private computation

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill is a privacy-framework document, but it encourages use with sensitive credentials while making strong zero-knowledge and compliance claims that are not substantiated by the provided artifacts.

Treat this as a review-required privacy/security framework rather than a verified zero-knowledge system. Before installing, inspect the npm package source, pin the version, verify the claimed protections, and avoid using real medical, financial, or production credentials until the implementation has been independently reviewed.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI09: Human-Agent Trust Exploitation

What this means

A user could over-trust the framework for medical, financial, or regulated data before the advertised protections actually exist or are verifiable from the artifacts.

Why it was flagged

The artifact markets strong privacy/compliance capabilities for sensitive tasks, but the architecture labels major zero-knowledge and TEE pieces as future work.

Skill content

**Zero-Knowledge Execution for Sensitive Agent Tasks** ... **GDPR & HIPAA Compliant** ... Crypto Layer (Future) ... zk-SNARKs ... TEE

Recommendation

Do not rely on the zero-knowledge, TEE, HIPAA, GDPR, or compliance claims without independently reviewing the actual package implementation, documentation, and audits.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users would be trusting an external package to implement the privacy and secret-handling behavior.

Why it was flagged

The provided skill has no code files or install spec, so real functionality depends on an external npm package that was not included in the scanned artifacts.

Skill content

npm install openclaw-private-computation

Recommendation

Review and pin the npm package version before installing, and inspect the package source and lockfile before giving it secrets.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If used, the framework may hold credentials that allow access to sensitive third-party accounts and services.

Why it was flagged

The documented API stores and retrieves API keys, including examples for LLM, medical, and bank credentials.

Skill content

await agent.setSecret('OPENAI_API_KEY', 'sk-...'); ... const bankKey = await agent.getSecret('BANK_API_KEY');

Recommendation

Use least-privilege keys, avoid production or regulated credentials until reviewed, and revoke keys if you stop using the package.

Medium

#ASI06: Memory and Context Poisoning

What this means

Secrets and audit metadata may remain on disk and may be reused across tasks depending on how the package is configured.

Why it was flagged

The framework documents persistent local storage for encrypted secrets and audit-related state.

Skill content

storagePath: string,  // Default: ~/.openclaw ... masterKey: string     // Auto-generated if not provided

Recommendation

Choose a controlled storage path, understand master-key handling and audit retention, and delete stored secrets when no longer needed.