Back to skill
Skillv0.1.0
VirusTotal security
Send Usdc · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:47 AM
- Hash
- 4192e6d2f0e545b69e1a43aa88e136faec1d12d5190b1f8947ab800273dc4baa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: send-usdc Version: 0.1.0 The skill bundle is classified as suspicious due to the high-risk capability granted by `allowed-tools` in `SKILL.md`. It permits the AI agent to execute `npx awal@latest send *`, allowing arbitrary arguments to the `send` command. While this aligns with the skill's stated purpose of sending USDC, it represents a significant vulnerability surface for prompt injection, where a malicious prompt could trick the agent into transferring funds to an unintended recipient or amount, leading to financial loss. There is no evidence of intentional malicious code or instructions within the skill bundle itself, but the broad permission for a sensitive financial operation warrants a 'suspicious' classification.
- External report
- View on VirusTotal