ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Attestation

v3.0.2

Portable reputation system for agents v3 - Ed25519 signatures, input validation, handoff KV

0· 403·1 current·1 all-time
byIvan Cetta@nantes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (attestation, Ed25519, handoff KV) align with the included code: key management, signing/verification, input validation, and a simple on-disk KV are implemented. Minor inconsistency: registry metadata described the skill as instruction-only yet the package contains multiple Python source files implementing the features; this is likely just an author packaging choice rather than malicious misdirection.
Instruction Scope
SKILL.md and the example usage clearly require Python and the 'cryptography' library and warn about filesystem access. Runtime code only performs local file I/O (keys, attestations, manifest) and canonical signing/verification and input checks. There are no network calls or references to unrelated system paths or environment variables in the provided files.
Install Mechanism
No install spec or remote downloads are present; this is a code-bundle you run locally. The only external dependency is the Python 'cryptography' library (imported), which must be installed in your environment; there are no opaque third-party download URLs or extract steps.
!
Credentials
The skill requests no environment variables or external credentials, which is proportionate to its purpose. However, it generates and writes Ed25519 private keys to disk in PEM form unencrypted (KeyManager.generate_keypair) and stores identity/reputation data in an on-disk KV in cleartext by default. Default relative paths (./keys, ./attestation_kv) increase risk in shared or cloud/workspace environments. This is a storage/operational security concern (not an evidence of exfiltration).
Persistence & Privilege
The skill does not request forced persistent inclusion (always: false) nor does it modify other skills. It writes persistent files to configurable directories and thus can provide long-lived identity/reputation state; ensure those directories are chosen and permissioned appropriately. Autonomous invocation (disable-model-invocation: false) is the platform default and not a unique red flag here.
Assessment
This package appears to implement what it claims (local attestation, Ed25519 signing, and a handoff KV) and contains no network calls or requests for unrelated credentials, but it stores private keys and identity/reputation data unencrypted in default relative directories. Before installing or running: 1) review and run the code in a sandbox/isolated environment; 2) set keys_dir and KV directory to a secure absolute path outside any shared workspace; 3) restrict filesystem permissions (e.g., chmod 600 on private key files); 4) consider adding encryption at rest or protecting private keys with a passphrase or OS keyring; 5) install a vetted version of the 'cryptography' library from PyPI and review dependency versions; 6) audit the code yourself (or ask the author) if you need assurance there are no network endpoints beyond the included files. If you cannot ensure secure storage for the generated keys, treat the skill as risky for production use.

Like a lobster shell, security has layers — review code before you run it.

attestationvk970kqmdbfzdaa415q79ew143h825svvidentityvk970kqmdbfzdaa415q79ew143h825svvinfrastructurevk970kqmdbfzdaa415q79ew143h825svvlatestvk97crc7xj65896t65kkb8skkr1826crwreputationvk970kqmdbfzdaa415q79ew143h825svvtrustvk970kqmdbfzdaa415q79ew143h825svv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📜 Clawdis

Comments