Back to skill
Skillv1.0.0
VirusTotal security
DEX Swap & Broadcast · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:14 AM
- Hash
- 4d44ff59dfea25a981131609029b417852efdec638d79f29fe6fe9535abf1a3a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: easy-swap Version: 1.0.0 The skill is classified as suspicious due to its inherent high-risk capabilities, specifically the requirement for sensitive credentials like `private_key_or_signer` and the explicit allowance of `bash_tool` execution in `SKILL.md`. While the Python script (`scripts/easy_swap.py`) and the `SKILL.md` documentation are well-structured and appear to serve the stated purpose of facilitating on-chain token swaps via the legitimate OKX API (web3.okx.com), the combination of direct access to private keys and the ability to execute arbitrary shell commands creates a significant attack surface for potential prompt injection against the AI agent, leading to unauthorized actions or data exfiltration if the agent's instructions are compromised. There is no direct evidence of malicious intent within the provided files, but the potential for misuse is substantial.
- External report
- View on VirusTotal