Sign-in with Agent

SIWA (Sign-In With Agent) authentication for ERC-8004 registered agents.

What to consider before installing/using this skill: - Incoherent metadata: the registry entry declares no required environment variables, but the documentation clearly expects many secrets (private keys, proxy HMAC secrets, API keys) for different signer backends. Treat the docs as authoritative: the skill will need secrets to operate. - Don’t paste private keys or shared HMAC secrets into a skill or chat. If you need signing, prefer a keyring/proxy deployed by you (self-hosted) and keep the proxy secret in your environment, not in chat or skill configuration. If you must test, use ephemeral testnet keys and testnet faucets. - Verify upstream packages/images before running installs or deploys: the docs reference npm package @buildersgarden/siwa and a GHCR Docker image and Railway deploy links. Inspect the npm package repository, its maintainers, and the container image contents before running them in any environment you care about. - The instructions expect filesystem access (specific workspace paths) and running pnpm/npm commands. Only run these commands in a controlled environment (isolated dev VM or container), not on sensitive production hosts. - Reverse CAPTCHA and captcha-solve helpers require the agent to generate content under constraints; that is not inherently malicious but could inadvertently leak generated content to the server endpoints shown. Confirm the server endpoints you will talk to and that you trust them. - Because the package is instruction-only in the registry and source/homepage are unknown, ask the skill author for the canonical repository URL, the npm package link, and the source for the Docker image. Without those you cannot easily audit the code you will install. If you plan to proceed: (1) audit the @buildersgarden/siwa npm package and the referenced Docker image; (2) prefer the keyring-proxy approach to avoid exposing private keys, and host it yourself; (3) use testnets and throwaway credentials for initial experiments; (4) ensure SIWA_SECRET and other server secrets are never stored in public or shared chat.

Type: OpenClaw Skill Name: siwa Version: 0.0.4 The skill is classified as suspicious due to the inherent risks associated with its core functionality and specific instructions, despite a strong stated security model. Key indicators include instructions in `CLAUDE.md` and `keyring-proxy/skill.md` to run a Docker container (`ghcr.io/builders-garden/siwa-keyring-proxy`) for key management, which is a powerful command that could be risky if the image were compromised. Additionally, `private-key/skill.md` explicitly allows using a raw private key from an environment variable, which, while accompanied by clear security warnings and recommendations for safer alternatives, represents a less secure option that could lead to vulnerabilities if mishandled by the agent or user. The skill's purpose of managing cryptographic keys and performing on-chain transactions is legitimate, and its documentation (`references/security-model.md`) demonstrates a proactive approach to security, but the high-risk capabilities prevent a 'benign' classification.