Back to skill
Skillv0.19.6
VirusTotal security
Cashu · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 3:53 AM
- Hash
- ff08ef1ac0285e44feaf94ac317fef50fce6eac6105b86f88a33011d0ce99340
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cashu Version: 0.19.6 The skill is designed to manage Cashu ecash wallets and perform Bitcoin/Lightning payments via the `cashu` CLI. It is classified as suspicious due to the inherent financial nature of its operations and the explicit instruction in `SKILL.md` for the agent to use the `--yes` flag, which bypasses interactive prompts and confirmations for all transactions (e.g., `send`, `pay`, `burn`). While this is necessary for agent automation, it means the agent will execute financial commands without further human confirmation for each specific action, posing a significant risk if the agent is compromised or misinterprets instructions. However, there is no evidence of intentional malicious behavior such as data exfiltration, backdoor installation, or unauthorized remote control.
- External report
- View on VirusTotal