Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Web3dropper Crypto Price Skill
v1.0.0Billions/Iden3 authentication and identity management tools for agents. Link, proof, sign, and verify.
⭐ 0· 237·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Registry name/summary ('Web3dropper Crypto Price Skill') suggests a simple Binance price fetcher, but the repository and SKILL.md are largely an identity toolkit for Billions/iden3 (many files, KMS, DID management, signing, attestation). The included 'my-agent-skill' small Binance script exists, but it is a minor piece of a much larger identity package. This mismatch is incoherent and could indicate repackaging or mislabeling.
Instruction Scope
Runtime instructions tell the agent to run npm install and multiple scripts that create/import private keys, sign challenges, build authorization requests and call openclaw to send messages containing signed JWS/callback URLs. Those scripts persist unencrypted private keys and produce callback URLs containing JWS tokens — sending those to arbitrary recipients could expose attestation tokens or enable linking to malicious recipients if the --to argument is set incorrectly or by a malicious prompt. The SKILL.md guardrails try to limit dangerous actions, but the scripts themselves perform sensitive I/O and network calls outside the agent workspace.
Install Mechanism
No formal install spec is provided in the registry (instruction-only), but SKILL.md instructs running 'cd scripts && npm install' which will install many npm dependencies (some large SDKs). Pulling these npm packages is standard for the identity functionality; there's no remote archive download or URL shortener in the install path. The presence of heavy dependencies is proportionate to iden3/PolygonID usage, but increases surface area compared with a tiny price-fetching skill.
Credentials
The skill requests no environment variables, but writes and reads sensitive cryptographic material to $HOME/.openclaw/billions (kms.json with privateKeyHex stored in plaintext). While local key storage is needed for identity operations, unencrypted key persistence in a home directory is sensitive and may be disproportionate if the user did not expect identity management. The scripts also contact RPC and relay endpoints (rpc-mainnet.billions.network and attestation-relay.billions.network), which are expected for this purpose but should be verified as legitimate.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It creates persistent files under $HOME/.openclaw/billions (kms.json, identities.json, challenges.json, defaultDid.json). Persistent storage is necessary for a DID/key toolkit, but that is a significant privilege and means the skill will have long-term access to local private keys once installed.
What to consider before installing
Be cautious before installing. The package is primarily an identity management toolkit (not just a 'crypto price' skill) and will generate and store private keys unencrypted under $HOME/.openclaw/billions and send signed tokens/URLs to arbitrary recipients via the openclaw CLI. If you only want a Binance price fetcher, do not install this package. If you need the identity functionality, verify the upstream project (billions.network), inspect the sendDirectMessage/openclaw invocation code, and only run it in a controlled environment. Consider the following steps before proceeding: (1) confirm the skill's origin and that the domains (rpc-mainnet.billions.network, attestation-relay.billions.network, wallet.billions.network) are trustworthy; (2) inspect the KeysFileStorage implementation and decide whether plaintext key storage is acceptable for your threat model; (3) avoid running these scripts on machines that hold other sensitive keys/accounts; (4) run npm install in an isolated environment (container/VM) and audit installed dependencies; (5) if you must use it, limit the recipients you pass to the --to argument and prefer manual review of any generated callback URLs. If you want help locating the specific lines that write/read kms.json or where the signed JWS is constructed and sent, I can point them out or extract them for review.Like a lobster shell, security has layers — review code before you run it.
latestvk97bf2ex7rb1ndpv5x5t6dj8cn82gz16
License
MIT-0
Free to use, modify, and redistribute. No attribution required.