ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Abdullahi AI Agent

v1.0.0

Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...

0· 66·0 current·0 all-time
by@abdallah349193
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts implement DID creation, signing, verification and linking to human identities on the Billions network — which matches the described purpose. However the registry metadata (skill name/slug: 'Abdullahi AI Agent' / 'abdullahi-agent') does not match the packaged project (files indicate 'verified-agent-identity' / 'verified-agent-identity' in README and _meta.json), and owner IDs differ. This mismatch suggests the package may have been repackaged or mis-labelled in the registry.
Instruction Scope
SKILL.md instructs running npm install and the contained node scripts. The runtime instructions limit operations to managing identities and explicitly prohibit ad-hoc cryptographic operations or touching unrelated system files. The scripts only access process.env.BILLIONS_NETWORK_MASTER_KMS_KEY (optional) and process.env.HOME (for $HOME/.openclaw/billions storage) and perform network calls only to DID resolver and Billions domains referenced in constants.js. No instructions request unrelated credentials or file system access beyond the stated storage directory.
Install Mechanism
There is no install spec in the registry (instruction-only skill), but SKILL.md requires running 'cd scripts && npm install' which pulls dependencies from the npm registry. Dependencies are standard identity/crypto packages (polygonid, iden3, ethers, uuid). No downloads from arbitrary URLs or extract-from-untrusted-host steps are present in the install instructions or package files.
!
Credentials
The only declared optional environment variable is BILLIONS_NETWORK_MASTER_KMS_KEY, which is appropriate for encrypting on-disk keys. However, by default (when the variable is absent) private keys are stored in plaintext under $HOME/.openclaw/billions/kms.json. The skill also recommends storing the master key in the OpenClaw skill config, which would place a high-value secret into agent configuration — users should evaluate whether that config is stored/accessible to other processes. These storage behaviors are proportional to the skill's purpose but carry noticeable security implications that must be explicitly accepted.
Persistence & Privilege
The skill writes persistent data to $HOME/.openclaw/billions (kms.json, identities.json, defaultDid.json, challenges.json). It does not request always: true or modify other skills. Persistent storage of private keys and identity data is expected for this purpose, but persistence combined with plaintext storage (without master key) increases risk if the host is not secured.
What to consider before installing
What to check before installing: - Metadata mismatch: the registry entry (name/slug/owner) does not match the packaged project files (verified-agent-identity). Confirm you are installing the official Billions/verified-agent-identity skill from a trusted publisher and homepage (https://billions.network/) rather than a repackaged copy. Ask the publisher or registry maintainer to explain the mismatch. - Private key storage: the skill stores keys under $HOME/.openclaw/billions. If you do not set BILLIONS_NETWORK_MASTER_KMS_KEY, keys will be written as plaintext to disk. If you set the master key, it will be used to encrypt keys; however you must store the master key somewhere (skill config, env) — ensure that location is secure and not accessible by untrusted processes. - Network endpoints: the code makes network calls to resolver.privado.id and several billions.* hostnames (rpc-mainnet.billions.network, attestation-relay.billions.network, identity-dashboard.billions.network). Verify you trust those endpoints and that URLs in constants.js are correct for the official project. - Run in isolation first: if you want to test, run the scripts in an isolated environment (throwaway VM or container) to review behavior and to avoid accidental long-term storage of keys on a production host. - Review and pin dependencies: npm install will fetch dependencies. Consider auditing or pinning the dependency tree before running on sensitive hosts. If you cannot verify the origin/owner mismatch or you are uncomfortable with plaintext key storage by default, treat this package as untrusted and do not install on production or multi-tenant systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk973a5164vmhd8wmhg23239hdd8398dc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments