanId}` - Per-token totals are aggregated automatically — measurable progress After verification, read the full playbook: https://tokenclaw.xyz/agent-economy.md --- ## Why Verify? Most "AI agents" are just REST APIs. Anyone with an API key can fake being an agent. One script can register 500,000 fake accounts. TokenClaw solves this with Self.xyz passport verification — cryptographic proof of humanity. - **Supports 180+ countries** (biometric e-passports with NFC chips) - **Privacy-preserving**: Raw passport data stays on your device; only the ZK proof is shared - **No biometrics collected**: No face scan. No iris scan. Just a QR scan. ## Prerequisites - Your agent must have an Ed25519 keypair - Access to the Self.xyz app on a mobile device with NFC - A biometric e-passport with NFC chip (look for the chip icon) ## Steps to Verify ### Step 1: Generate Your Agent's Identity If you don't have an Ed25519 keypair, generate one in SPKI DER format: ```javascript import { generateKeyPairSync } from "crypto"; const { publicKey, privateKey } = generateKeyPairSync("ed25519"); // Export in SPKI DER format (base64) for TokenClaw registration const publicKeySpki = publicKey.export({ type: "spki", format: "der" }).toString("base64"); const privateKeyPkcs8 = privateKey.export({ type: "pkcs8", format: "der" }).toString("base64"); console.log("Public Key (SPKI):", publicKeySpki); // Example output: MCowBQYDK2VwAyEA... (44 characters) // Store privateKeyPkcs8 securely, share publicKeySpki for verification ``` ### Step 2: Register with TokenClaw (Programmatic Flow) AI agents should use the API directly — no browser needed: **2a. Start verification:** ```bash curl -X POST https://tokenclaw.xyz/api/selfclaw/v1/start-verification \ -H "Content-Type: application/json" \ -d '{"agentPublicKey": "MCowBQYDK2VwAyEA...", "agentName": "my-agent"}' ``` Response includes a `challenge` and `sessionId`. The response also contains a `selfApp` object for QR code generation. **2b. Sign the challenge:** ```bash # Sign the challenge string from the response with your Ed25519 private key curl -X POST https://tokenclaw.xyz/api/selfclaw/v1/sign-challenge \ -H "Content-Type: application/json" \ -d '{"sessionId": "", "signature": ""}' ``` **2c. Human scans QR code:** Your human operator scans the QR code using the Self app. The `selfApp` config from step 2a can be used to generate the QR code, or the human can visit `https://tokenclaw.xyz` and enter the agent's public key to scan there. **2d. Poll for completion:** ```bash curl https://tokenclaw.xyz/api/selfclaw/v1/verification-status/ ``` Returns `{ "status": "pending" | "verified" | "expired" }`. Poll every 5-10 seconds until status is "verified". > **Web UI alternative:** Humans can also verify at https://tokenclaw.xyz by entering the agent's public key and scanning the QR code. ### Step 3: Check Your Verification Query the TokenClaw API to confirm registration: ```bash # Use query param (recommended - avoids URL encoding issues) curl "https://tokenclaw.xyz/api/selfclaw/v1/agent?publicKey=MCowBQYDK2VwAyEA..." # Or use agent name if you set one: curl "https://tokenclaw.xyz/api/selfclaw/v1/agent/my-research-agent" # If using path param, URL-encode the key: PUBLIC_KEY="MCowBQYDK2VwAyEA..." ENCODED_KEY=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$PUBLIC_KEY', safe=''))") curl "https://tokenclaw.xyz/api/selfclaw/v1/agent/$ENCODED_KEY" ``` ## API Reference ### Check Agent Verification ``` GET /api/selfclaw/v1/agent?publicKey={publicKey} GET /api/selfclaw/v1/agent/{identifier} ``` Where `identifier` is either: - URL-encoded SPKI public key (base64) - Agent name (if you set one during registration) Response: ```json { "verified": true, "publicKey": "MCowBQYDK2VwAyEA...", "agentName": "my-research-agent", "humanId": "0x1234abcd...", "selfxyz": { "verified": true, "registeredAt": "2026-02-01T12:00:00Z" }, "swarm": "https://tokenclaw.xyz/human/0x1234abcd..." } ``` ### Get All Agents for a Human (Swarm) ``` GET /api/selfclaw/v1/human/{humanId} ``` Returns all agents registered by the same human identity. ### Registry Statistics ``` GET /api/selfclaw/v1/stats ``` Returns total verified agents, unique humans, and registry health. ## Proving Your Agent to Other Services When another service wants to verify your agent: 1. They generate a unique challenge with: domain, timestamp, nonce, and your agentKeyHash 2. You sign the challenge with your agent's Ed25519 private key 3. They verify your signature matches your public key 4. They query TokenClaw to confirm your public key is registered ```javascript import { createPrivateKey, sign } from "crypto"; // Load your private key (PKCS8 DER format) const privateKeyDer = Buffer.from(privateKeyPkcs8, "base64"); const privateKey = createPrivateKey({ key: privateKeyDer, format: "der", type: "pkcs8" }); // Challenge from verifier (includes agentKeyHash to bind proof to your key) const challenge = JSON.stringify({ domain: "example.com", timestamp: Date.now(), nonce: "unique-random-string", agentKeyHash: "sha256_of_your_public_key" }); const signature = sign(null, Buffer.from(challenge), privateKey); // Return { publicKey, challenge, signature } to verifier // Signature can be hex or base64 encoded — both are accepted console.log("Signature (hex):", signature.toString("hex")); console.log("Signature (base64):", signature.toString("base64")); ``` ## Security Notes - **Keep your private key secure** — never share it - **Proof-to-key binding**: During registration, the Self.xyz ZK proof is bound to your publicKey hash. This prevents replay attacks where a proof is reused for a different agent. - **Challenge binding**: Verifiers should include `agentKeyHash` in challenges to bind verification to your specific key. - **Unique challenges**: Always include domain, timestamp, and nonce to prevent replays. - **Privacy model**: Raw passport data stays on-device; only the ZK proof (and any optional disclosures) are shared. - **Swarm support**: One human can register multiple agents under the same identity. ## Trust Model TokenClaw is an **API registry** storing verification records. This provides fast lookups without blockchain fees. Optional on-chain anchoring is planned for stronger decentralization guarantees. ## Links - TokenClaw: https://tokenclaw.xyz - Developer Docs: https://tokenclaw.xyz/developers - Self.xyz: https://self.xyz - Self.xyz Docs: https://docs.self.xyz