The OpenClaw entry point for ERC-8004 agent identity and reputation. Register agents on-chain, query identities, give and receive feedback ratings.
Security Analysis
medium confidenceThe skill's stated purpose (on-chain agent identity/reputation) is plausible, but its runtime instructions reference a sensitive PRIVATE_KEY and other operational details that are not declared in the skill metadata, which is inconsistent and increases risk.
Name and description match the instructions (register/look up agents, give feedback on-chain). Requiring either a Node or Python client is explainable because both language bindings are shown. However, the skill metadata declares no required environment variables while the SKILL.md clearly shows the CLI and client code expect a PRIVATE_KEY for signing transactions (registering/giving feedback). The absence of any declared network/provider credential (RPC URL, INFURA_KEY, ALCHEMY_KEY, etc.) is also notable — the skill may rely on defaults or implicit endpoints but that is not documented.
SKILL.md explicitly instructs the agent to run CLI commands and to use an environment variable PRIVATE_KEY (e.g., PRIVATE_KEY=0x... erc-800claw register). The instructions instruct signing transactions (on-chain register/giveFeedback) which require secret key material. The instructions do not limit or warn how that PRIVATE_KEY should be stored/used, nor do they declare other environment variables the code may access (RPC endpoints, telemetry). There are no instructions that read unrelated local files, but the opaque nature of the external CLI (no code bundled) means its runtime behavior cannot be reviewed from this skill alone.
This is an instruction-only skill with no install spec and no bundled code files to write to disk. That lowers the immediate installation risk from this skill artifact itself. However, the skill directs installation/usage of an external package (npm/pip package named erc-800claw) which is not included for inspection here — the actual package would need review on its registry/source.
The SKILL.md requires a PRIVATE_KEY for transaction signing, but the skill metadata lists no required env vars and no primary credential. Requesting a private key is proportional to registering or signing transactions on-chain, but omitting this from requires.env is an inconsistency and a security signal: sensitive credentials are expected but not declared. The skill also does not document any RPC/provider credentials (INFURA/ALCHEMY) which may be necessary; absence of those details reduces transparency about what secrets or endpoints will be used.
The skill does not request always:true and does not claim any persistent installation behavior. It's user-invocable and allows autonomous invocation (the platform default), which is expected. There is no evidence the skill modifies other skills or system-wide settings.
Guidance
This skill appears to be what it claims (tools for ERC-8004 on-chain identity), but there are important gaps you should address before installing or using it: - PRIVATE KEY: The instructions require a PRIVATE_KEY to register or submit feedback. Treat that key as highly sensitive — do not paste it into chat. Prefer using a signing service, hardware wallet, or an ephemeral key with limited funds/permissions for testing. - Undeclared secrets: The skill metadata does not declare PRIVATE_KEY or any RPC/provider credentials (INFURA/ALCHEMY). Ask the publisher to declare required environment variables and explain where transactions are sent and what RPC endpoints are used. - Uninspected package: This bundle is instruction-only and points to external npm/pip packages (erc-800claw). Review the actual package source (npm/PyPI and linked GitHub repo) before installing to ensure the CLI/client does only what is documented and does not exfiltrate keys or telemetry. - Testing advice: Before using real keys on mainnet, test on a non-production network (sepolia) with an ephemeral key and small funds. Monitor network traffic and containerize/sandbox the CLI if possible. If the publisher can update the skill metadata to declare PRIVATE_KEY (and any provider credentials) and provide a verifiable upstream repository/release for the erc-800claw package, the inconsistencies would be reduced and confidence would increase.
Latest Release
v0.1.1
- Added a "How to Respond" section with guidance for interpreting user queries and mapping them to specific CLI commands. - Introduced a CLI-focused section, providing command syntax, options, and sample outputs for common agent operations. - No code/API changes; documentation update only to improve usability and clarify usage patterns.
Popular Skills
Published by @primer-dev on ClawHub
