didit-sessionsManage identity verification sessions and workflows with Didit APIs to create, update, retrieve results, handle blocklists, generate reports, and share sessi...
Install via ClawdBot CLI:
clawdbot install rosasalberto/didit-sessionsGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Sends data to undocumented external endpoint (potential exfiltration)
post → https://verification.didit.me/v3/blocklist/add/Calls external URL not in known-safe list
https://docs.didit.meAI Analysis
The skill's external API calls are consistent with its stated purpose of integrating with the Didit verification service, and the documented endpoints are legitimate for the described functionality. The 'unknown data sink' signal appears to be a false positive, as the blocklist endpoint is a documented part of the service's API for managing flagged data. No evidence of credential harvesting, hidden instructions, or obfuscation was found.
Audited Apr 17, 2026 · audit v1.0
Generated Mar 21, 2026
A fintech startup uses this skill to create KYC sessions for new account openings. They integrate the session URL into their mobile app, allowing users to verify identity with ID documents and liveness checks. After approval, they automatically update user status and trigger account activation workflows.
An online retailer selling age-sensitive products like alcohol or tobacco implements adaptive age verification workflows. They create sessions that start with selfie age estimation, falling back to ID verification if needed, ensuring compliance with regulations while minimizing friction for legitimate customers.
A transportation platform uses this skill to verify new drivers by creating sessions with workflows that include ID verification, liveness detection, and AML screening. They monitor session decisions via webhooks to approve or decline drivers automatically, maintaining safety standards.
A telemedicine provider integrates this skill to verify patient identities before virtual consultations. They create sessions with workflows combining ID verification and biometric authentication, storing verification results in patient records for audit trails and regulatory compliance.
A cryptocurrency exchange uses this skill to manage end-to-end verification flows for user registrations. They create sessions with KYC workflows, handle manual reviews for flagged cases, and generate PDF reports for regulatory submissions, ensuring adherence to anti-money laundering laws.
Companies offer verification-as-a-service by integrating this skill into their platforms, charging clients a monthly fee per active user or transaction. They use session creation and management APIs to scale verification processes, with revenue generated from tiered subscription plans based on usage volume.
Businesses implement this skill to charge end-users a one-time fee for each verification session, such as for background checks or age verification services. They track sessions via vendor_data, monetizing each successful verification with transparent pricing models.
Consulting firms leverage this skill to provide compliance solutions, helping clients set up and manage verification workflows tailored to industry regulations. They generate revenue by offering setup, integration support, and ongoing management services, using APIs for customization and reporting.
💬 Integration Tip
Start by testing with a simple KYC workflow in a sandbox environment to understand session lifecycle and webhook handling before scaling to production.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.