Agent Identity Kit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-identity-kit Version: 1.0.0 The skill's primary purpose is to create and validate agent identity cards. It is classified as suspicious due to the `scripts/validate.sh` file, which dynamically installs `ajv-cli` via `npx` and `jsonschema` via `pip install` if they are not already present. While these are legitimate tools for schema validation, this practice introduces a supply chain risk by downloading and executing code from external package repositories (npm, PyPI) without explicit user confirmation, which could be exploited if the upstream packages were compromised. No clear evidence of intentional malicious behavior such as data exfiltration, persistence, or direct prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the validator is run on a maliciously named file or schema path on a system that uses the Python fallback, arbitrary Python commands could run as the user.
The file and schema paths are caller-controlled shell variables that are interpolated into a Python program string, so a crafted path containing Python string-breaking characters could alter code executed by the Python fallback.
FILE="${1:-}" ... SCHEMA="${2:-$REPO_ROOT/schema/agent.schema.json}" ... python3 -c "... with open('$SCHEMA') as f: ... with open('$FILE') as f:"Pass paths to Python via sys.argv or environment variables instead of interpolating them into python -c source, and avoid validating files with attacker-controlled path names until this is fixed.
First-time validation may download and run third-party package code, which can affect the local environment and depends on package-registry integrity.
The validator can fetch validation dependencies from npm or PyPI at runtime without pinned versions or a lockfile.
if npx ajv-cli validate -s "$SCHEMA" -d "$FILE" --spec=draft7; then ... subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'jsonschema', '-q'])
Declare and pin validator dependencies, prefer an explicit install step or lockfile, and ask for confirmation before installing packages automatically.