中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
verified-agent-identity
Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries.
Documentation-only identity skill with no implementation scripts; describes legitimate decentralized identity functionality without any malicious behavior or hidden functionality.
Skill Nameverified-agent-identity
Duration35.0s
Enginepi
Safe to install
This skill is a documentation-only package with no actual implementation code. If deploying, ensure the referenced scripts are included and verified.

Findings 2 items

Severity Finding Location
Low
Incomplete skill package Doc Mismatch
SKILL.md describes scripts (createNewEthereumIdentity.js, linkHumanToAgent.js, etc.) that do not exist in the package. This is a documentation-only skill without implementation.
node scripts/createNewEthereumIdentity.js
→ Ensure all referenced scripts are included before deploying this skill.
 SKILL.md:1
Info
Documented key storage location Sensitive Access
The skill documents storing private keys in $HOME/.openclaw/billions/kms.json. Without BILLIONS_NETWORK_MASTER_KMS_KEY, keys are stored in plaintext. This is necessary for identity functionality and is clearly documented.
kms.json - CRITICAL: Contains private keys (encrypted if BILLIONS_NETWORK_MASTER_KMS_KEY is set, otherwise in plaintext)
→ Document this behavior is expected and required for the identity feature. Users should set BILLIONS_NETWORK_MASTER_KMS_KEY for production use.
 SKILL.md:68
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No scripts to analyze - skill describes file operations but implementation is mi…
Shell NONE NONE SKILL.md references node commands but no scripts exist
Network NONE NONE Describes blockchain API interactions but no implementation code
Environment NONE NONE References BILLIONS_NETWORK_MASTER_KMS_KEY but no code to access it
1 findings
🔗
Medium External URL 外部 URL
https://billions.network/
SKILL.md:5

File Tree

1 files · 8.2 KB · 219 lines
Markdown 1f · 219L
└─ 📝 SKILL.md Markdown 219L · 8.2 KB

Security Positives

✓ Comprehensive guardrails documented in Restrictions section
✓ Clear identity verification workflow without shortcuts
✓ No obfuscated code or base64-encoded payloads
✓ No credential exfiltration or data theft patterns
✓ No network IOCs pointing to suspicious infrastructure
✓ No eval(), exec(), or subprocess calls in non-existent code
✓ Explicit prohibition on manual cryptographic operations