Back to skill
Skillv1.0.5
ClawScan security
Agent Identity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 6:13 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions implement a local cryptographic identity tool consistent with its description; there are a few minor inconsistencies/bugs to check but no signs of network exfiltration or unrelated credential access.
- Guidance
- This skill appears to do what it says: create and manage local cryptographic keys for an AI agent. Before installing: (1) verify the missing PowerShell wrapper if you need the Windows flow or use the provided Python CLI instead; (2) don't pass private-key passwords on the command line in production — use interactive input or environment-secure methods; (3) test RSA workflows (signing agent cards) because identity.py currently uses a generic private_key.sign call that may fail for RSA keys; (4) protect the keys/ directory with proper file permissions and backups; (5) review the small code bundle yourself if you need to ensure there are no changes (no network calls are present). If any of these issues worry you, run the tool in an isolated environment or request an updated release that fixes the RSA signing and includes the promised PowerShell wrapper.
Review Dimensions
- Purpose & Capability
- okName/description (agent identity, sign/verify) matches the shipped Python CLI: key generation, signing, verification, agent ID and signed agent card. Required binary (python) and dependency (cryptography) are appropriate. Minor inconsistencies: SKILL.md references a PowerShell wrapper (agent-identity.ps1) that is not present in the bundle and the SKILL.md metadata/homepage are generic; version strings differ between metadata and registry. These are implementation quirks, not indicators of mismatched purpose.
- Instruction Scope
- noteSKILL.md instructs only local key generation and signature operations and warns about insecure CLI password usage — scope stays within the stated purpose. Two issues to be aware of: (1) the PowerShell wrapper is referenced but not included, so the recommended Windows flow may be missing; (2) in identity.py the sign_agent_card() function calls private_key.sign(card_json) without handling RSA signing parameters (padding/hash), which will work for Ed25519 but likely raises errors for RSA keys — a functional bug rather than malicious behavior.
- Install Mechanism
- okThere is no download/install script; SKILL.md simply instructs installing the standard 'cryptography' Python package via pip. No remote URLs, archive extraction, or third-party installers are used in the skill bundle.
- Credentials
- okThe skill requests no environment variables or external credentials. It stores keys in a local 'keys/' directory; SKILL.md warns about file permissions and password handling. Requested scope of access (local filesystem for keys) is proportionate to the stated function.
- Persistence & Privilege
- okThe skill does not request always: true or any elevated/platform-wide privileges. It does not modify other skills or system configs. Default autonomous invocation is allowed (platform default) but the skill itself performs only local operations.