Back to skill
Skillv1.0.0
ClawScan security
Verified Agent Identity Masud · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 2:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The files, runtime instructions, network calls, and optional environment variables are consistent with a decentralized-identity (Billions/iden3) skill — nothing in the package appears unrelated to its stated purpose.
- Guidance
- This skill appears to do what it claims: creating and managing DIDs and signing/verifying challenges against Billions/iden3 services. Before installing, consider: 1) Protect private keys: set BILLIONS_NETWORK_MASTER_KMS_KEY in your skill/process config to ensure keys on disk are encrypted; without it keys are stored in plaintext under $HOME/.openclaw/billions. 2) Verify npm dependencies yourself (npm install will fetch packages from the registry; review package-lock.json or run in an isolated environment). 3) Run the scripts only on a trusted machine — the skill stores persistent private keys and challenge history. 4) Review network endpoints in scripts/constants.js (identity-dashboard, attestation-relay, rpc-mainnet, resolver.privado.id) to ensure they match expected infrastructure for your deployment. 5) If you need an attester identity different from the placeholders in the code (ATTESTER_DID / ATTESTER_ETH_ADDRESS), review how those values are set and whether they require additional configuration. If you want tighter security, run npm install and the scripts inside a sandbox or VM, and audit kms.json after first run to confirm encryption is active.
Review Dimensions
- Purpose & Capability
- okName/description, CLI commands in SKILL.md, and the included scripts all implement DID creation, key storage, challenge signing, attestation generation, and verification against the Billions/iden3 ecosystem. Required binary (node) and npm dependencies align with the stated functionality.
- Instruction Scope
- okRuntime instructions direct the agent to run the provided Node scripts and to store identity data under $HOME/.openclaw/billions. Scripts read/write only the skill's storage files and call DID resolvers / Billions network endpoints described in constants.js and README. There are no instructions to read unrelated system files or to exfiltrate data to unknown domains; network calls are to resolver.privado.id, rpc-mainnet.billions.network, identity-dashboard.billions.network and attestation-relay.billions.network which match the skill's purpose.
- Install Mechanism
- okThis is an instruction-first skill with a package.json / package-lock that will require running npm install locally. Dependencies resolve to npm registry packages (no ad-hoc downloads or URL-based code-fetching). No install spec downloads arbitrary archives or uses unknown hosts.
- Credentials
- noteThe only optional environment variable is BILLIONS_NETWORK_MASTER_KMS_KEY to enable AES-256-GCM encryption of stored private keys. That is appropriate for a key-management feature. Important note: when the master KMS env var is NOT set, private keys are persisted in kms.json as plain hex strings by design — the README and code document this behavior. No unrelated credentials are requested.
- Persistence & Privilege
- noteSkill writes persistent identity and key material to $HOME/.openclaw/billions (kms.json, identities.json, challenges.json, defaultDid.json). That persistence is expected for an identity manager, but it has security implications (see guidance). always:false and normal autonomous invocation settings are used.