ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Robot Id Card

v0.2.0

Bot 身份认证标准 — 为 AI Agent 和机器人签发加密身份证书,让网站信任你的 bot。 内置 Ed25519 签名注册中心、CLI 工具、浏览器扩展和网站 SDK,支持分级权限控制(0-5级)、 每日签到信誉积累、公开审计日志。Universal identity standard for AI bo...

0· 87·0 current·0 all-time
byCosmos Fang@cosmofang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md, and code (CLI, registry, SDK, extension, dashboard) all align: Ed25519 keys, a Fastify/SQLite registry, a CLI that generates keys/registers/claims, an SDK middleware, and a browser extension for injecting RIC headers. No unrelated credentials, binaries, or surprising components are requested.
Instruction Scope
Runtime instructions and CLI actions stay within the declared domain (keygen, register, claim, status, report, run registry locally). Be aware the browser extension and CLI will add/send identity headers and will contact a registry URL (default: https://registry.robotidcard.dev). The SKILL.md claims private keys never leave the user environment; the CLI implementation appears to keep the private key local and only sends the public key on registration, which matches the doc. The public report endpoint and auto-blocking rules are part of the design and could be abused (false reports → auto-demotion).
Install Mechanism
There is no platform-level install spec; the project provides standard Git/npm build steps (git clone, npm install, npm run build, npm run dev:registry). Dependencies are fetched from npm (package-lock.json present). No downloads from ad-hoc URLs or extract-from-unknown-host patterns are present in the manifest. Installing will pull many npm packages (normal for a JS monorepo).
Credentials
The skill declares no required environment variables. Optional variables mentioned in docs (RIC_REGISTRY, RIC_ADMIN_KEY for deployed Render instances, VITE_REGISTRY_URL, NPM_TOKEN for publishing) are appropriate for running/publishing a registry/website. There are no unrelated secret requests in requires.env, and the CLI/SDK code accesses only the declared/expected vars and cert files.
Persistence & Privilege
The project writes local artifacts expected for this functionality: SQLite DB (registry.db) when running the registry, generated *.key.json private key files, and build artifacts (dist/). The browser extension injects request headers — which is needed for the feature but means installing the extension will modify outgoing requests. The skill does not request elevated privileges or set always:true. The registry's auto-block/report logic and public audit log are design decisions with privacy/abuse implications (public logs may surface developer contact info; reports can trigger automatic demotion).
Assessment
What to check before installing - Registry endpoint: the CLI/SDK default points to a remote registry (https://registry.robotidcard.dev). If you don't trust that remote service, run your own local or self-hosted registry before registering keys. - Private keys: the CLI writes your bot private key to a local JSON file (e.g., bot.key.json). Keep that file secure; anyone with it can impersonate your bot. The code appears to keep private keys local and only sends the public key, but verify this if you plan to use third-party registry endpoints. - Browser extension: installing the extension will inject RIC headers into web requests for your browser — this is necessary for the feature but can leak a bot identity or metadata if misconfigured. Review extension code (background.ts) and VITE_REGISTRY_URL/default endpoints before enabling. - Reporting & auto-block: the public report endpoint and automatic demotion after 3 reports within 24h are features that could be abused to demote or block bots. If you host a registry, consider changing thresholds, adding reporter verification, or requiring authenticated reports. - Admin secrets: if you deploy the registry (Render/Netlify/Vercel), set a strong RIC_ADMIN_KEY and secure any deployment secrets (NPM_TOKEN for CI publishing). Do not leave defaults in production. - Supply-chain: installation runs npm install and builds multiple packages; audit dependencies or use reproducible build practices if you require higher assurance. If you want higher assurance: run the registry locally or in your own controlled environment, review/scan the browser extension and server routes for unexpected network calls, and inspect any deployed registry instance before trusting it with production bot identities.
packages/cli/src/index.ts:22
Environment variable access combined with network send.
!
packages/cli/src/index.ts:81
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726ah8nkw7a4rm1emk5pw1t184ghvk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments