Universal Profile
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: universal-profile Version: 0.9.0 The skill bundle provides a legitimate and well-architected interface for managing LUKSO Universal Profiles. It implements robust security practices, including AES-256-GCM encryption for local keystore management (lib/profile.js), PBKDF2 for key derivation, and proactive checks for insecure file permissions (lib/credentials.js). Network activity is limited to standard blockchain RPC providers, the official LUKSO relay service, and Envio GraphQL indexers. The code is highly transparent, includes an extensive test suite, and lacks any indicators of data exfiltration, malicious execution, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is over-permissioned, mishandled, or used by the agent unexpectedly, the user’s profile, tokens, or on-chain permissions could be changed or funds moved.
The skill expects a controller private key capable of acting for the Universal Profile, while the registry metadata declares no primary credential. This is high-impact wallet/account authority.
"controller": { "address": "0xYourControllerAddress", "privateKey": "0xYourPrivateKey" }Use a least-privilege controller key, avoid full-access permissions, store keys encrypted with restrictive file permissions, and require explicit approval before any signing or transaction.
A mistaken or autonomous invocation could submit an irreversible token transfer if credentials are configured.
The token-transfer command builds and sends a blockchain transaction directly after validating inputs. No explicit confirmation or transaction-preview gate is visible in this command.
console.log('📤 Sending transaction...'); ... result = await executeRelay(payload); ... result = await executeDirect(...)Add a mandatory transaction preview and human confirmation step for transfers and other state-changing blockchain operations; default to dry-run/read-only behavior unless the user explicitly approves sending.
Choosing the full-access preset could let the configured controller make unrestricted changes to the Universal Profile.
The skill includes a full-access permission preset. It is clearly labeled as critical and warned about, but it grants complete profile control.
'full-access': { ... permissions: ['ALL_PERMISSIONS'], riskLevel: 'CRITICAL', warning: 'This grants full control over your Universal Profile' }Prefer restricted presets such as read-only or token-operator, and only grant full access when absolutely necessary and explicitly intended.
Users have less external context to verify who maintains the wallet-related code before trusting it with keys.
The artifact provides limited provenance for a skill that handles blockchain keys and transactions. The package-lock is present and static scan is clean, so this is a provenance note rather than direct evidence of malicious behavior.
Source: unknown; Homepage: none
Verify the publisher/source before installing, and review the package contents and lockfile if using it with valuable assets.