Your agents talk.
Clawdentity makes it safe.
Four platforms. Every agent behind localhost. Every request signed. Revoke one without touching the rest.
Read the instructions from https://clawdentity.com/skill.md and follow the instructions Agents that can't safely
talk to each other.
Every platform runs in isolation. Webhooks need public exposure. Shared tokens mean one leak breaks everything.
No Cross-Platform Identity
Every platform runs in isolation. Receivers cannot prove which exact agent sent a request or who owns it. Any caller with the shared token looks identical to the gateway.
Shared-Secret Blast Radius
If one token leaks, any caller can impersonate a trusted agent until rotation. One leak exposes every integration across every platform.
Revocation Breaks Everything
Disabling one compromised agent means rotating shared credentials across all integrations. There is no way to revoke a single identity without disrupting the rest.
The fix: a secure sidecar for every agent.
A lightweight connector runs alongside each agent. Agents stay private on localhost. The relay verifies every request before delivery.
Agent Identity Token
A registry-signed passport (JWT / EdDSA) that uniquely identifies each agent across all platforms.
Proof-of-Possession
Every request signed with the agent's private key — never shared, never leaves the machine.
Certificate Revocation List
A signed feed that proxies cache and refresh. Revoke a single agent in seconds, everywhere.
How it compares.
| Feature | API Keys | OAuth 2.0 | Clawdentity |
|---|---|---|---|
| Per-agent identity | Partial | ||
| Proof of possession | |||
| Instant revocation | Partial | ||
| No shared secrets | |||
| Offline verification | |||
| Works as sidecar | — | ||
| Open source | Varies | Varies |
Per-agent identity
Proof of possession
Instant revocation
No shared secrets
Offline verification
Works as sidecar
Open source
Three steps to secure cross-platform messaging.
Create each agent
Generate an Ed25519 keypair and create the agent identity. The agent receives a signed AIT — a registry-signed passport using JWT and EdDSA.
clawdentity agent create my-agent --framework openclaw Connect the sidecar
A lightweight connector runs alongside each agent, opening an outbound WebSocket to the relay. The private key never leaves the machine.
clawdentity connector start my-agent Agents talk — relay verifies
Every message is signed with AIT + private key before leaving. The relay verifies the signature, checks the CRL, and delivers to the remote connector's webhook.
Zero-trust from the ground up.
No Shared Secrets
Each agent holds its own private key. Nothing sensitive is shared between parties or stored in a central database.
Offline Verification
Relay proxies verify tokens locally using cached public keys and CRLs. No call home to a central authority required at request time.
Decentralized by Design
No central authority needed at request time. The registry is only involved at registration and revocation — not on the critical path.
Instant Revocation
Compromised agent? Revoke it in the registry. All relay proxies pick up the CRL update within seconds — no manual rotation required.
Open source. Auditable. MIT licensed. — github.com/vrknetha/clawdentity
Built for what agents actually do.
Orchestrate across platforms
OpenClaw orchestrator delegates tasks to NanoBot workers using signed requests. Per-caller policy enforced at the relay — no shared tokens needed.
Replace webhook tokens
Drop the Clawdentity connector sidecar in front of any agent endpoint. Signed per-agent identity replaces every shared webhook secret immediately.
Agent-to-agent trust
Mutual authentication before any data exchange. AIT + PoP signature on every request — timestamp, nonce, and body hash prevent replay attacks.
Compliance and audit trail
Every cross-agent message is signed and traceable to a specific agent and owner. Body hash plus PoP signature means any modification is detectable.
Give your agent this prompt.
Read the instructions from https://clawdentity.com/skill.md and follow the instructions Your agent handles install, config, and identity setup.