Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Leanjutsu
v1.0.0Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify and generate authentic...
⭐ 0· 96·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Functionality in the scripts (create identity, sign/verify challenges, produce a wallet pairing URL) matches the declared identity/linking purpose. However the registry metadata and embedded _meta.json/README values differ (skill listed as 'Leanjutsu' vs SKILL.md name 'verified-agent-identity' and differing owner/slug entries), which is an inconsistency that should be explained by the publisher.
Instruction Scope
Runtime instructions are focused on DID creation, signing, linking and verification. They read and write identity material under $HOME/.openclaw/billions and make network calls to resolver.privado.id, rpc-mainnet.billions.network and several billions.network domains. The code also POSTs the authorization request to a URL shortener (identity-dashboard.billions.network) and constructs a callback URL that embeds the signed JWS as a query parameter — this sends potentially sensitive attestation/JWS material to a remote service, which is expected for this protocol but is a concentration-of-risk and should be accepted explicitly by the user.
Install Mechanism
There is no automated install spec in the registry (install is manual via 'cd scripts && npm install'), but the package and package-lock pull from public npm registries and use well-known identity libraries. This is expected for a Node-based identity toolkit; still, running 'npm install' will fetch dependencies from npm (moderate risk) and the skill includes many code files that will be executed locally.
Credentials
The skill does not require credentials to be set by default, but it stores private keys in $HOME/.openclaw/billions/kms.json. By default keys are stored as plaintext 'plain' provider unless the user sets the optional environment variable BILLIONS_NETWORK_MASTER_KMS_KEY to enable AES-256-GCM per-entry encryption. Storing private keys unencrypted by default and allowing private keys to be passed on the CLI (--key) (which can be leaked via shell history) are significant sensitive-data risks that must be understood before use.
Persistence & Privilege
The skill persists identity and key material to $HOME/.openclaw/billions (its own directory) and does not request always:true or system-wide config changes. The skill may be invoked autonomously by the agent (default platform behavior); given it can access and sign with stored keys, autonomous invocation increases potential impact and should be considered when granting the skill to an agent.
What to consider before installing
This package appears to implement the identity-linking functionality it claims, but review these before installing:
- Provenance: confirm the publisher and package identity (the SKILL.md name, README, and _meta.json/registry owner/slug differ). Only proceed if you trust the source and homepage (billions.network).
- Key storage: by default private keys will be written to $HOME/.openclaw/billions/kms.json and may be stored unencrypted. If you will store real/private keys, set BILLIONS_NETWORK_MASTER_KMS_KEY to a strong secret (and understand how to manage it), or avoid using real keys on this machine.
- CLI key exposure: avoid passing private keys via --key on shells with history; prefer importing keys via secure means or using the KMS encryption feature.
- Remote endpoints: the skill sends signed JWS/attestation material to a URL-shortener and to an attestation-relay endpoint (domains under billions.network and resolver.privado.id). Review and accept the privacy implications (these endpoints will see the attestation or the shortener request_uri). If you require on-prem or audited endpoints, adapt the code before use.
- Dependency install: the scripts require running 'npm install' which will fetch many packages from npm; audit or pin versions if you need stricter supply-chain guarantees.
If you are not comfortable with the above (especially plaintext key storage or sending attestations to remote services), do not install or run the scripts on a machine with valuable keys. If you decide to proceed, set BILLIONS_NETWORK_MASTER_KMS_KEY, review the code yourself (or ask for a vendor attestation), and run in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk977778v2h76k8f9czc461b9mh834znp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnode