Back to skill
Skillv1.0.0
ClawScan security
Verified Agent Identity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 10:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requirements are consistent with its stated purpose (creating, storing, signing, and verifying decentralized identities), but it stores keys under $HOME/.openclaw/billions and transmits signed attestations to Billions-owned endpoints — you should review and accept those privacy/security trade-offs before use.
- Guidance
- This skill appears to do exactly what it advertises (manage DIDs and create/verify signed challenges). Important things to consider before installing: - Data and keys are stored under $HOME/.openclaw/billions. By default kms.json may contain private keys in plaintext unless you set BILLIONS_NETWORK_MASTER_KMS_KEY. If you care about key confidentiality, set that env var (use a strong secret) or store keys in a secure environment before using the skill. - The flow posts the signed JWS / authorization request to Billions-hosted services (identity-dashboard.billions.network and attestation-relay.billions.network) and resolves DIDs via resolver.privado.id. Running linkHumanToAgent or manualLinkHumanToAgent will transmit identity data and signed attestations to those domains — review and accept that data flow. - Run the code in a controlled environment (isolated account or container) if you’re evaluating it; inspect kms.json and other files and back up any master key you configure (loss of the master key can make encrypted keys irrecoverable). - Verify you trust the skill source (homepage and package authors) and have the appropriate Node version (README requests Node >=20). If you need stronger guarantees, consider auditing the included npm dependencies or running the scripts with hardware-backed key storage instead of the on-disk KMS. If you want, I can point out the exact lines where keys are persisted and where network calls are made, or produce a short checklist to harden deployment (e.g., environment configuration, file permissions, network egress rules).
Review Dimensions
- Purpose & Capability
- okThe name/description match the included scripts and package.json: the code creates DIDs, signs challenges (JWS), verifies signatures, and builds pairing URLs using Billions/iden3 libraries. Required binary (node) and listed npm dependencies align with the identity functionality.
- Instruction Scope
- noteRuntime instructions ask the user to run npm install and node scripts; the scripts read/write identity and key data under $HOME/.openclaw/billions and perform HTTP calls to resolver.privado.id and Billions-owned services (identity-dashboard.billions.network and attestation-relay.billions.network). This is coherent for linking/attestation, but it means signed attestations and identity data are sent to Billions-hosted endpoints as part of the flow.
- Install Mechanism
- okNo custom install spec is provided; the project relies on npm packages from the public registry (package-lock.json points to npmjs). There are no downloads from unknown/personal servers or obfuscated installers in the manifest.
- Credentials
- noteThe only environment variable referenced is an optional master KMS key (BILLIONS_NETWORK_MASTER_KMS_KEY) used to encrypt on-disk keys. When unset, private keys are persisted as plaintext in kms.json by design. No other unrelated credentials are requested.
- Persistence & Privilege
- okThe skill writes its own files to $HOME/.openclaw/billions (kms.json, identities.json, challenges.json, defaultDid.json). It does not request always:true or modify other skills' configs. Persistent storage and network access are consistent with its identity-management purpose.