Back to skill
Skillv1.0.0
ClawScan security
Verified Agent Identity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 6:18 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and network usage align with its stated purpose (creating, signing, and verifying decentralized identities) and its requested resources are proportionate, but you should be aware of how and where private keys are stored and which external services it calls.
- Guidance
- This skill appears coherent with its identity management purpose, but before installing: 1) Review and trust the upstream project (billions.network and identity-dashboard.billions.network) because the scripts call those domains and a URL shortener endpoint. 2) Decide how to protect private keys: set BILLIONS_NETWORK_MASTER_KMS_KEY (via OpenClaw skill config or environment) to enable AES-256-GCM encryption; otherwise keys are stored in plaintext under $HOME/.openclaw/billions/kms.json. 3) Inspect package.json / package-lock.json before npm install and consider running installs in an isolated environment (container or VM). 4) Only provide existing private keys if you understand the implications (they grant control of the DID). 5) Note the minor metadata mismatch: SKILL.md documents an optional env var but the registry lists no required env vars — treat the env var as optional but highly recommended for security. If you want greater assurance, request the skill source provenance (who published it) or run the scripts in a sandbox and inspect the created files before using them in production.
Review Dimensions
- Purpose & Capability
- okName/description (Billions Network, ERC-8004, iden3) match the provided scripts: DID creation, signing, challenge generation, attestation construction, DID resolution, and wallet deep-link creation. Required binary (node) is appropriate. No unrelated credentials or binaries are requested.
- Instruction Scope
- noteSKILL.md instructs running npm install and node scripts in the included scripts/ folder; those scripts create, sign, and verify DIDs and persist data under $HOME/.openclaw/billions as documented. The instructions prohibit manual cryptographic work and direct the agent to follow provided scripts only. Note: the scripts perform network calls (resolver.privado.id, identity-dashboard.billions.network, rpc-mainnet.billions.network) and will write private keys to disk (kms.json) unless a master KMS key is configured.
- Install Mechanism
- noteThere is no automated install specification; the SKILL.md asks the user to run npm install in scripts/, which will fetch npm packages listed in package.json/package-lock.json. Dependencies appear to be established identity libraries (polygonid, iden3, ethers, uuid) from the npm registry with pinned versions in package-lock. This is expected but carries the usual npm dependency risks.
- Credentials
- noteRegistry metadata lists no required env vars, while SKILL.md exposes an optional BILLIONS_NETWORK_MASTER_KMS_KEY for at-rest encryption of private keys. That optional env var is sensible for this skill but is not declared as required in the registry. If the master key is not set, private keys are stored as plaintext hex in $HOME/.openclaw/billions/kms.json — a security risk the README and code explicitly call out.
- Persistence & Privilege
- okalways:false and the skill stores data only under $HOME/.openclaw/billions (its own directory). It does not request system-wide config modification or other skills' credentials. Autonomous invocation is allowed by default (disable-model-invocation:false) which is normal for skills.