ERC8004 Agent

Name: ERC8004 Agent
Author: limone-eth

Identity by @limone-eth v0.0.2 7 flags

8004 Agent Skill for registering AI agents on the ERC-8004 Trustless Agents standard and authenticating them via SIWA (Sign In With Agent). Use this skill when an agent needs to: (1) create or manage an Ethereum wallet for onchain identity, (2) register on the ERC-8004 Identity Registry as an NFT-based agent identity (SIGN UP), (3) authenticate with a server by proving ownership of an ERC-8004 identity using a signed challenge (SIGN IN / SIWA), (4) build or update an ERC-8004 registration file (metadata JSON with endpoints, trust models, services), (5) upload agent metadata to IPFS or base64 data URI, (6) look up or verify an agent's onchain registration. The agent persists public identity state in MEMORY.md. Private keys are held in a separate keyring proxy server — the agent can request signatures but never access the key itself. Triggers on: ERC-8004, trustless agents, agent registration, SIWA, Sign In With Agent, agent identity NFT, Agent0 SDK, agent wallet, agent keystore, keyring proxy.

Install

$ cp -r cryptoskill/skills/identity/erc8004-agent .claude/skills/

$ clawhub install erc8004-agent

Trust profile trust grade not computed yet

7 red flags 3 cleared 1 not measured

Capabilities below are detected automatically by an open-source scanner that reads the skill's text and scripts (see how this is computed). Not measured means the scanner couldn't make a confident call — it is NOT a green check, and you should treat it as a possible red flag until a human or a stronger scanner has measured it.

7 Red flags things this skill can do that affect your security or funds

⚠
Can move funds this skill can sign and send transactions on your behalf
⚠
Requires private key you must hand over a private key, mnemonic, or wallet config
⚠
Requires hosted operator depends on a third-party hosted service to function
⚠
Mutable remote runtime runs remote code that can change behavior without a local diff
⚠
Can install code installs software at setup time (npx, pip, brew, etc.)
⚠
Can execute shell runs arbitrary shell commands on your machine
⚠
Can browse the web fetches arbitrary URLs at runtime

3 Cleared by scanner we scanned the skill's text & scripts and found no evidence of these

✓
Uses remote install script setup pipes a remote shell script (curl | sh class)
✓
Can write files writes to your local filesystem
✓
Can spawn sub-agents delegates to other skills or sub-agents

1 Not measured yet scanner couldn't make a confident call — treat as a possible red flag

?
Auto-invocable may be invoked by the agent without your explicit prompt

Execution mode

local_executor Phase 1 single-mode classification — multi-mode breakdown deferred to Phase 2.

Ingredients (services this skill talks to)

External services this skill needs in order to work. The skill's behavior depends on these services being up, honest, and unchanged. Today we only show services we recognize from a curated list of ~50 well-known hosts (exchanges, RPC providers, data APIs); a complete dependency list — including every package, library, and binary the skill installs or imports — is on the roadmap.

service alchemy.com

Audits

No one has audited this skill yet. That is different from “audited and clean” — it just means no professional reviewer (a security firm, the CryptoSkill team, or a verified independent researcher) has signed off on it. There are no audit reports to read. How reviewer levels work →

SKILL.md → SOURCE.md → TRUST.auto.yaml → Browse directory →

Auto-generated by cryptoskill/extract-capabilities/0.3.0 · hosted-service list version 2026-04-26 · how this is computed

Source

View on GitHub →