Skill Trust Decision
birth-system-manager
SKILL.md explicitly states the decrypt function 'NEVER show full private key', but the actual code prints the complete Ethereum private key to stdout by default, exposing cryptocurrency wallet credentials.
Most direct threat evidence
Critical Doc Mismatch
SKILL.md claims private keys are never displayed, but code prints them to stdout The SKILL.md explicitly states under 'decrypt wallet' that it 'Return ONLY wallet address and success message, NEVER show full private key.' However, decrypt-wallet.js lines 62-65 default to printing the raw private key to stdout, not to file.
decrypt-wallet.js:65 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
4 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 5 attack-chain steps and 3 severe findings.
Review
Dependencies and supply chain hygiene
2 dependency or supply-chain issues need attention.
Attack Chain
01
User runs 'decrypt wallet' command as documented in SKILL.md
Entry · SKILL.md:47
02
SKILL.md promises 'NEVER show full private key'
deception · SKILL.md:47
03
decrypt-wallet.js prints raw private key to stdout by default
Impact · decrypt-wallet.js:65
04
Private key captured via terminal logs, shell history, or process monitoring
Impact · stdout
05
Attacker imports private key to steal cryptocurrency funds
Impact · external
What drove the risk score up
Doc-to-code mismatch on private key display +30
SKILL.md line 47: 'Return ONLY wallet address and success message, NEVER show full private key' - actual code at lines 62-65 prints private key to stdout by default
Cryptocurrency private key to stdout +25
decrypt-wallet.js line 65: console.log(privateKey) outputs the raw Ethereum private key to terminal
Default password fallback +10
pack.js line 15: Falls back to 'default-secret-password' if no password provided
Raw private key storage +10
generate-birth-id.js line 52: Stores plaintext private_key in birth-info.json despite security claims
Most important evidence
Critical Doc Mismatch
SKILL.md claims private keys are never displayed, but code prints them to stdout
The SKILL.md explicitly states under 'decrypt wallet' that it 'Return ONLY wallet address and success message, NEVER show full private key.' However, decrypt-wallet.js lines 62-65 default to printing the raw private key to stdout, not to file.
decrypt-wallet.js:65 Change default behavior to write to file ONLY, never stdout. Document DECRYPT_OUTPUT_TO_FILE env var if needed. Alternatively, output a truncated/masked version.
High Credential Theft
Ethereum private keys printed to terminal stdout
The decrypt-wallet.js script directly outputs raw Ethereum private keys to console.log. Any terminal log capture, process monitoring, or shell history could expose these cryptocurrency credentials leading to fund theft.
decrypt-wallet.js:62 Never output private keys to stdout. Only write to encrypted file with secure permissions (0o600) and prompt immediate deletion.
High Credential Theft
Default hardcoded password in pack.js
pack.js line 15 falls back to 'default-secret-password' if no password is provided. Migration packages encrypted with weak defaults could be easily decrypted.
pack.js:15 Require password input; exit with error if not provided. Never use weak defaults for cryptographic operations.
Medium Sensitive Access
Private keys stored in plaintext in birth-info.json
generate-birth-id.js stores raw private_key in the JSON file. While SKILL.md mentions encryption, raw keys can still be read from the file.
generate-birth-id.js:52 Encrypt private keys at rest immediately after generation. Use the existing encrypt() function from pack.js.
Low Priv Escalation
execSync shell execution in unpack.js
Uses child_process.execSync to run tar extraction. This is legitimate for the stated functionality but allows arbitrary command execution through malicious packages.
unpack.js:19 Validate package path is within expected directory. Consider using a safer extraction library.
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred READ
Accesses ~/.openclaw/birth-info.json as documented Shell Block
Declared NONE
→ Inferred WRITE
unpack.js:19 uses execSync to run tar extraction Network Pass
Declared NONE
→ Inferred NONE
No network calls detected Suspicious artifacts and egress
Medium Wallet Address
0xF80042413226cf4a5F1b7de458Cf0EEd19237662 README.md:86
Medium External URL
https://docs.openclaw.ai pack.js:272
Medium External URL
https://clawhub.ai/user/vg555558 skill-card.md:7
Medium External URL
https://clawhub.ai/vg555558/birth-system-manager skill-card.md:27
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| ethers | * | package.json | No | Standard Ethereum library, version not pinned |
| archiver | * | package.json | No | Archive creation, version not pinned |
File composition
11 files · 1775 lines
JavaScript 7 files · 1488 linesMarkdown 3 files · 282 linesJSON 1 files · 5 lines
Files of concern · 6
pack.js Default hardcoded password in pack.js · https://docs.openclaw.ai
README.md 0xF80042413226cf4a5F1b7de458Cf0EEd19237662
generate-birth-id.js Private keys stored in plaintext in birth-info.json
unpack.js execSync shell execution in unpack.js
decrypt-wallet.js SKILL.md claims private keys are never displayed, but code prints them to stdout · Ethereum private keys printed to terminal stdout
skill-card.md https://clawhub.ai/user/vg555558 · https://clawhub.ai/vg555558/birth-system-manager
Other files · fix-clone.js · clone-init.js · whoami.js · SKILL.md · _meta.json
Security positives
No network exfiltration detected - all operations are local as documented
Uses ethers.js library for Ethereum operations (standard, audited)
Includes signature verification to detect tampering
Family tree lineage tracking appears functionally sound
Archiver library used for tar creation (not manual shell concatenation)