Back to skill
Skillv1.0.0
VirusTotal security
verified-agent-identity-0.0.15 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:55 AM
- Hash
- 19d495d59accd79adb06527abb1901bf8758674ca88d9bf9d11eff360b75fd99
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: artefact-144794446 Version: 1.0.0 The skill implements a decentralized identity (DID) management system that handles sensitive cryptographic private keys, storing them by default in plaintext within '$HOME/.openclaw/billions/kms.json' unless an optional environment variable is configured. It performs network communication with external endpoints (billions.network and privado.id) to relay signed attestations and resolve identities, which are high-risk behaviors. While the code appears to be a legitimate implementation of the iden3 protocol and includes agent guardrails in SKILL.md, the combination of secret management and external data transmission warrants a suspicious classification under the provided criteria.
- External report
- View on VirusTotal