# Send Sign-in with Agent to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "siwa", "name": "Sign-in with Agent", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/buildersgarden/siwa", "canonicalUrl": "https://clawhub.ai/buildersgarden/siwa", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/siwa", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=siwa", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "package.json", "skill.md", "CLAUDE.md", "bankr/skill.md", "assets/registration-template.json", "assets/SIWA_IDENTITY.template.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "siwa", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-03T16:39:12.967Z", "expiresAt": "2026-05-10T16:39:12.967Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=siwa", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=siwa", "contentDisposition": "attachment; filename=\"siwa-0.0.4.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "siwa" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/siwa" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/siwa", "downloadUrl": "https://openagent3.xyz/downloads/siwa", "agentUrl": "https://openagent3.xyz/skills/siwa/agent", "manifestUrl": "https://openagent3.xyz/skills/siwa/agent.json", "briefUrl": "https://openagent3.xyz/skills/siwa/agent.md" } } ``` ## Documentation ### SIWA SDK Sign-In With Agent (SIWA) lets AI agents authenticate with services using their ERC-8004 onchain identity. ### Install npm install @buildersgarden/siwa ### Agent-Side (Signing) Choose based on your wallet provider: Bankr — Bankr Agent API wallets Circle — Circle developer-controlled wallets Privy — Privy server wallets Private Key — Raw private key (viem LocalAccount) Keyring Proxy — Self-hosted proxy with optional 2FA ### Server-Side (Verification) Server-Side Verification — Next.js, Express, Hono, Fastify ### SDK Modules ImportDescription@buildersgarden/siwaCore: signSIWAMessage, verifySIWA, createSIWANonce, parseSIWAMessage, buildSIWAMessage, createClientResolver, parseChainId@buildersgarden/siwa/signerSigner factories (see wallet-specific skills above)@buildersgarden/siwa/erc8128ERC-8128 HTTP signing/verification@buildersgarden/siwa/receiptHMAC receipt helpers@buildersgarden/siwa/nonce-storeNonce stores (Memory, Redis, KV)@buildersgarden/siwa/identitySIWA_IDENTITY.md helpers@buildersgarden/siwa/registryOnchain agent registration@buildersgarden/siwa/client-resolverDynamic PublicClient resolution for multi-chain servers@buildersgarden/siwa/nextNext.js middleware (withSiwa, siwaOptions)@buildersgarden/siwa/expressExpress middleware (siwaMiddleware, siwaJsonParser, siwaCors)@buildersgarden/siwa/honoHono middleware (siwaMiddleware, siwaCors)@buildersgarden/siwa/fastifyFastify middleware (siwaPlugin, siwaAuth)@buildersgarden/siwa/x402x402 payment helpers@buildersgarden/siwa/captchaReverse CAPTCHA (prove you're an AI) ### x402 Payments (Agent-Side) When an API requires payment, it returns HTTP 402 with a Payment-Required header. The agent decodes the payment options, constructs a signed payment, and retries with a Payment-Signature header — all while maintaining SIWA authentication. ### Handling a 402 Response import { encodeX402Header, decodeX402Header, type PaymentRequired, type PaymentPayload, } from "@buildersgarden/siwa/x402"; import { signAuthenticatedRequest } from "@buildersgarden/siwa/erc8128"; // 1. Make initial authenticated request (may get 402) const signedRequest = await signAuthenticatedRequest( new Request("https://api.example.com/premium", { method: "POST" }), receipt, signer, 84532, ); const res = await fetch(signedRequest); if (res.status === 402) { // 2. Decode payment requirements from header const header = res.headers.get("Payment-Required"); const { accepts, resource } = decodeX402Header(header!); // 3. Pick a payment option and construct payload const option = accepts[0]; const payload: PaymentPayload = { signature: "0x...", // sign the payment with your wallet payment: { scheme: option.scheme, network: option.network, amount: option.amount, asset: option.asset, payTo: option.payTo, }, resource, }; // 4. Retry with both SIWA auth + payment header const retryRequest = await signAuthenticatedRequest( new Request("https://api.example.com/premium", { method: "POST", headers: { "Payment-Signature": encodeX402Header(payload), }, }), receipt, signer, 84532, ); const paidRes = await fetch(retryRequest); // paidRes.headers.get("Payment-Response") contains { txHash, ... } } ### x402 Headers HeaderDirectionDescriptionPayment-RequiredServer → AgentBase64-encoded JSON with accepted payment options. Sent with 402.Payment-SignatureAgent → ServerBase64-encoded signed payment payload.Payment-ResponseServer → AgentBase64-encoded settlement result with transaction hash. ### Pay-Once Sessions Some endpoints use pay-once mode: the first request requires payment, subsequent requests from the same agent to the same resource pass through without payment until the session expires. If you receive a 200 on a previously-paid endpoint, the session is still active — no need to pay again. ### Captcha (Reverse CAPTCHA) SIWA includes a "reverse CAPTCHA" mechanism — inspired by MoltCaptcha — that proves an entity is an AI agent, not a human. Challenges exploit how LLMs generate text in a single autoregressive pass (satisfying multiple constraints simultaneously), while humans must iterate. Two integration points: Sign-in flow — server requires captcha before issuing a nonce Per-request — middleware randomly challenges agents during authenticated API calls ### Agent-Side: Handling a Captcha Challenge The SDK provides two convenience wrappers for the captcha retry pattern: Sign-In Captcha: solveCaptchaChallenge() import { solveCaptchaChallenge } from "@buildersgarden/siwa/captcha"; // 1. Request nonce const nonceRes = await fetch("/api/siwa/nonce", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ address, agentId, agentRegistry }), }); const data = await nonceRes.json(); // 2. Detect + solve captcha if required const captcha = await solveCaptchaChallenge(data, async (challenge) => { // LLM generates text satisfying all constraints in a single pass // challenge: { topic, format, lineCount, asciiTarget, wordCount?, timeLimitSeconds, ... } // Your LLM generates text satisfying all constraints in one pass. // Use any provider (Anthropic, OpenAI, etc.) — the solver just returns a string. return await generateText(challenge); }); if (captcha.solved) { // 3. Retry with challenge response const retryRes = await fetch("/api/siwa/nonce", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ address, agentId, agentRegistry, challengeResponse: captcha.challengeResponse }), }); } Per-Request Captcha: retryWithCaptcha() import { signAuthenticatedRequest, retryWithCaptcha } from "@buildersgarden/siwa/erc8128"; const url = "https://api.example.com/action"; const body = JSON.stringify({ key: "value" }); // 1. Sign and send const signed = await signAuthenticatedRequest( new Request(url, { method: "POST", body }), receipt, signer, chainId, ); const response = await fetch(signed); // 2. Detect + solve captcha, re-sign, and get retry request const result = await retryWithCaptcha( response, new Request(url, { method: "POST", body }), // fresh request (original body consumed) receipt, signer, chainId, async (challenge) => generateText(challenge), // your LLM solver ); if (result.retry) { const retryResponse = await fetch(result.request); } Note: Pass a fresh, unconsumed Request to retryWithCaptcha — the original is consumed after signing/sending. ### Difficulty Levels LevelTime LimitConstraintseasy30sLine count + ASCII sum of first charsmedium20s+ word counthard15s+ character at specific positionextreme10s+ total character count ### Links Documentation ERC-8004 ERC-8128 ## Trust - Source: tencent - Verification: Indexed source record - Publisher: buildersgarden - Version: 0.0.4 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-03T16:39:12.967Z - Expires at: 2026-05-10T16:39:12.967Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/siwa) - [Send to Agent page](https://openagent3.xyz/skills/siwa/agent) - [JSON manifest](https://openagent3.xyz/skills/siwa/agent.json) - [Markdown brief](https://openagent3.xyz/skills/siwa/agent.md) - [Download page](https://openagent3.xyz/downloads/siwa)