ClawHub

Verified Agent Identity

Security checks across malware telemetry and agentic risk

Overview

This identity-management skill is not clearly malicious, but it handles long-lived private keys and agent identity linking with too little explicit consent and scoping.

Install only if you intentionally want this agent to manage a Billions/Iden3 identity. Treat it like wallet software: do not import valuable private keys, review the scripts before running npm install or node commands, restrict access to $HOME/.openclaw/billions, and require explicit human approval before creating identities, linking an owner, signing challenges, or sending verification messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill’s trigger conditions are broad identity-help scenarios that can easily overlap with ordinary user requests, increasing the chance an agent invokes identity-management actions without a clearly scoped authorization check. In this context, the skill can create or use persistent identities and sign/link proofs, so ambiguous activation materially raises the risk of unintended sensitive operations.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs creation of a new identity and possible use of supplied private keys, while later disclosing that key material may be stored in plaintext if no master encryption key is configured. Creating or importing long-lived credentials without an upfront warning or consent flow is dangerous because it can cause accidental secret persistence on disk and expose wallet-like identity material to local compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal