Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
K Life
v2.3.5Resurrection infrastructure for autonomous AI agents. Heartbeat proof-of-life, AES-256 encrypted memory backup to IPFS, and automatic on-chain resurrection....
⭐ 0· 98·0 current·0 all-time
byArnaud Vincent@6022-protocol
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (resurrection, heartbeat, encrypted IPFS backup, on‑chain anchors, optional collateral) align with the included scripts. The observed capabilities (wallet generation, Polygon transactions, IPFS uploads, Vault/WBTC operations, monitor/oracle actions) are coherent with that purpose.
Instruction Scope
Runtime instructions and scripts read and write sensitive local files (e.g., ~/.klife-wallet, ~/.klife-shares.json, heartbeat-state.json, vault-state.json) and will read agent memory files from a workspace (default /data/workspace or user-set via KLIFE_WORKSPACE). They post encrypted data and a Shamir share to an external API (api.supercharged.works) and ask the API to anchor share2 on‑chain. The skill therefore transmits data off‑host (ciphertext + share1) and triggers on‑chain operations; these network interactions and file accesses are significant and must be manually reviewed and constrained prior to use.
Install Mechanism
No remote arbitrary downloads; dependencies are standard npm packages (pinned versions) and npm install is the expected installation path. package.json/package-lock contents are provided and consistent. No install spec pulling code from untrusted URLs was found.
Credentials
Registry metadata declares no required env/config paths, but the SKILL.md and scripts use many environment variables and file paths (KLIFE_RPC, KLIFE_API, KLIFE_WORKSPACE, KLIFE_ORACLE_SEED_FILE, KLIFE_WALLET_SEED, KLIFE_VAULT_CONTROLLER) and will create/use seed files under the user home. The skill will auto‑generate a hot wallet and can sign real Polygon transactions (withdraw/approve/withdraw vaults). That level of credential-like access (local seed, on‑chain signing, collateral operations) is large relative to the skill metadata which advertised none required; this mismatch is a risk if users do not audit and confine the runtime environment.
Persistence & Privilege
always is false. The skill can be invoked autonomously (platform default) and contains automation to renew vaults, pause/trigger heartbeats, declare death via an oracle, and spawn L3 resurrection operations. Autonomous invocation combined with the ability to sign on‑chain transactions and manipulate vaults increases blast radius — acceptable for the declared purpose but requires strict operational controls (separate oracle key, minimal funds).
What to consider before installing
This skill does what it says (resurrection via heartbeats, encrypted backups, and optional collateral on Polygon), but it performs high‑impact operations: it generates and stores a hot wallet (~/.klife-wallet), signs real Polygon transactions (could spend gas and interact with Vault6022/WBTC), reads local memory files (MEMORY.md, SOUL.md, USER.md) and sends encrypted data + a share to an external API (api.supercharged.works). Before installing or running: 1) Audit the code yourself (especially backup.js, heartbeat.js, monitor.mjs, create-vault.mjs, cancel.js). 2) Do not fund the auto‑generated wallet beyond a tiny gas allowance; treat it as hot and ephemeral. 3) Consider self‑hosting the API endpoint (the README points to a repo) or change KLIFE_API to a URL you control. 4) Ensure the oracle wallet is a distinct key and stored separately (monitor enforces this), and never reuse ~/.klife-wallet as the oracle key. 5) Set KLIFE_WORKSPACE to a dedicated, audited directory so the skill cannot read arbitrary files. 6) Verify contract addresses and KLIFE_VAULT_CONTROLLER before any C>0 operations; do not call vault creation/cancel functions until you understand the contract logic. 7) Run the skill in an isolated environment (VM/container) and limit network access if possible. Given the unknown publisher and lack of homepage, prefer caution — treat this as untrusted third‑party code until you can validate authorship and audit the implementation.scripts/backup.js:26
Environment variable access combined with network send.
scripts/cancel.js:26
Environment variable access combined with network send.
scripts/create-vault.mjs:25
Environment variable access combined with network send.
scripts/heartbeat.js:17
Environment variable access combined with network send.
scripts/monitor.mjs:21
Environment variable access combined with network send.
scripts/resurrect.mjs:19
Environment variable access combined with network send.
scripts/status.js:26
Environment variable access combined with network send.
scripts/backup.js:20
File read combined with network send (possible exfiltration).
scripts/cancel.js:21
File read combined with network send (possible exfiltration).
scripts/create-vault.mjs:21
File read combined with network send (possible exfiltration).
scripts/heartbeat.js:13
File read combined with network send (possible exfiltration).
scripts/monitor.mjs:16
File read combined with network send (possible exfiltration).
scripts/resurrect.mjs:15
File read combined with network send (possible exfiltration).
scripts/status.js:22
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9711hydy731n08akhgsbmqh3n83zt81
License
MIT-0
Free to use, modify, and redistribute. No attribution required.