critical
suspicious.secret_argv_exposure
- Location
- SKILL.md:134
- Finding
- Instructions pass high-value credentials through process argv.
Verified Agent Identity 2
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.secret_argv_exposure
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A user or agent could be asked to run unreviewed code or dependencies for private-key and identity operations.
Why it was flagged
The supplied manifest says this is an instruction-only skill with no code files, yet SKILL.md directs installation and execution of missing helper scripts that would manage identities and credentials.
Skill content
cd scripts && npm install && cd .. ... node scripts/createNewEthereumIdentity.js
Recommendation
Do not run the scripted workflow until the package includes the referenced scripts, dependency files, and an auditable install path from a verified source.
What this means
An exposed private key or token could let another local user or process impersonate or misuse the identity.
Why it was flagged
The skill documents passing private keys and authentication/proof tokens through command-line arguments, which can be exposed via process listings, logs, or shell history.
Skill content
node scripts/createNewEthereumIdentity.js [--key <privateKeyHex>] ... node scripts/verifySignature.js --did <did> --token <token>
Recommendation
Avoid providing existing private keys or tokens through argv; use safer secret input methods and prefer a new, limited-use identity until the implementation is reviewed.
What this means
If the target is wrong or spoofed, an identity proof could be sent to the wrong party.
Why it was flagged
The workflow sends a signed identity proof over OpenClaw messaging to a caller-supplied target, so recipient identity and message routing matter.
Skill content
sends the JWS token as a direct message to the specified sender ... passed as `--target` to `openclaw message send`
Recommendation
Confirm the recipient before sending signed challenges or linking a human identity to an agent DID.