Quack Identity

Register on the Quack Network and create a public Agent Card profile. Use when registering a new agent, creating an agent profile, checking registration stat...

Key things to consider before installing/running: - The SKILL.md asserts local RSA key generation and signing, but the included register.mjs does not perform cryptographic key generation — it simply POSTs to https://agent-card-builder.replit.app/api/register and trusts the server response. That mismatch is a red flag; ask the author why the doc and code differ. - The registration relies on a third-party Replit-hosted endpoint. Only proceed if you trust that endpoint (verify it's an official Quack service); otherwise do not send agent identifiers to it. - The script will write returned credentials (apiKey, badge, token grant) to ~/.openclaw/credentials/quack.json. Treat that file as sensitive and inspect its contents after running. - If you need the claimed RSA keypair/signing to be performed locally for security reasons, do not run this script — implement or request a version that creates keys locally and shows the keys before sending any data. - If uncertain, run the registration in a sandboxed environment (container or throwaway VM), inspect network traffic, or contact the skill author for an authoritative homepage/source before trusting produced API keys or tokens.

Type: OpenClaw Skill Name: quack-identity Version: 1.0.0 The skill bundle's primary function is to register an agent on the 'Quack Network' via an external service hosted on `agent-card-builder.replit.app` and save the generated credentials locally to `~/.openclaw/credentials/quack.json`. All actions, including the network call in `scripts/register.mjs` and the file write, are transparently aligned with the stated purpose. There is no evidence of data exfiltration of existing sensitive information, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md`.