Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ox Agent Identity
v1.0.0ERC-8004 agent identity management. Register AI agents on-chain, update reputation scores, query the validation registry, and manage attestations for autonom...
⭐ 0· 67·0 current·0 all-time
by@0x-wzw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and README clearly describe on-chain registration, reputation updates, and attestations using Foundry's cast and wallet private keys — which is coherent with the stated purpose. However, the skill metadata claims 'Required env vars: none' and 'Primary credential: none' despite runtime instructions requiring WEB3_RPC_URL and private key variables. That mismatch is unexpected and reduces trust in the package metadata.
Instruction Scope
Runtime instructions explicitly tell the agent to read environment variables containing RPC URLs and private keys and to execute transaction-sending commands (cast send). Those actions are within the claimed feature set (on-chain writes) but the instructions therefore involve handling sensitive secrets and performing irreversible blockchain transactions. The SKILL.md does not limit or qualify autonomous action, nor does it suggest safe defaults (e.g., using a delegated signer or dry-run mode).
Install Mechanism
There is no formal install spec (instruction-only), which minimizes automated code installation risk. However, the README recommends installing Foundry via a remote install script (curl -L https://foundry.paradigm.xyz | bash), which is a common but higher-risk pattern (running a remote script). The package itself contains a harmless validate.sh; no other executables or remote downloads are present inside the skill bundle.
Credentials
The SKILL.md requires sensitive environment variables (AGENT_WALLET_PRIVATE_KEY, VALIDATOR_PRIVATE_KEY, ATTESTER_PRIVATE_KEY, WEB3_RPC_URL, AGENT_REGISTRY_ADDRESS) but the skill metadata declares no required env vars or primary credential. Requesting private keys is proportionate to performing writes on-chain, but the omission in metadata is a red flag. There is no guidance in SKILL.md to use limited-scope keys, hardware wallets, or ephemeral/testnet keys.
Persistence & Privilege
The skill is not always-enabled (always: false) and is user-invocable, but platform-default autonomous invocation is allowed (disable-model-invocation: false). Combined with the ability to read private keys from env vars and execute transaction-sending commands, that grants the agent the capability to autonomously sign and broadcast transactions if keys are provided — this raises a high-risk operational concern unless the user explicitly restricts or isolates keys.
What to consider before installing
This skill legitimately performs on-chain reads and writes, but treat it carefully: 1) Do not supply mainnet private keys or long-lived keys as environment variables to this skill. Use a dedicated low-value signer or a delegated account with strict limits. 2) Verify the AGENT_REGISTRY_ADDRESS and contract interface before sending transactions; test on a testnet first. 3) If you must install Foundry, prefer official documented installation steps and inspect any remote install scripts before running them. 4) Because the package metadata omits required env var declarations, assume the skill will expect RPC URLs and private keys — confirm these requirements before installing. 5) If you want to avoid the agent performing writes autonomously, disable autonomous invocation for this skill or avoid providing private keys in environments the agent can access.Like a lobster shell, security has layers — review code before you run it.
latestvk97cww1nr880kcnkg1x5xftnrh83am2e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.