📦 Verified Agent Identity — 实用工具
v0.1.0用于 agents. Link agents human identities 使用 Billions ERC-8004 和 Attestation Registries. Verify 和 生成 authentic...
1· 266·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
high confidenceThe skill's instructions ask you to run Node scripts and npm install to generate and store private keys, but no script files are packaged with the skill — this mismatch plus the npm install instruction (which can execute arbitrary code) is a red flag.
评估建议
Do not run the advised commands or `npm install` until you can verify the actual script files and package.json. Specifically: (1) Ask the skill author or the registry for the complete code bundle (scripts and package.json) or a trusted published release (e.g., GitHub repo and commit/release tarball). (2) Inspect package.json and the referenced .js files for network endpoints, npm postinstall scripts, or any code that writes or exfiltrates keys. (3) If you must test, do so in an isolated sandbox/...详细分析 ▾
⚠ 用途与能力
The skill claims to provide scripts (createNewEthereumIdentity.js, linkHumanToAgent.js, etc.) to manage DIDs, which matches the stated purpose. However, the package contains no code files — only SKILL.md — so the claimed capabilities are not actually present in the bundle. Requiring the node binary is appropriate for the stated purpose, but the absence of the referenced scripts is a concrete incoherence.
⚠ 指令范围
The runtime instructions direct the agent (or user) to run `cd scripts && npm install && node scripts/...` and to create and store private keys under $HOME/.openclaw/billions. These actions involve creating and handling sensitive cryptographic material and performing network interactions (registry/attestation), and the docs forbid manual mitigation — but the actual script files are not included. The instructions also omit explicit network endpoints and do not show how tokens/attestations are transmitted, reducing transparency.
⚠ 安装机制
There is no formal install spec in the registry, yet the SKILL.md tells users to run `npm install` inside a scripts directory. Running `npm install` can execute arbitrary package scripts (postinstall, etc.), which is a high-risk operation unless you can inspect the package.json and node_modules. Because no code/package files are shipped with the skill manifest, it's unclear what would be installed or from where — this is disproportionate and risky.
ℹ 凭证需求
The skill does not request any environment variables or external credentials (which is appropriate). However, it generates and persists private keys and DID material under $HOME/.openclaw/billions, which is sensitive. The skill's lack of declared credentials is consistent, but the local storage of cryptographic keys is a security-sensitive behavior users should be aware of.
ℹ 持久化与权限
The skill persists identity material and challenges to $HOME/.openclaw/billions. It does not set always:true and does not request system-wide privileges, which is good, but persistent private key storage in the user's home directory increases the blast radius if the scripts are malicious or vulnerable.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install verified-agent-identity-6
镜像加速npx clawhub@latest install verified-agent-identity-6 --registry https://cn.longxiaskill.com