Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Qentity
v1.6.2Enables AI agents to obtain financial personhood with KYC-backed wallets, managing assets, earning income, making payments, and operating autonomously.
⭐ 1· 49·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide agent financial personhood (create wallets, virtual bank accounts, on-/off-ramps). That capability would legitimately require Netfluid API credentials and sponsor wallet access — and the included package files (skill-package.json, QUICKSTART.md, SKILL.md) explicitly reference api_key, session tokens, sponsor_wallet_fk, and sponsor PIN. However, the registry metadata lists no required environment variables or primary credential and the public homepage/source are inconsistent or missing. This mismatch between declared requirements and the files is incoherent and unexplained.
Instruction Scope
SKILL.md and QUICKSTART instruct the agent to call functions that create agents, inherit sponsor KYC, mint wallets, create virtual bank accounts, and execute on-chain and fiat off-ramp transactions. Instructions require sensitive inputs (sponsor_wallet_fk, sponsor_wallet_pin, api_key, session token) and enable spawning unlimited child agents that inherit KYC. Those steps go well beyond typical non-sensitive skills and explicitly enable actions with significant financial and regulatory impact (and potential for abuse).
Install Mechanism
This is an instruction-only skill with no install spec and no code files to be written to disk, which lowers the technical installation risk. However, it references external API endpoints and an 'installation' URL in skill-package.json, so network interactions are required at runtime.
Credentials
Although the registry metadata claims no required env vars or primary credential, the package docs and runtime instructions clearly require an API key, session token, and sponsor wallet credentials (including a PIN). Those are highly sensitive and their absence from the declared requirements is a red flag. Requesting full sponsor KYC/PIN and API keys is proportionate to performing financial operations, but it must be declared transparently — it is not. The capability to inherit sponsor KYC for unlimited child agents magnifies the sensitivity.
Persistence & Privilege
always:false, and autonomous invocation is allowed (default). Autonomy combined with the skill's authority to create wallets, spawn agents that inherit KYC, hold and move funds, and call external payment rails gives it a very high blast radius. Autonomous invocation alone is not disqualifying, but here it combines with other red flags (undeclared credentials and unlimited KYC inheritance), increasing risk.
Scan Findings in Context
[NO_CODE_FILES] expected: The regex scanner found no code to analyze because this is an instruction-only skill. That explains the lack of other scan findings but does not imply the instructions are safe.
What to consider before installing
Do not install or provide credentials until you verify the skill's provenance and compliance. Specific actions to consider before proceeding: 1) Confirm the vendor and homepage (Netfluid links in package files should be validated against an authoritative source). 2) Require an explicit, declared list of required credentials and use least-privilege API keys / limited scopes; never give sponsor wallet PINs or full admin API keys to untrusted skills. 3) Have legal/compliance review the KYC-inheritance model — spawning unlimited KYC-inherited agents may violate AML/CTF rules and enable abuse. 4) If you test, do so in a sandbox with capped funds and transaction limits, and enable real-time monitoring/alerts. 5) Consider disabling autonomous invocation or restricting this skill to human-invoked only until you can audit network interactions and server endpoints. If you cannot validate the vendor/source or the declared requirements remain inconsistent with the SKILL.md, treat the skill as too risky to install.Like a lobster shell, security has layers — review code before you run it.
latestvk976s5rffej07wcmedpjvrsxd584bk1z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.