Safety Report

Universal Profile

Name: Universal Profile
Rating: 3 (12 reviews)
Author: frozeman

Manage LUKSO Universal Profiles — identity, permissions, tokens, blockchain operations. Cross-chain support for Base and Ethereum.

1,585Downloads

1Installs

12Stars

16Versions

API Integration4,971 File Management2,100 Customer Support1,744 Networking & DNS1,102

Security Analysis

medium confidence

Suspicious0.08 risk

The skill's code broadly matches its stated purpose (managing LUKSO Universal Profiles) but there are several inconsistencies and missing declarations (env vars, install vs. instruction-only claim, external auth endpoints) that merit caution before installing or granting access to private keys.

Mar 2, 202631 files4 concerns

Purpose & Capabilitynote

The name/description (manage Universal Profiles, tokens, cross-chain) aligns with the included code (ethers + provider logic, token transfer commands, permission encoding, cross-chain deployment data). However the registry metadata and SKILL.md disagree: SKILL.md and package.json show a full CLI with dependencies, but the registry declared 'No install spec — instruction-only skill'. That mismatch (instruction-only claim vs. many code files and package.json) is unexpected and should be clarified.

Instruction Scopeconcern

SKILL.md and the code instruct the agent to read and write credential files under the user's home (~/.openclaw or ~/.clawdbot), load private keys for signing, and call external RPC and relay/indexer endpoints. That behavior is appropriate for a wallet/profile manager, but it requires explicit user consent because it touches local keystore files, handles private keys, and points users at third-party Authorization UIs (my.universalprofile.cloud and openclaw.universalprofile.cloud) whose trustworthiness is not verified here. The SKILL.md also documents environment variables (UP_CREDENTIALS_PATH, UP_KEY_PATH, UP_KEYSTORE_PASSWORD) and file paths that are not declared in the registry metadata.

Install Mechanismnote

No install spec was provided (lowest-risk category), but the package includes a package.json, package-lock.json and many JS files and a CLI entrypoint (bin: up). That means this skill is not truly 'instruction-only' and would need Node + dependencies (ethers/viem) to run. The absence of an explicit install mechanism in the registry is an inconsistency to resolve — it affects how code would actually be executed in the agent environment.

Credentialsconcern

The skill reads/writes local credential/keystore files and references environment variables for keystore passwords and credential paths (UP_KEYSTORE_PASSWORD, UP_CREDENTIALS_PATH, UP_KEY_PATH). The registry declared no required env vars or primary credential, which is inaccurate: the code expects and uses sensitive information (private keys, keystore passwords) and filesystem access. Requiring/using private keys is proportionate for a wallet/profile manager, but the platform metadata should explicitly declare this and the user should be warned before granting filesystem access.

Persistence & Privilegeok

The skill does not request 'always: true' and appears to confine changes to its own config and credential paths under ~/.openclaw or ~/.clawdbot. It will create/read keystore files and a skill config; this is normal for a CLI wallet-style skill. No evidence the skill modifies other skills or system-wide agent settings.

Guidance

This skill contains a full CLI and code that will read/write keystore files and use private keys to sign transactions and call external relay/indexer APIs. Before installing: 1) Confirm you trust the author/source — the registry shows no homepage and the SKILL.md points to external authorization UIs (verify those domains independently). 2) Expect the skill to create/read files under ~/.openclaw and to ask for a keystore password (UP_KEYSTORE_PASSWORD) — treat these as sensitive. 3) Ask the publisher to correct the registry metadata (declare required env vars and whether code will be executed locally). 4) If you plan to use it, review the executeRelay and credentials code paths to ensure private keys are never transmitted to untrusted endpoints (relay endpoints are documented in SKILL.md; verify they are the official LUKSO relayers). 5) Consider running the skill in a sandboxed environment or with test keys first (do not provide primary funds or mainnet private keys until you audit the code and confirm the external endpoints).

Latest Release

v0.8.0

universal-profile 0.8.0 - Added package-lock.json for dependency locking. - Updated Authorization UI links to the new `openclaw.universalprofile.cloud` domain. - Documented canonical (recommended) credential and skill config paths in `~/.openclaw/`. - Included a sample credential JSON format for user reference. - Added clarification that the skill warns if credential files are not securely permissioned. - No changes to core logic; documentation and dependency improvements only.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @frozeman on ClawHub