self-xyz
Integrate Self (self.xyz) — a privacy-first identity protocol using zero-knowledge proofs to verify passports and ID cards. Use when the user mentions Self protocol, Self identity, self.xyz, passport verification, zero-knowledge identity verification, SelfAppBuilder, SelfBackendVerifier, SelfVerificationRoot, or wants to add privacy-preserving KYC, age verification, nationality checks, OFAC screening, or Sybil resistance using real-world identity documents. Covers frontend QR code integration, backend proof verification, and on-chain smart contract verification on Celo.
About this skill
This skill facilitates the integration of the Self protocol into web applications. Self is a privacy-first identity protocol that leverages zero-knowledge proofs to verify real-world identity documents like passports and ID cards, ensuring that personal data is never exposed. Users interact with the Self mobile app to scan their document's NFC chip, generating a cryptographic zero-knowledge proof that can then be shared with the integrating application for verification. The skill provides clear instructions and code snippets for both frontend and backend implementation. Developers can use the frontend component to display a QR code for user interaction, while the backend component handles the secure verification of the zero-knowledge proofs. It also mentions on-chain smart contract verification on Celo, indicating its applicability for decentralized applications (dApps). Developers would use this skill to implement robust, privacy-centric identity verification solutions that protect user data by utilizing ZK-proofs. This is crucial for achieving compliance (e.g., KYC, age verification) and building trust in applications, especially in contexts where minimizing data exposure is paramount or for Web3 projects requiring verifiable real-world identity attestations.
Best use case
The primary use case for this skill is to seamlessly integrate privacy-preserving identity verification into web applications and decentralized services. It is ideal for developers and organizations building platforms that require reliable identity checks (e.g., for regulatory compliance, access control, or community governance) but prioritize user privacy by avoiding direct handling or storage of sensitive personal data. This skill particularly benefits dApps and Web3 projects needing secure, verifiable real-world identity attestations with minimal data exposure.
Integrate Self (self.xyz) — a privacy-first identity protocol using zero-knowledge proofs to verify passports and ID cards. Use when the user mentions Self protocol, Self identity, self.xyz, passport verification, zero-knowledge identity verification, SelfAppBuilder, SelfBackendVerifier, SelfVerificationRoot, or wants to add privacy-preserving KYC, age verification, nationality checks, OFAC screening, or Sybil resistance using real-world identity documents. Covers frontend QR code integration, backend proof verification, and on-chain smart contract verification on Celo.
A fully integrated system featuring a frontend QR code for users to initiate identity verification and a backend endpoint capable of securely processing and validating zero-knowledge identity proofs from the Self protocol.
Practical example
Example input
Integrate the Self.xyz protocol into my Next.js application to verify user age (18+) using zero-knowledge proofs, handling both frontend QR code display and backend proof validation.
Example output
The agent would provide `npm install` commands, the `SelfQRcodeWrapper` component for the Next.js frontend, and the `SelfBackendVerifier` endpoint code for the backend, configured for age verification and scope 'my-app-scope'.
When to use this skill
- When needing to verify user attributes (e.g., age, nationality, humanity) from real-world IDs without storing personal data.
- To implement privacy-preserving KYC, anti-Sybil mechanisms, OFAC screening, or age verification.
- When the user mentions Self protocol, self.xyz, zero-knowledge identity, passport verification, or similar terms.
- For applications requiring robust, verifiable real-world identity on blockchain platforms like Celo.
When not to use this skill
- When identity verification is not a functional requirement for the application.
- If a simpler, less cryptographic identity verification method is sufficient for the specific use case and user base.
- If the target users are unlikely to have NFC-enabled devices or access to the Self mobile app.
- When the application needs to directly access and store full identity document data (which Self is designed to avoid).
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/self-xyz/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How self-xyz Compares
| Feature / Agent | self-xyz | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
Integrate Self (self.xyz) — a privacy-first identity protocol using zero-knowledge proofs to verify passports and ID cards. Use when the user mentions Self protocol, Self identity, self.xyz, passport verification, zero-knowledge identity verification, SelfAppBuilder, SelfBackendVerifier, SelfVerificationRoot, or wants to add privacy-preserving KYC, age verification, nationality checks, OFAC screening, or Sybil resistance using real-world identity documents. Covers frontend QR code integration, backend proof verification, and on-chain smart contract verification on Celo.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Self Protocol Integration
Self lets users prove identity attributes (age, nationality, humanity) from passports/ID cards using zero-knowledge proofs — no personal data exposed. Users scan their document's NFC chip in the Self mobile app and share a zk proof with your app.
## Quick Start (Next.js Off-Chain)
### 1. Install
```bash
npm install @selfxyz/qrcode @selfxyz/core
```
### 2. Frontend — QR Code Component
```tsx
"use client";
import { SelfQRcodeWrapper, SelfAppBuilder } from "@selfxyz/qrcode";
export default function VerifyIdentity({ userId }: { userId: string }) {
const selfApp = new SelfAppBuilder({
appName: "My App",
scope: "my-app-scope",
endpoint: "https://yourapp.com/api/verify",
endpointType: "https",
userId,
userIdType: "hex",
disclosures: {
minimumAge: 18,
},
}).build();
return (
<SelfQRcodeWrapper
selfApp={selfApp}
onSuccess={() => console.log("Verified")}
type="websocket"
darkMode={false}
/>
);
}
```
### 3. Backend — Verification Endpoint
```ts
// app/api/verify/route.ts
import { SelfBackendVerifier, DefaultConfigStore } from "@selfxyz/core";
export async function POST(req: Request) {
const { proof, publicSignals } = await req.json();
const verifier = new SelfBackendVerifier(
"my-app-scope", // must match frontend scope
"https://yourapp.com/api/verify", // must match frontend endpoint
true, // true = accept mock passports (dev only)
null, // allowedIds (null = all)
new DefaultConfigStore({ // must match frontend disclosures
minimumAge: 18,
})
);
const result = await verifier.verify(proof, publicSignals);
return Response.json({
verified: result.isValid,
nationality: result.credentialSubject?.nationality,
});
}
```
## Integration Patterns
| Pattern | When to Use | `endpoint` | `endpointType` |
|---------|------------|------------|----------------|
| **Off-chain** (backend) | Web apps, APIs, most cases | Your API URL | `"https"` or `"https-staging"` |
| **On-chain** (contract) | DeFi, token gating, airdrops | Contract address (lowercase) | `"celo"` or `"celo-staging"` |
| **Deep linking** | Mobile-first flows | Your API URL | `"https"` |
- **Off-chain**: Fastest to implement. Proof sent to your backend, verified server-side.
- **On-chain**: Proof verified by Celo smart contract. Inherit `SelfVerificationRoot`. Use for trustless/permissionless scenarios.
- **Deep linking**: For mobile users — opens Self app directly instead of QR scan. See `references/frontend.md`.
## Critical Gotchas
1. **Config matching is mandatory** — Frontend `disclosures` must EXACTLY match backend/contract verification config. Mismatched age thresholds, country lists, or OFAC settings cause silent failures.
2. **Contract addresses must be lowercase** — Non-checksum format in frontend `endpoint`. Use `.toLowerCase()`.
3. **Country codes are ISO 3-letter** — e.g., `"USA"`, `"IRN"`, `"PRK"`. Max 40 countries in exclusion lists.
4. **Mock passports = testnet only** — Set `mockPassport: true` in backend / use `"celo-staging"` endpoint type. Real passports require mainnet. To create a mock passport: open Self app, tap the Passport button **5 times**. Mock testing requires OFAC disabled.
5. **Version requirement** — `@selfxyz/core` >= 1.1.0-beta.1.
6. **Attestation IDs** — `1` = Passport, `2` = Biometric ID Card. Must explicitly allow via `allowedIds` map.
7. **Scope uniqueness** — On-chain, scope is Poseidon-hashed with contract address, preventing cross-contract proof replay.
8. **Endpoint must be publicly accessible** — Self app sends proof directly to your endpoint. Use ngrok for local development.
9. **Common errors**: `ScopeMismatch` = scope/address mismatch or non-lowercase address. `Invalid 'to' Address` = wrong `endpointType` (celo vs https). `InvalidIdentityCommitmentRoot` = real passport on testnet (use mainnet). `Invalid Config ID` = mock passport on mainnet (use testnet).
## Deployed Contracts (Celo)
| Network | Address |
|---------|---------|
| **Mainnet** Hub V2 | `0xe57F4773bd9c9d8b6Cd70431117d353298B9f5BF` |
| **Sepolia** Hub V2 | `0x16ECBA51e18a4a7e61fdC417f0d47AFEeDfbed74` |
| **Sepolia Staging** Hub V2 | `0x68c931C9a534D37aa78094877F46fE46a49F1A51` |
## References
Load these for deeper integration details:
- **`references/frontend.md`** — `SelfAppBuilder` full config, `SelfQRcodeWrapper` props, deep linking with `getUniversalLink`, disclosure options
- **`references/backend.md`** — `SelfBackendVerifier` constructor details, `DefaultConfigStore` vs `InMemoryConfigStore`, verification result schema, dynamic configs
- **`references/contracts.md`** — `SelfVerificationRoot` inheritance pattern, Hub V2 interaction, `setVerificationConfigV2`, `customVerificationHook`, `getConfigId`, `userDefinedData` patternsRelated Skills
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Data Governance Framework
Assess, score, and remediate your organization's data governance posture across 6 domains.
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
Compliance & Audit Readiness Engine
Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
AI Safety Audit
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.
clickhouse-github-forensics
Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
mema-vault
Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.
guardian-wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").
SX-security-audit
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。