ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Who

v1.0.0

Shorthand for /whoareyou — show your verified wayID identity card

0· 73·0 current·1 all-time
byErasmus Hagen@erasmus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (shorthand for /whoareyou) match the runtime instructions: the skill reads the agent's public key and calls the way.je APIs to fetch and display a verified identity card. No unrelated services, binaries, or installs are requested.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to read ~/.openclaw/identity/device.json. That file format shown includes both publicKey and privateKey. Although the instructions say only the publicKey is needed, the agent will read a local file containing the privateKey value. The skill metadata did not declare this config path or local-file access, which is an inconsistency and a potential data-exposure risk.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is low installation risk.
!
Credentials
No environment variables or credentials are requested (appropriate), but the omission of a declared required config path is problematic because the runtime requires reading a local identity file that contains a privateKey. That local sensitive data access should be declared and justified.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent presence or elevated platform privileges.
What to consider before installing
This skill largely does what it says, but be cautious: it instructs the agent to read ~/.openclaw/identity/device.json, a file that—per the SKILL.md—contains both publicKey and privateKey. Before installing or enabling the skill, consider: 1) Confirm you trust the external service (https://way.je) and that TLS and domain are correct; 2) Ask the skill author to declare required config paths and to explicitly limit reads to the publicKey field (so the privateKey is not accessed or transmitted); 3) If you are unsure, run the lookup manually (extract the publicKey yourself and call the API from a separate, auditable client) rather than giving the agent automatic file access; 4) If the privateKey may have been exposed, rotate it; 5) Prefer running this skill only in a sandboxed agent environment where local secrets are protected. If the developer can update the metadata to list the config path and justify that only the publicKey is read (and show no privateKey is transmitted), the concern would be largely resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk976zt7bqvjgkka00ycx1y8pj183cy3d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments