ClawHub

Pairing Agent Core

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it stores long-lived identity keys and credential data locally with plaintext defaults unless users configure encryption first.

Install only if you intentionally want this skill to manage a Billions agent identity. Before creating or importing any identity, set BILLIONS_NETWORK_MASTER_KMS_KEY, protect $HOME/.openclaw/billions from backups and other local users, and approve every identity creation, signing, and human-linking action explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that `kms.json` may contain private keys in plaintext when `BILLIONS_NETWORK_MASTER_KMS_KEY` is not set, but it does not place a strong, immediate warning before operational steps or require secure configuration first. Because this skill manages decentralized identity keys, plaintext key storage can directly enable identity theft, unauthorized signing, and persistent compromise if the local filesystem is exposed or backed up insecurely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code initializes key storage with a file-backed store (`kms.json`) for cryptographic material used by the identity wallet. Persisting private key material to local files without encryption, access controls, or explicit disclosure materially increases the risk of credential theft if the host filesystem is accessible to another local user, malware, backups, or logs. In an agent identity skill, this is more dangerous because these keys represent long-lived identity and signing authority.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The runtime persists credentials, identities, profiles, DIDs, and challenges to predictable local JSON files. These artifacts can contain sensitive identity metadata, authentication state, and replay-relevant challenge information; storing them unprotected on disk can enable local disclosure, tampering, or unauthorized reuse. Because this skill handles decentralized identity proofs, compromise of this data can undermine both privacy and authentication integrity.

Missing User Warnings

High
Confidence
97% confidence
Finding
The code explicitly falls back to storing private keys with provider: "plain" when no master key is available, which means highly sensitive cryptographic material can be written to disk unencrypted. In an agent identity skill, compromise of these keys could allow impersonation, forged attestations, and persistent account takeover, especially on shared hosts or developer machines.

Credential Access

High
Category
Privilege Escalation
Content
function newDataStorage(ethStateStorage) {
  return {
    credential: new CredentialStorage(
      new IdentitiesFileStorage("credentials.json"),
    ),
    identity: new IdentityStorage(
      new IdentitiesFileStorage("identities.json"),
Confidence
85% confidence
Finding
credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal