Web3Dropper Verified Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s identity-management code is mostly purpose-aligned, but its package identity metadata does not match the registry entry and it handles persistent unencrypted private keys and signed identity proofs.
Review this carefully before installing. The functionality matches a Billions/Iden3 identity tool, but confirm the package identity mismatch first, do not import valuable wallet private keys, protect $HOME/.openclaw/billions, and only sign or link challenges for recipients you trust.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may not be reviewing or installing the same package identity that the registry entry appears to describe.
The provided registry metadata identifies the evaluated skill as slug `web3dropper-verified-agent` version `1.0.0`, while the packaged _meta.json identifies a different slug and version. README.md also instructs installing `verified-agent-identity`, adding package provenance ambiguity.
"slug": "verified-agent-identity", "version": "0.0.7"
Confirm the publisher, slug, version, and install target before installing; the package metadata should be made consistent across registry metadata, _meta.json, SKILL.md, README, and package.json.
Anyone or anything that can read this file may be able to use the agent’s DID private key and impersonate that identity.
The skill creates or imports Ethereum private keys for agent identity and persists them locally unencrypted. The code writes JSON files via fs.writeFile/rename but does not show explicit chmod or encryption.
`kms.json` | Private keys (unencrypted, owner-readable only)
Only use this on a trusted machine/account, avoid importing valuable wallet keys, restrict filesystem permissions on $HOME/.openclaw/billions, and prefer encrypted key storage.
When invoked, the skill can send signed identity material or verification links to another OpenClaw target.
The skill uses a local external CLI to send direct messages containing signed tokens or verification links. The command is hardcoded and uses execFileSync without shell interpolation, which reduces command-injection risk, but users should notice the messaging authority.
execFileSync("openclaw", ["message", "send", "--target", target, "--message", safeMessage])Approve signing/linking requests only when you recognize the recipient and challenge; do not let untrusted prompts choose the message target.
Installation and use may require npm dependency installation and the OpenClaw CLI even though the registry metadata does not surface that requirement.
The skill itself declares Node and OpenClaw requirements and README instructs `npm install`, but the registry requirements section says no required binaries and no install spec. This is an under-declared runtime/install requirement rather than hidden behavior.
metadata: { "clawbot": { "requires": { "bins": ["node", "openclaw"] } }}Review scripts/package.json and package-lock.json before running npm install, and ensure OpenClaw CLI use is expected.