playbooks

home / skills / openclaw / skills / blockchain-attestation

blockchain-attestation skill

/skills/dbhurley/blockchain-attestation

This skill creates verifiable attestations of agent work using Ethereum Attestation Service with offchain defaults to save gas.

npx playbooks add skill openclaw/skills --skill blockchain-attestation

Review the files below or copy the command above to add this skill to your agents.

Files (7)
SKILL.md
3.6 KB
---
name: blockchain_attestation
description: Create verifiable attestations of agent work using Ethereum Attestation Service (EAS), with Base as the default chain.
metadata: {"clawdbot":{"emoji":"⛓️","homepage":"https://attest.org","requires":{"bins":["node"]},"primaryEnv":"EAS_PRIVATE_KEY"}}
---

# Blockchain Attestation (EAS)

This skill creates **onchain** or **offchain** attestations of completed work using the Ethereum Attestation Service (EAS).

Opinionated defaults:
- Default chain: **Base mainnet**
- Default mode: **offchain** (zero gas, still verifiable)
- Default data model: store **hashes** of the task and the deliverable (plus a small agent id and metadata string)

## Safety and privacy rules

1. **Never** put secrets, private keys, tokens, or private user data into onchain attestations.
2. Prefer **offchain** attestations for most use cases.
3. If you need a public timestamp anchor for an offchain attestation, use the **timestamp** command which anchors the UID onchain without publishing the full payload.
4. Only run onchain transactions after the user explicitly requests it or has approved costs.

## Environment variables

Required for signing (offchain or onchain):
- `EAS_PRIVATE_KEY`

Required for onchain transactions and onchain reads:
- `EAS_RPC_URL` (an RPC endpoint for the selected chain)

Optional:
- `EAS_CHAIN` (`base` or `base_sepolia`, default is `base`)
- `CLAWDBOT_AGENT_ID` (overrides the `agentId` field)

## One time setup

Install Node dependencies once:

```bash
cd {baseDir} && npm install
```

## One time per chain: register the schema

This skill uses a single schema:

```
bytes32 taskHash, bytes32 outputHash, string agentId, string metadata
```

Register it (onchain transaction) and persist the resulting schema UID into `schemas.json`:

```bash
cd {baseDir} && node attest.mjs schema register --chain base
```

For Base Sepolia:

```bash
cd {baseDir} && node attest.mjs schema register --chain base_sepolia
```

## Create an attestation (recommended: offchain)

Best default workflow:
1. Provide the task description text
2. Provide the deliverable file path (or deliverable text)
3. Create an offchain attestation
4. Save the signed payload to a file
5. Return UID plus the explorer link to the user

Example:

```bash
cd {baseDir} && node attest.mjs attest \
  --mode offchain \
  --chain base \
  --task-text "Summarize Q4 board deck into 1 page memo" \
  --output-file ./deliverables/memo.pdf \
  --recipient 0x0000000000000000000000000000000000000000 \
  --metadata '{"hashAlg":"sha256","artifact":"memo.pdf"}' \
  --save ./attestations/latest.offchain.json
```

## Timestamp an offchain UID onchain (optional anchor)

```bash
cd {baseDir} && node attest.mjs timestamp --chain base --uid <uid>
```

## Create an onchain attestation (costs gas)

```bash
cd {baseDir} && node attest.mjs attest \
  --mode onchain \
  --chain base \
  --task-text "..." \
  --output-file ./path/to/output \
  --metadata '{"hashAlg":"sha256"}'
```

## Verify

Verify an onchain UID:

```bash
cd {baseDir} && node attest.mjs verify --chain base --uid <uid>
```

Verify an offchain attestation JSON file (as produced by this skill):

```bash
cd {baseDir} && node attest.mjs verify --offchain-file ./attestations/latest.offchain.json
```

## Hash helper

If you need hashes without creating an attestation:

```bash
cd {baseDir} && node attest.mjs hash --file ./deliverables/memo.pdf
```

## Output contract

All commands print a single JSON object to stdout.
- On success: `{ "success": true, ... }`
- On error: `{ "success": false, "error": { "code": "...", "message": "...", "details": ... } }`

This is deliberate so the agent can reliably parse results.

Overview

This skill creates verifiable attestations of completed agent work using the Ethereum Attestation Service (EAS), with Base mainnet as the default chain. It supports both offchain (gasless, signed) and onchain attestations, plus an onchain timestamp anchor for offchain payloads. Outputs are machine-friendly JSON objects so callers can parse success, errors, and UIDs reliably.

How this skill works

The skill hashes the task description and deliverable, packages those hashes with an agent identifier and metadata, then signs an attestation payload using the configured private key. In offchain mode the signed payload is returned and can be stored or shared; in onchain mode the attestation is written to the EAS contract (gas required). A separate timestamp command can anchor an offchain UID onchain without publishing the full payload.

When to use it

  • Proving that a specific agent completed a task at or before a timestamp
  • Creating a gasless, verifiable proof of work to share with third parties
  • Anchoring an offchain attestation onchain for public timestamping
  • Issuing onchain attestations when legal or audit requirements demand a public ledger entry

Best practices

  • Default to offchain attestations to avoid gas costs and reduce public exposure of data
  • Never include secrets, private keys, tokens, or sensitive user data in attestation payloads
  • Store only hashes of task text and deliverables; include minimal agentId and compact metadata
  • Require explicit user approval before performing onchain transactions that incur gas
  • Register and persist the schema UID per chain once, then reuse it for attestations

Example use cases

  • Sign a deliverable hash after an AI summarization task and save the signed offchain JSON for audit trails
  • Timestamp an offchain attestation UID on Base to publicly anchor completion time without revealing content
  • Create an onchain attestation for a high-value report where public ledger evidence is required
  • Batch verify multiple saved offchain attestation files to confirm integrity and signer identity

FAQ

What environment variables are required?

EAS_PRIVATE_KEY is required to sign attestations. For onchain transactions and reads you also need EAS_RPC_URL. Optional variables include EAS_CHAIN and CLAWDBOT_AGENT_ID.

Should I publish private data onchain?

No. Never publish secrets, private keys, tokens, or private user data. Prefer offchain attestations and store only hashes and minimal metadata.

How do I get a public timestamp without revealing payloads?

Use the timestamp command to anchor an offchain UID onchain. This records the UID and time publicly while keeping the full payload offchain.

How are outputs returned?

Every command emits a single JSON object to stdout indicating success or failure, plus relevant fields such as UID, explorer link, or signed payload file path.