Skills
skills/openclaw/skills/erc8004-identity/Gen Agent Trust Hub

erc8004-identity

Warn

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill's installation instructions specify downloading the bnbagent package from https://test.pypi.org/simple/.
  • Test PyPI is a sandbox environment intended for testing and does not provide the same security guarantees or package vetting as the production PyPI registry.
  • The package bnbagent==0.1.6 is not from a source on the [TRUST-SCOPE-RULE] list.
  • [COMMAND_EXECUTION] (LOW): The skill relies on local execution of blockchain transactions and management of wallet state.
  • Evidence: Use of sdk.register_agent() and sdk.set_agent_uri() within the provided Python examples.
  • Risk: While the skill uses encryption, the management of a private key wallet (.bnbagent_state) introduces a local attack surface if the environment is compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 14, 2026, 06:01 PM