Verified Agent Identity 2

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill’s identity-management purpose is coherent, but it handles private keys and tokens through missing, unreviewed scripts and unsafe command-line arguments.

Review this carefully before installing. Verify the publisher and obtain the complete scripts and dependency files first. Do not pass an existing wallet/private key or reusable token on the command line, and only send signed identity proofs after confirming the recipient.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern

ASI04: Agentic Supply Chain Vulnerabilities

What this means

A user or agent could be asked to run unreviewed code or dependencies for private-key and identity operations.

Why it was flagged

The supplied manifest says this is an instruction-only skill with no code files, yet SKILL.md directs installation and execution of missing helper scripts that would manage identities and credentials.

Skill content

cd scripts && npm install && cd .. ... node scripts/createNewEthereumIdentity.js

Recommendation

Do not run the scripted workflow until the package includes the referenced scripts, dependency files, and an auditable install path from a verified source.

Concern

ASI03: Identity and Privilege Abuse

What this means

An exposed private key or token could let another local user or process impersonate or misuse the identity.

Why it was flagged

The skill documents passing private keys and authentication/proof tokens through command-line arguments, which can be exposed via process listings, logs, or shell history.

Skill content

node scripts/createNewEthereumIdentity.js [--key <privateKeyHex>] ... node scripts/verifySignature.js --did <did> --token <token>

Recommendation

Avoid providing existing private keys or tokens through argv; use safer secret input methods and prefer a new, limited-use identity until the implementation is reviewed.

Note

ASI07: Insecure Inter-Agent Communication

What this means

If the target is wrong or spoofed, an identity proof could be sent to the wrong party.

Why it was flagged

The workflow sends a signed identity proof over OpenClaw messaging to a caller-supplied target, so recipient identity and message routing matter.

Skill content

sends the JWS token as a direct message to the specified sender ... passed as `--target` to `openclaw message send`

Recommendation

Confirm the recipient before sending signed challenges or linking a human identity to an agent DID.