Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Aip Identity
v1.6.0Digital identity, authentication, and trust for AI agents. Verify who an agent is, prove your own identity, sign skills to prove authorship, send encrypted m...
⭐ 0· 1.3k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (agent identity, signing, encrypted messaging, vouching) matches the included code and API docs: the script implements registration, signing, vouching, messaging, key rotation, and talks to an external AIP service. However there are small mismatches: SKILL.md claims an AIP_CREDENTIALS_PATH env var for customizing credential storage which the included script does not actually read, and the SKILL.md/PyPI version string (v0.5.21) doesn't match the registry metadata (v1.6.0). These doc/code inconsistencies reduce confidence in maintenance but do not by themselves indicate malicious intent.
Instruction Scope
The runtime instructions and the script instruct reading and writing a local credentials JSON (private key stored unencrypted) and contacting the external service at https://aip-service.fly.dev. The script's credential lookup (_find_creds_file) searches several locations including ~/.openclaw/workspace/credentials which could allow the skill to read credentials placed for other agent tooling; that path is unrelated to the stated purpose and is surprising. The script will also write aip_credentials.json into the working directory (potentially overwriting). The SKILL.md suggests an env var for custom credential path that is not implemented, which is inconsistent with the code's actual lookup behavior.
Install Mechanism
There is no install spec included (instruction-only with one script). SKILL.md advertises a PyPI package and a CLI ('pip install aip-identity' → 'aip'), but the skill bundle contains only scripts/aip.py and no packaged installer; the PyPI claim should be verified independently. No external download URLs are embedded in the install metadata itself (low install mechanism risk), but running the script will contact the external AIP service.
Credentials
The skill requests no declared environment variables, but the script honors AIP_SERVICE_URL for the API base (reasonable) and searches for credential files in multiple locations including an .openclaw workspace path. Looking into another workspace's credential locations is disproportionate for a local identity CLI and could cause accidental access to other tooling's files. The script writes a local JSON containing the private key (expected for key storage) and will overwrite the output file without prompting. SKILL.md mentions AIP_CREDENTIALS_PATH to control location, but the script does not read that env var — a mismatch that affects how credentials are chosen and stored.
Persistence & Privilege
The skill does not request always: true, does not alter other skills, and has no install routine that persists itself system-wide. It does persist private keys to disk (a normal behavior for identity tools) and may overwrite aip_credentials.json in the working directory; this file persistence is expected for key management but is something you must manage carefully (backup, secure permissions).
What to consider before installing
Before installing or running this skill: 1) Verify the service and source links (https://aip-service.fly.dev and the GitHub/PyPI project) independently — the SKILL.md claims a PyPI package and GitHub repo that you should confirm match the code you received. 2) Be aware the tool will create a local JSON containing your private key (aip_credentials.json by default) and may overwrite that file in the current directory; store and secure backups and set restrictive file permissions. 3) The script will look for existing credentials in several paths including ~/.openclaw/... which could read unrelated workspace credentials — if you have sensitive files there, avoid running the script or move them first. 4) Prefer the --secure registration path (generating keys locally) and avoid the deprecated /register/easy mode that returns server-generated private keys. 5) If you plan to use this in an automated agent, consider the external AIP service URL: set AIP_SERVICE_URL to a host you trust, or audit the server behavior; the code will communicate with that external endpoint for registration, vouching, messaging, and signature publishing. 6) The docs and code have minor inconsistencies (env var, version); if you need high assurance, request the canonical source repository or a signed release and review the full script in that repository before trusting the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk970x84aqazq8jx9m769mnzjsn81506v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.