Back to skill
Skillv0.1.0
ClawScan security
Verified Agent Identity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 13, 2026, 12:06 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions largely match an identity-management purpose, but there are cohesion issues (undeclared environment usage, missing npm requirement, and local private-key handling) that warrant caution before installing.
- Guidance
- What to check before installing: - Expect the skill to create and store private keys and DID state at $HOME/.openclaw/billions. If you do not want keys on disk, do not install. - By default keys are stored in plaintext unless you set BILLIONS_NETWORK_MASTER_KMS_KEY. If you plan to use this skill, set BILLIONS_NETWORK_MASTER_KMS_KEY to a strong secret (and back it up) to enable AES-256-GCM encryption of keys. - The SKILL.md instructs running 'npm install' but the registry metadata does not list 'npm' as a required binary — ensure you have a matching Node/npm runtime (package-lock indicates Node >=20 is expected). - The skill makes HTTPS calls to Billions network services (rpc-mainnet.billions.network, attestation-relay.billions.network, identity-dashboard.billions.network) and to resolver.privado.id — review and confirm these endpoints are acceptable for your environment. - The scripts accept an existing private key via command-line arguments; be careful not to expose or pass secrets in shell history or CI logs. - If you need stronger assurance, review the included source files (kms handling, storage, and network code) and test in an isolated environment. The inconsistencies (undeclared env var, missing npm requirement, and plaintext fallback) are explainable but important — handle secrets intentionally.
Review Dimensions
- Purpose & Capability
- okName/description (decentralized DID management on Billions Network) aligns with the included scripts: DID creation, challenge generation/signing, linking humans to agent DIDs, and signature verification. Network endpoints and libraries used (iden3, polygonid, ethers) are consistent with the stated purpose.
- Instruction Scope
- noteSKILL.md instructs running the included Node scripts (npm install then node scripts/...). The runtime steps read/write identity material under $HOME/.openclaw/billions and perform network calls to Billions/Privado services. The README also forbids manual cryptographic workarounds. This scope is appropriate for an identity skill, but the SKILL metadata omitted 'npm' even though instructions require running 'npm install'.
- Install Mechanism
- noteThere is no formal install spec in the registry entry (instruction-only), yet the package includes a scripts/ package.json and package-lock.json and the runtime instructions call 'npm install'. Dependencies are pulled from npm (well-known packages). This is moderate-risk but expected for Node-based tooling; absence of an explicit install spec in the registry is an inconsistency users should notice.
- Credentials
- concernThe code reads an optional master key environment variable (BILLIONS_NETWORK_MASTER_KMS_KEY) to enable AES-256-GCM encryption of private keys, but the registry metadata did not declare any required environment variables. Keys are persisted to $HOME/.openclaw/billions/kms.json and, if the master key is not set, they are stored as plain hex. The use of a sensitive env var (master KMS key) is reasonable for this skill, but it should be declared explicitly and users must understand the plaintext fallback behavior.
- Persistence & Privilege
- okThe skill persists keys and identity files to $HOME/.openclaw/billions (documented in README/SKILL.md). It does not request 'always: true' or system-wide config modifications. File writes are expected for an identity management skill, but this is persistent sensitive data and should be accepted intentionally by the user.