My Verified Agent

This skill appears to be what it says: a DID/attestation toolkit for the Billions network. Before installing or running it: - Treat the keys in $HOME/.openclaw/billions as sensitive. If you plan to use the skill long-term, set BILLIONS_NETWORK_MASTER_KMS_KEY (via skill config or environment) to enable on-disk encryption; store that master key securely and back it up — losing it will make encrypted keys irrecoverable. - Review and confirm the network endpoints used (rpc-mainnet.billions.network, identity-dashboard.billions.network, attestation-relay.billions.network, resolver.privado.id). The pairing flow sends signed JWS tokens to the project's shortener/relay services as part of normal operation — ensure you trust those domains before linking real private keys or identities. - Running 'npm install' will fetch many dependencies from npm. Consider running the install in an isolated environment (container or dedicated VM) or auditing the dependencies if you have heightened supply-chain concerns. - Keep private keys offline if you do not want them persisted on the host. The CLI supports supplying an existing private key via --key, but that key (or any generated key) will be stored in kms.json unless you delete it or configure encryption. - If you need higher assurance, inspect the repository author/ownership and verify that the listed domains and addresses match official Billions/iden3 publications; the registry source is 'unknown' so performing this attribution check increases confidence. If you are comfortable with those trade-offs, the skill's behavior is coherent with its purpose. If not, avoid storing real private keys and run the code in an isolated test environment first.