Skillv1.0.0

ClawScan security

Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 5:04 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements align with its stated purpose (creating and managing DIDs on the Billions Network); the main operational risks are storing private keys on disk by default and making network calls to project-controlled endpoints, both of which are documented by the skill.
Guidance: This skill appears to implement what it claims: DID creation, signing, linking, and verification for the Billions Network. Before installing, review and accept the following tradeoffs and steps: 1) Private key storage: by default keys are written to $HOME/.openclaw/billions/kms.json in plain hex unless you set BILLIONS_NETWORK_MASTER_KMS_KEY — if you plan to use this skill for production or on shared machines, set that env var (or use secure skill config) to enable per-key AES-256-GCM encryption. 2) Key import: avoid passing raw private keys on the command line (--key) on multi-user systems or where process lists/shell history can leak secret material; prefer creating keys locally in a secure environment or using the KMS option. 3) Network endpoints: the code contacts resolver.privado.id and several billions.* domains including a URL shortener and attestation-relay; confirm you trust those services and review constants.js for callback/relay endpoints. 4) Dependency install: npm install will pull multiple crypto libraries from the public registry; consider running installs in an isolated container or VM if you want to mitigate supply-chain risks. 5) If you need stricter guarantees, audit the included scripts (especially storage and network logic) and run the tool in an isolated environment or with dedicated, air-gapped key handling. Overall the skill is consistent with its declared purpose, but you should explicitly configure KMS encryption and avoid passing secrets on the command line before use.

Review Dimensions

Purpose & Capability: okThe name/description (verified agent identity / Billions network) matches the included scripts and package.json: scripts create DIDs, sign challenges, build attestations, list identities, and verify signatures. Required binary is only node, which is appropriate for the Node.js scripts. No unrelated credentials or binaries are requested.
Instruction Scope: noteThe SKILL.md and README clearly instruct running the included Node scripts and declare that identity data is stored under $HOME/.openclaw/billions. The instructions forbid manual cryptographic work and direct the agent to only use the provided scripts. Scripts perform network calls only to documented, project-related hosts (resolver.privado.id, billions.network, identity-dashboard.billions.network, wallet.billions.network, attestation-relay.billions.network). This is within scope, but note that user-supplied private keys can be passed on the command line and keys are persisted to disk by default (see environment_proportionality).
Install Mechanism: noteNo remote/extractive installer is included; the skill is instruction+script based and relies on running npm install in the scripts directory. Dependencies are from npm (package-lock references registry.npmjs.org) and include standard identity/crypto libraries. That is expected for crypto/DID tooling but increases dependency surface compared to an instruction-only skill.
Credentials: concernThe skill requests no required environment variables but documents an optional BILLIONS_NETWORK_MASTER_KMS_KEY to enable AES-256-GCM encryption of stored private keys. If that env var is NOT set, private keys in kms.json are stored as plaintext hex. The scripts also accept a --key parameter to import a private key (passing keys on CLI arguments can leak via process lists or shell history). These behaviors are coherent with the feature set but are sensitive and require the user to opt into secure configuration; they are not forced by the skill.
Persistence & Privilege: okThe skill persists data under $HOME/.openclaw/billions (its own directory) and does not request always:true or attempt to modify other skills' configs. It creates and manages keys and identity files in that directory, which is consistent with its purpose.