Skillv1.0.0

ClawScan security

Agent Desapetc 999 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 9:18 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested environment are consistent with its stated purpose (creating and linking DIDs on Billions Network); main security item to note is that private keys are stored on disk and are plain by default unless you set the optional master KMS env var.
Guidance: This skill appears to be what it claims: a Billions Network DID management toolkit for agents. Before installing or running it, consider the following: - Private keys are persisted to $HOME/.openclaw/billions (kms.json). By default keys are stored as raw hex unless you set the optional BILLIONS_NETWORK_MASTER_KMS_KEY — set this environment variable in your skill config or process environment to enable AES-256-GCM encryption of keys. - Treat the master KMS key like any high-value secret: keep it out of logs, backups that are not secure, and do not share it. If lost, encrypted keys cannot be recovered. - The scripts will run npm install (downloads packages from npm). Review package-lock.json if you need to audit transitive dependencies or prefer pinning/locking to an internal registry. - The tool will make network calls to project-specific domains (rpc-mainnet.billions.network, resolver.privado.id, identity-dashboard.billions.network, attestation-relay.billions.network). Only proceed if you trust Billions Network and those endpoints. - Do not paste private keys onto untrusted consoles. The CLI accepts --key to import a private key; be careful when doing this on shared systems. - If you want stricter isolation, run the scripts in a controlled environment (dedicated machine/container) and verify the skill bundle contents before executing. If you accept these trade-offs (especially configuring the master KMS key or otherwise protecting the kms.json file), the skill is internally coherent and appropriate for its stated purpose.

Review Dimensions

Purpose & Capability: okName/description (Billions decentralized identity, DID linking and signing) align with the included Node scripts, dependencies, and required binary (node). The optional environment variable BILLIONS_NETWORK_MASTER_KMS_KEY is relevant to key storage encryption and matches the claimed KMS functionality. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md instructs running npm install and node scripts in the provided scripts/ directory — this matches the bundled code. The runtime actions are within identity management scope (create identities, sign challenges, call resolvers/shortener/rpc endpoints). The scripts read only the optional KMS env var and write/read files under $HOME/.openclaw/billions as documented. Important operational guardrail: the skill stores private keys locally and will store them in plaintext unless the optional master key env var is set (this behavior is documented in README and code).
Install Mechanism: okThere is no platform-level install spec; SKILL.md tells the user to run npm install inside scripts/ which will fetch packages from npm. A package-lock.json is included listing well-known packages (ethers, @0xpolygonid/js-sdk, @iden3 libs). Using npm is proportionate for a Node-based identity toolkit; it carries the usual supply-chain considerations but is expected here.
Credentials: concernThe only declared optional env var (BILLIONS_NETWORK_MASTER_KMS_KEY) is directly relevant (used to AES-256-GCM-encrypt keys). However by default (when the env var is not set) the system stores private keys as raw hex in $HOME/.openclaw/billions/kms.json. That default plaintext storage is a security risk if users do not set the master key or otherwise protect the directory. No unrelated credentials are requested.
Persistence & Privilege: okThe skill does persist state on disk under $HOME/.openclaw/billions (identities, kms.json, challenges.json) which is expected for an identity manager. always is false and the skill does not request system-level or other-skills configuration changes. It does perform network calls to project-related domains (rpc-mainnet.billions.network, resolver.privado.id, identity-dashboard.billions.network, attestation-relay.billions.network) which are consistent with the stated purpose.