Back to skill
Skillv0.1.0
VirusTotal security
Verified Agent Identity · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:08 AM
- Hash
- 403c25a837d291273bd5d7e5fb4e751816f42cd7c231722c7232f5ff5396db66
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: verified-agent-identity-6 Version: 0.1.0 The skill 'verified-agent-identity' manages decentralized identities and private keys, storing sensitive data like 'kms.json' and 'identities.json' in '$HOME/.openclaw/billions'. While the instructions in SKILL.md describe legitimate identity management flows for the Billions Network (https://billions.network/), the handling of private keys and the potential for plaintext storage are high-risk behaviors. No explicit evidence of malicious intent or exfiltration was found in the documentation, but the sensitive nature of the identity operations and the reliance on external Node.js scripts for cryptographic tasks warrant a suspicious classification.
- External report
- View on VirusTotal