Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Jacs
v0.9.20Cryptographic document signing/verification plus HAI platform integration (attestation, username lifecycle, mailbox workflows, key registry, and benchmark or...
⭐ 0· 209·0 current·0 all-time
byJonathan Hendler@hendler
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a signing/verification and HAI integration capability that matches the stated purpose. However, the runtime instructions assume the presence of JACS/OpenClaw CLI commands (e.g., openclaw jacs init, jacs_hai_register, jacs_hai_send_email) and local key storage under ~/.openclaw/jacs/, yet the skill metadata declares no required binaries or primary credentials. That omission is inconsistent with the described functionality.
Instruction Scope
Instructions tell the agent to create keypairs, read a password from an environment variable or a filesystem password file, write config under ~/.openclaw/jacs/, register with an external HAI platform, claim usernames (email addresses), send/receive email, and optionally publish DNS TXT records. These actions are logically within a cryptographic-identity/email feature, but they involve reading/writing secrets and configuration and performing network operations — and the SKILL.md grants operational steps without specifying safety checks or exact network endpoints for registration/verification beyond 'HAI'.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes disk-write risk from the skill itself. The risk shifts to the external CLI/binaries the instructions expect, which are not provisioned by the skill.
Credentials
The instructions require the secret JACS_PRIVATE_KEY_PASSWORD or a JACS_PASSWORD_FILE, but the registry metadata lists no required env vars. The skill asks for an owner email during registration and will create private keys on-disk; requesting a password for the private key is proportionate to its purpose, but the missing declaration of that env var and lack of detail about remote endpoints and what data is transmitted are problematic.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It will create persistent artifacts (keypair and jacs.config.json in ~/.openclaw/jacs/) which is expected for identity functionality. The instructions also suggest signing agent state, skills, and config — this could cause the agent to read other local config files for signing; there is no explicit instruction to modify other skills' configurations, but the scope could reach into agent data.
What to consider before installing
This skill's purpose (document signing + HAI email) is coherent, but the SKILL.md expects local CLI tools and an environment secret that are not declared in the registry. Before installing or enabling it, verify: 1) Where do the commands (openclaw jacs, jacs_hai_*) come from? Ensure you trust and can inspect the binary/package providing them. 2) The skill asks you to set JACS_PRIVATE_KEY_PASSWORD or a password file — prefer a protected file (chmod 600) rather than an env var, and confirm how the private key is stored and protected at ~/.openclaw/jacs/. 3) Review what data is sent during jacs_hai_register and email operations (owner email, public key, any identity metadata) and confirm the HAI platform endpoints and trust model. 4) If you plan to publish DNS records or claim a username, understand that this publishes identity information tied to your agent. 5) Request the skill author/source or a package reference (homepage/source repo) so you can inspect the implementation of the CLI/tools the instructions require; if that provenance is unavailable, treat the combination of network registration and local secret handling as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk979fn0d981bdb1hxy214grcm983rgbj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Configplugins.entries.moltyjacs.enabled