Skill Trust Decision

xclaw-skill

Name: xclaw-skill Trust Review Report
Item: xclaw-skill
Rating: 60
Author: ClawSafe

Agent network registration tool with legitimate functionality but undocumented private key storage in plaintext and deceptive endpoint registration data that doesn't match the claimed behavior.

Install decision first Source: Manual upload Scanned: Apr 3, 2026

Files 5

Artifacts 8

Violations 0

Findings 3

Why this conclusion was reached

0/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review

Hidden execution and egress

8 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

What drove the risk score up

Undocumented credential storage +15

SKILL.md does not disclose that Ed25519 private key is stored in plaintext at ~/.xclaw/config.json

Deceptive registration data +15

endpoint_url set to 'local://${agentName}' - fake URL not representing actual endpoint

No encryption at rest +10

Private cryptographic key stored unencrypted, enabling credential theft if file is accessed

Most important evidence

Medium Sensitive Access

Undocumented private key storage in plaintext

Ed25519 private key generated during registration is stored unencrypted at ~/.xclaw/config.json. SKILL.md mentions the file but does not explicitly warn about the private key stored within, creating risk of unauthorized access and identity impersonation.

src/index.js:35

Add clear warning in SKILL.md that ~/.xclaw/config.json contains unencrypted private key. Recommend chmod 600 permissions or add note about key rotation.

Medium Doc Mismatch

Fake endpoint URL in registration payload

Registration sends 'endpoint_url': 'local://${agentName}' which is a non-existent local protocol. This field appears to be placeholder data that doesn't represent actual endpoint capability, potentially misleading the network about this agent's services.

src/index.js:52

Either remove this field if unnecessary, use actual URL if service is exposed, or document why 'local://' protocol is used.

Low Doc Mismatch

Missing allowed tools declaration

SKILL.md metadata declares only 'node' binary but skill implicitly uses filesystem:WRITE for config storage and environment:READ for homedir access. These implicit capabilities should be declared.

SKILL.md:8

Document that skill reads from and writes to ~/.xclaw/config.json for credential persistence.

Declared capability vs actual capability

Filesystem Pass

Declared READ

→

Inferred WRITE

src/index.js:35 - fs.writeFileSync writes to ~/.xclaw/config.json

Network Pass

Declared READ

→

Inferred WRITE

HTTP POST to /v1/agents/register, WebSocket messaging - all documented

Environment Pass

Declared NONE

→

Inferred READ

src/index.js:6 - os.homedir() used to construct config path

Suspicious artifacts and egress

Medium External URL

https://img.shields.io/badge/version-1.0.0-blue.svg

README.md:10

Medium External URL

https://img.shields.io/badge/node-%3E%3D18.0.0-green.svg

README.md:11

Medium External URL

https://nodejs.org

README.md:11

Medium External URL

https://img.shields.io/badge/license-MIT-orange.svg

README.md:12

Medium External URL

https://custom-server.com

README.md:116

Medium External URL

https://xclaw.network

README.md:147

Medium External URL

https://your-server.com

README.md:265

Medium External URL

https://registry.npmmirror.com/ws/-/ws-8.20.0.tgz

package-lock.json:20

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
ws	`8.20.0`	npm	No	Version pinned in lockfile

File composition

5 files · 1438 lines

Markdown 2 files · 723 linesJavaScript 1 files · 646 linesJSON 2 files · 69 lines

Files of concern · 4

src/index.js JavaScript · 646 lines

Undocumented private key storage in plaintext · Fake endpoint URL in registration payload

README.md Markdown · 550 lines

https://img.shields.io/badge/version-1.0.0-blue.svg · https://img.shields.io/badge/node-%3E%3D18.0.0-green.svg · https://nodejs.org · https://img.shields.io/badge/license-MIT-orange.svg · https://custom-server.com · https://xclaw.network · https://your-server.com

SKILL.md Markdown · 173 lines

Missing allowed tools declaration

package-lock.json JSON · 40 lines

https://registry.npmmirror.com/ws/-/ws-8.20.0.tgz

Other files · package.json

Security positives

No evidence of data exfiltration beyond declared xclaw.network endpoints

No credential harvesting - keys generated locally

No obfuscated code or base64 execution chains

WebSocket communication limited to messaging features

Single dependency (ws) from legitimate npm registry with pinned version

No reverse shell, C2, or persistence mechanisms detected