Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Web3Dropper Verified Agent
v1.0.0Billions/Iden3 authentication and identity management tools for agents. Link, proof, sign, and verify.
⭐ 1· 264·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Billions/iden3 DID management) aligns with the included Node scripts and the declared runtime (node + openclaw). Required binaries and storage path ($HOME/.openclaw/billions) match the stated purpose.
Instruction Scope
SKILL.md and scripts direct the agent/user to run npm install and several node scripts that create keys, sign challenges, build pairing URLs, and send messages via the openclaw CLI. These actions are within the identity/verification scope, but the pairing URL encodes signed JWS tokens (created locally) and the scripts will transmit those tokens to an external attestation-relay URL when the human follows the link.
Install Mechanism
There is no automated installer; the README/SKILL.md instructs running npm install in the scripts directory. Dependencies are standard npm packages from public registries (listed in package.json/package-lock). No arbitrary archive downloads or obscure install URLs are used.
Credentials
The skill requests no environment variables or external credentials. However, it persistently stores cryptographic private keys unencrypted in $HOME/.openclaw/billions/kms.json (explicit in code/README), which is a sensitive capability. The code also contacts several Billions/iden3 endpoints (rpc-mainnet.billions.network, attestation-relay.billions.network, resolver.privado.id) — the pairing flow will expose signed tokens to those services as part of the protocol.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It persists state under the user's home directory (intended for DID/key storage), which is appropriate for an identity manager but is a persistent, sensitive artifact.
Assessment
This skill appears to do what it says (create/manage DIDs, sign/verify challenges and produce pairing links), but take these precautions before installing or running it:
- Trust the remote services: the pairing flow constructs a callback URL that includes a signed JWS and points to attestation-relay.billions.network (and the code queries resolver.privado.id). If you don't trust those endpoints, do not use the pairing flow.
- Protect private keys: the skill stores private keys unencrypted in $HOME/.openclaw/billions/kms.json. Treat that directory as highly sensitive. If you require stronger protection, do not create new keys here; instead use an existing key managed in a secure KMS/HSM and understand how (or if) the scripts import/leave keys on disk.
- Validate the openclaw binary: the code executes openclaw via execFileSync. Ensure openclaw on PATH is the official, trusted CLI (an attacker could replace that binary).
- Review and test in isolation: run the scripts in a sandbox or throwaway account first to observe network requests and generated files. Inspect the generated pairing URL before opening it in a browser.
- If you need stricter guarantees: consider modifying the storage layer to encrypt keys at rest or integrate a hardware wallet/KMS, or consult the skill author for an encrypted-storage option.
If these risks are acceptable and you trust Billions/iden3 and the openclaw CLI, the skill is coherent with its stated purpose; otherwise treat it as potentially sensitive and test in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk976k1zqe4fh3rdsqn00kp0fn182g5t6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.