Back to skill
Skillv1.0.1
VirusTotal security
Zinc Universal Checkout · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:48 AM
- Hash
- 0b40cb7bb6358191e85830dcecb43284f4e9a534f81d9cbb7eaabfebfbdd3461
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: universal-checkout Version: 1.0.1 The skill is designed for managing e-commerce orders via the Zinc API, requiring an API key for authentication. All instructions and examples, including `curl` commands in `SKILL.md`, are directed at the legitimate `api.zinc.com` endpoint. The skill explicitly includes safety instructions for the AI agent, such as requiring user confirmation before placing orders and validating `max_price`, which mitigates financial risks. The 'cron job' example in `SKILL.md` is an agent-internal scheduled task for order status polling, with a benign payload, not a system-level persistence mechanism or arbitrary command execution. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized parties, backdoors, or harmful prompt injection.
- External report
- View on VirusTotal