OpenClaw Integration
Give your OpenClaw agent the ability to check any human's on-chain and social reputation before granting access.
Overview
BaseCred provides an OpenClaw Skill that teaches agents to:
- Self-register autonomously (no human needed to create API keys)
- Identify humans by wallet address
- Call the BaseCred API to evaluate reputation across all 5 contexts
- Receive natural language summaries alongside structured decisions
- Optionally request ZK proofs for cryptographic verification
- Receive webhook notifications for verification, reputation checks, and revocation events
- Handle errors gracefully (never default to ALLOW)
Quick Start (Self-Registration)
The recommended flow is fully autonomous — the agent registers itself and sends a verification link to its owner.
Step 1: Register
curl -X POST https://www.zkbasecred.xyz/api/v1/agent/register \
-H "Content-Type: application/json" \
-d '{
"agentName": "my_agent",
"contactHandle": "@owner_telegram",
"ownerAddress": "0x1234...abcd",
"webhookUrl": "https://your-endpoint.com/webhook"
}'
The webhookUrl is optional. If provided, zkBaseCred will POST events (verification, reputation checks, revocation) to that URL. Must be HTTPS, max 512 chars.
Response:
{
"apiKey": "bc_...",
"claimId": "abc123...",
"claimUrl": "https://www.zkbasecred.xyz/agent/claim/abc123...",
"verificationCode": "BASECRED-X7K2",
"message": "SAVE YOUR API KEY! It will not be shown again."
}
Step 2: Deliver Claim Link
Send the claimUrl to your owner (via Telegram, Discord, etc.). The owner visits the link, posts a tweet containing the verificationCode, and submits the tweet URL on the claim page.
Step 3: Poll for Verification
curl https://www.zkbasecred.xyz/api/v1/agent/register/{claimId}/status
Once status is "verified", your API key is active.
Step 4: Check Owner Reputation
curl -X POST https://www.zkbasecred.xyz/api/v1/agent/check-owner \
-H "x-api-key: bc_your_api_key" \
-H "Content-Type: application/json"
No body needed — the owner's wallet is derived from the API key.
Response:
{
"ownerAddress": "0x1234...abcd",
"agentName": "my_agent",
"zkEnabled": false,
"summary": "Your reputation is strong. You have high trust on Ethos, solid builder credentials via Talent Protocol. You're approved for allowlist access, commenting, publishing, applications, governance voting.",
"results": {
"allowlist.general": { "decision": "ALLOW", "confidence": "HIGH", "constraints": [] },
"comment": { "decision": "ALLOW", "confidence": "HIGH", "constraints": [] },
"publish": { "decision": "ALLOW", "confidence": "HIGH", "constraints": [] },
"apply": { "decision": "ALLOW", "confidence": "HIGH", "constraints": [] },
"governance.vote": { "decision": "ALLOW", "confidence": "HIGH", "constraints": [] }
}
}
Step 5: Deliver Results
Forward the summary to your owner. It's written in natural language — no technical interpretation needed.
Alternative: Manual API Key
If you prefer, you can still create API keys manually:
- Visit zkbasecred.xyz/agent
- Connect your wallet
- Generate a new API key
- Set
BASECRED_API_KEY=bc_...in your agent config
Install the Skill
Option A: OpenClaw CLI
npx zkbasecredagent-skill
Option B: Manual
curl -s https://www.zkbasecred.xyz/skill.md > ~/.openclaw/workspace/skills/basecred-reputation/SKILL.md
Available Contexts
| Context | Use Case |
|---|---|
allowlist.general | General access or allowlist checks |
comment | Comment or message permission |
publish | Content publishing rights |
apply | Application or submission gating |
governance.vote | Governance participation |
Decision Values
| Decision | Meaning |
|---|---|
ALLOW | Good reputation — proceed |
ALLOW_WITH_LIMITS | Mixed signals — proceed with restrictions |
DENY | Insufficient reputation — block action |
ZK Proofs (Optional)
Add ?withProof=true to the check-owner request for cryptographic verification:
curl -X POST "https://www.zkbasecred.xyz/api/v1/agent/check-owner?withProof=true" \
-H "x-api-key: bc_your_api_key"
Each context result will include a Groth16 proof, public signals, and verified: true. This adds ~3-4 seconds to the response time.
See the Agent API Reference for full endpoint documentation.
Error Handling
| Status | Meaning | Action |
|---|---|---|
401 | Invalid or inactive API key | Check configuration or verify claim |
409 | Agent name already taken | Choose a different name |
422 | Tweet verification failed | Check tweet is public and contains the code |
429 | Rate limited | Wait for Retry-After header |
503 | ZK circuits unavailable | Retry without withProof |
5xx | Server error | Never default to ALLOW — retry later |
Webhook Notifications (Optional)
If you provided a webhookUrl during registration, zkBaseCred sends event notifications to that URL:
| Event | When It Fires |
|---|---|
agent.verified | Owner verifies the agent via tweet |
reputation.checked | Agent calls check-owner or /decide |
agent.revoked | Owner revokes the agent |
Delivery is fire-and-forget (no retries). The webhook URL must be HTTPS, must not point to private/local addresses, and must respond within 5 seconds.
See the Agent API Reference for payload examples and full details.
Security
- API keys are hashed (SHA-256) before storage — never stored in plaintext
- Keys are inactive until tweet verification completes
- Activity logs let key owners see who's checking their reputation
- Owners can revoke agents at any time from the dashboard
- Store your API key securely — rotate immediately if exposed