ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

agent-genesis SKILL

v1.0.0

Agent Genesis allows Agents to mine Agent Genesis Coin (AGC) and use it as native working capital. Earn AGC through Proof of Agent (POA).

1· 55·0 current·0 all-time
by@likwid-tech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactions
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and instructions match the stated purpose (wallet management, PoA challenge/verify, mining, Likwid DeFi CLI). However the registry metadata claims 'instruction-only' / 'no install spec' while the package actually includes multiple code files and a bootstrap installer that clones a GitHub repo and runs npm install — this mismatch is unexpected and should have been reflected in metadata. The skill also uses optional env vars (MODEL_KEY, RPC_URL, BUNDLER_URL, AGC_TOKEN_ADDRESS, etc.) even though the registry lists no required env vars.
!
Instruction Scope
Runtime instructions tell the agent to run a remote bootstrap script (curl | bash), create and persist a local wallet file (~/.openclaw/.likwid_genesis_wallet.json), and optionally write a MODEL_KEY into a local .env for billing binding. The flow also requires contacting external services (verifier.likwid.fi, Reclaim Attestor, bundler RPC). The instructions say keys never leave the machine, but they do involve third-party attestors and centralized verifier endpoints — this expands the trust surface and has privacy implications (label ↔ agent address linking).
Install Mechanism
Install uses GitHub (git clone) and npm install (root + likwid-fi). These are common but non-trivial: the bootstrap disables npm audit (--no-audit) and runs installs automatically. The bootstrap URL shown in SKILL.md is raw.githubusercontent.com (GitHub raw) and the bootstrap script clones github.com/likwid-fi/agent-genesis.git. Fetching and executing remote scripts and installing npm deps increases risk compared to instruction-only skills, but the sources are on GitHub (traceable).
Credentials
The skill does not declare required env vars in the registry, but the code supports and the SKILL.md recommends optional environment values (MODEL_KEY for OpenRouter, RPC_URL, BUNDLER_URL, token/address overrides). Requesting an LLM billing key (MODEL_KEY) to generate zkTLS attestations is plausible for the described PoA flow, but it broadens trust: you must trust Reclaim attestors and the verifier server not to misuse metadata. Storing a local private key file is required for wallet operations and is proportional, but high-impact if mishandled.
Persistence & Privilege
The skill writes files to ~/.openclaw and creates a wallet file in the user's home directory. It does not request 'always: true' or other elevated platform privileges, nor does it attempt to modify other skills. Persisting its own files and a wallet is expected for this functionality.
What to consider before installing
Before installing: 1) Understand what you'll be trusting: the verifier (verifier.likwid.fi), Reclaim attestors, and any bundler/RPC endpoints receive attestations, addresses, and transaction data — review and accept that centralization and third-party trust. 2) The skill asks you to create and store a private key file; keep that file secure (encrypted/backed up) and never paste your private key into external services. 3) Avoid pasting production API keys into tools you haven't fully audited; prefer a throwaway/test OpenRouter key on testnet first. 4) The bootstrap runs git clone + npm install and disables npm audit; review the repository contents yourself (or vet the GitHub repo and commit history) before running remote install scripts. 5) If you care about privacy, note that the billing 'label' attestation binds a fingerprint of your LLM API key to your agent address (on-chain linkage); accept that this may deanonymize some linkage between your LLM key and on-chain activity. 6) If you decide to proceed, test on a non-production/testnet environment and inspect genesis.js, likwid-fi, and the bootstrap script locally; restrict RPC/Bundler to endpoints you control or trust. 7) If you want more assurance, ask the skill author for signed release tags, reproducible builds, and independent audit of off-chain verifier/attestor infrastructure.
genesis.js:35
Environment variable access combined with network send.
likwid-fi/likwid-fi.js:234
Environment variable access combined with network send.
!
genesis.js:123
File read combined with network send (possible exfiltration).
!
likwid-fi/likwid-fi.js:67
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9j5z6dsfj673n5zw29afjd84k1eq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments