Verified Agent Identity

ReviewAudited by ClawScan on May 11, 2026.

Overview

The skill is purpose-aligned for decentralized agent identity, but it deliberately handles private keys and sends signed pairing data to Billions services, so users should configure it carefully.

Before installing, decide whether you trust the Billions identity flow and its npm dependencies. If you use it, set BILLIONS_NETWORK_MASTER_KMS_KEY before creating or importing identities, lock down ~/.openclaw/billions permissions, and never import a wallet key that controls funds.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone who can read the local kms.json file may be able to impersonate the agent identity; if the user imports an asset-holding Ethereum key, the impact could extend beyond agent identity.

Why it was flagged

The skill stores agent private keys locally and falls back to raw plaintext storage when BILLIONS_NETWORK_MASTER_KMS_KEY is not set. This is disclosed and purpose-aligned, but private keys are high-impact identity credentials.

Skill content

if (masterKey) { ... provider: "encrypted", data: { alias, key: encryptKey(privateKeyHex, masterKey), createdAt } ... } ... provider: "plain", data: { alias, key: privateKeyHex, createdAt }

Recommendation

Set BILLIONS_NETWORK_MASTER_KMS_KEY before creating or importing keys, restrict permissions on ~/.openclaw/billions, and use only a dedicated no-assets identity key.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

The Billions service can receive pairing-request details, including the signed identity proof and challenge content such as the agent name and description.

Why it was flagged

The linking flow sends an authorization request containing a callback with the signed JWS to a fixed Billions URL-shortener service. This is expected for the verification workflow, but it is an external data flow.

Skill content

const callback = callbackBase + jws; ... await fetch(`${urlShortener}/shortener`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(message) })

Recommendation

Only include intended pairing information in the challenge, and use the skill when you are comfortable relying on the Billions identity services.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the skill's dependencies runs standard npm package installation and adds third-party code to the local environment.

Why it was flagged

The skill requires a user-directed npm install step to fetch Node dependencies. This is normal for this Node-based CLI skill, and a package-lock is included, but users should still recognize that third-party packages are installed.

Skill content

cd scripts && npm install && cd ..

Recommendation

Install from a trusted source, keep the package-lock intact, and review dependency updates before running identity or key-management commands.