Back to skill
Skillv1.0.1
VirusTotal security
Infrastructure for agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:38 AM
- Hash
- a9d2b01dc6e8c61700b5d1aa698c196375929236bf87ff9e27932d8cdd36c375
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agents-infra Version: 1.0.1 The skill provides infrastructure for AI agents (phone, email, VPS) and uses a cryptocurrency wallet for identity and payments. The 'decrypt-email.mjs' script directly accesses the user's Solana private key file (~/.config/solana/id.json) to derive an X25519 secret for E2E decryption. While the provided code performs decryption locally and lacks explicit exfiltration logic, the pattern of requiring an AI agent to handle raw private keys for automated financial transactions and data decryption is a high-risk security practice. The skill's functionality relies heavily on an external CLI (@agntos/agentos) and API (agntos.dev), which are not provided for review but would have full access to the user's wallet and decrypted communications.
- External report
- View on VirusTotal