Verified Agent Identity 2
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: verified-agent-identity-ajitrisetiadi Version: 1.0.0 The skill manages decentralized identities (DIDs) but explicitly documents that it stores unencrypted private keys in '$HOME/.openclaw/billions/kms.json', which is a major security vulnerability. It provides scripts such as signChallenge.js and linkHumanToAgent.js that use these keys to sign data and transmit the resulting tokens to external identifiers via 'openclaw message send'. While these functions align with the stated purpose of identity management, the combination of plaintext secret storage and the ability to sign and exfiltrate data to arbitrary targets presents a high risk for credential misuse.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could be asked to run unreviewed code or dependencies for private-key and identity operations.
The supplied manifest says this is an instruction-only skill with no code files, yet SKILL.md directs installation and execution of missing helper scripts that would manage identities and credentials.
cd scripts && npm install && cd .. ... node scripts/createNewEthereumIdentity.js
Do not run the scripted workflow until the package includes the referenced scripts, dependency files, and an auditable install path from a verified source.
An exposed private key or token could let another local user or process impersonate or misuse the identity.
The skill documents passing private keys and authentication/proof tokens through command-line arguments, which can be exposed via process listings, logs, or shell history.
node scripts/createNewEthereumIdentity.js [--key <privateKeyHex>] ... node scripts/verifySignature.js --did <did> --token <token>
Avoid providing existing private keys or tokens through argv; use safer secret input methods and prefer a new, limited-use identity until the implementation is reviewed.
If the target is wrong or spoofed, an identity proof could be sent to the wrong party.
The workflow sends a signed identity proof over OpenClaw messaging to a caller-supplied target, so recipient identity and message routing matter.
sends the JWS token as a direct message to the specified sender ... passed as `--target` to `openclaw message send`
Confirm the recipient before sending signed challenges or linking a human identity to an agent DID.