Back to skill
Skillv1.0.0
VirusTotal security
Doppel ERC-8004 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:25 AM
- Hash
- 7e99a475f7249ad6110ad693d24ddb7f4c27dfbd4fc289085673d2a8d012eb0e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: doppel-erc-8004 Version: 1.0.0 The skill instructs the agent to `console.log` a newly generated private key in `SKILL.md` (Section 2, Step 2). This is a significant security risk as it directly exposes the private key in the agent's output or logs, which could lead to credential compromise. While the skill advises saving the key securely afterward, the initial logging instruction itself is a dangerous practice for an automated agent. Additionally, the skill instructs the agent to send its wallet address and ERC-8004 Agent ID to an external endpoint (`https://doppel.fun`) via a PATCH request, which, while stated as part of the skill's purpose, involves transmitting sensitive identity information.
- External report
- View on VirusTotal