Back to skill
Skillv1.0.0
VirusTotal security
Verified Agent Identity New · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 12:26 PM
- Hash
- 03f7c2e02f3374c59d8c48c22a5a14b779857db2816eed8f53b722ecd773f8cc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: verified-agent-identity-new Version: 1.0.0 The skill manages decentralized identities and private keys, storing them in '$HOME/.openclaw/billions/kms.json'. It is classified as suspicious because it defaults to storing sensitive private keys in plaintext if the optional 'BILLIONS_NETWORK_MASTER_KMS_KEY' environment variable is not provided (scripts/shared/storage/keys.js). It also communicates with external endpoints such as 'identity-dashboard.billions.network' and 'resolver.privado.id' to facilitate identity linking and verification. While these actions are consistent with the stated purpose, the handling of secrets at rest without enforced encryption presents a significant security vulnerability.
- External report
- View on VirusTotal