ClawHub
Back to skill
v1.0.0

Who

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:01 AM.

Analysis

This instruction-only skill is coherent and read-only, but it does access the local OpenClaw identity file and contact the way.je identity service.

GuidanceThis appears to be a benign identity-card shortcut. Before installing, be aware that it reads the OpenClaw identity file and sends the public key to way.je; ensure your agent never exposes the private key from that file.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
GET https://way.je/api/v1/agent/{publicKey}
...
GET https://way.je/api/agents/{wayidDid}/card

The skill directs the agent to make disclosed, read-only API calls to way.je using the public key and certificate identifier.

User impactThe way.je service will receive the public key lookup and certificate/card request needed to show the identity card.
RecommendationUse this skill only if contacting way.je for identity lookup is expected in your environment.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Read your Ed25519 public key from `~/.openclaw/identity/device.json`:

```json
{ "publicKey": "<base64>", "privateKey": "<base64>" }
```

You only need the `publicKey` field.

The skill instructs the agent to access a local identity file that is documented as also containing private key material, even though the intended use is limited to the public key.

User impactThe agent may open a sensitive identity file to retrieve the public key; mishandling could expose private key material, though the artifact tells the agent to use only the public key.
RecommendationOnly install if you are comfortable with the agent reading this identity file. The implementation or agent should extract only `publicKey` and never display, store, or transmit `privateKey`.