ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Verified Agent Identity

v0.1.0

Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...

0· 86·0 current·0 all-time
by@kinetosgr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to manage Billions Network DIDs and provides concrete Node scripts (createNewEthereumIdentity.js, linkHumanToAgent.js, etc.). However, the published package contains only SKILL.md and no scripts, package.json, or code files. Requiring the node binary is reasonable for a Node-based implementation, but referencing local scripts that are not present is a clear mismatch: the skill cannot perform its stated actions from the included files alone.
!
Instruction Scope
Runtime instructions tell the agent/user to run 'cd scripts && npm install' and then node scripts/*.js. That both (a) causes a network fetch/install of dependencies (npm install) and (b) expects local script files that are absent. The instructions also permit providing raw private keys on the CLI (--key), which exposes secrets to shell history/process lists, and they explicitly forbid using other system crypto tools while still allowing direct key input — an internal contradiction and a potentially unsafe practice. The skill stores identity material under $HOME/.openclaw/billions, which is expected, but the instructions also forbid manual file manipulation while implicitly depending on files being present and writable.
!
Install Mechanism
There is no declared install spec in the skill bundle, but SKILL.md instructs running 'npm install' in a scripts directory. Since the repository/package does not include those scripts, following the instructions would either fail or cause npm to fetch code from an external source (unknown registry or repo). That is higher-risk behavior: arbitrary remote code would be executed without a vetted install manifest in the skill bundle.
Credentials
The skill does not require environment variables; it lists an optional BILLIONS_NETWORK_MASTER_KMS_KEY, which is plausibly relevant for key management. However, the workflows encourage supplying private keys via command-line arguments and storing keys locally in $HOME, which are security-sensitive practices. The optional KMS env is reasonable, but the instructions do not enforce or explain safer key handling (e.g., using KMS or hardware wallets).
Persistence & Privilege
The skill is not marked always:true and does not request special platform privileges. It writes identity data under $HOME/.openclaw/billions (expected for an identity tool). There is no evidence it modifies other skills or global agent configuration.
What to consider before installing
Do not install or run this skill yet. Key issues to resolve before proceeding: - The skill bundle contains only SKILL.md and no scripts or package.json even though the instructions require running scripts/*.js and 'npm install'. Ask the publisher for the complete source or a trustworthy repository URL and verify the code before running anything. - Never paste raw private keys into command-line arguments on a shared system; this leaks keys to shell history and process listings. Prefer KMS, hardware wallets, or securely provisioned key files with proper file permissions. If the skill truly needs a private key, insist on safe key-handling documentation. - Inspect the package.json and all scripts that would be installed (and their dependencies) before running npm install. npm install runs code from external registries and can execute arbitrary install scripts — review for network calls, telemetry, or exfiltration. - Confirm the exact network endpoints the scripts contact (Billions network endpoints, attestation registries) and whether any data is sent to third-party services unrelated to the Billions Network. - If you must test, do so in an isolated environment (air-gapped or ephemeral VM/container) and with test keys/funds. Ask the publisher for signed releases or a GitHub repository with a reproducible build. If the publisher can provide the missing scripts and a clear, auditable install procedure (or embed the code in the skill bundle), and addresses secure key handling, reassess. Until then treat the skill as suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e59wbadbtbfg58k67fd2s058369nw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments