Back to skill
Skillv0.1.0
VirusTotal security
OpenMM · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:34 AM
- Hash
- cf320b5955d19c38b660b8acf38b0249fe5791b4590d2d250d5f9992dcba6444
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openmm Version: 0.1.0 The OpenClaw AgentSkills skill bundle for OpenMM is designed for legitimate market making and trading activities. The `packages/plugins/openclaw-openmm/src/index.ts` plugin uses `node:child_process.execFile` to execute the `openmm` CLI, passing arguments as an array, which is a secure method against shell injection. Crucially, sensitive actions like `create_order` and `start_grid_strategy` are marked as `optional: true` and default to `dryRun: true`, requiring explicit user/admin approval. The `SKILL.md` and `CLAUDE.md` documentation consistently emphasizes strong safety practices, including dry-runs, user confirmation, checking balances, and explicitly disabling withdrawal permissions for API keys. API keys are handled securely via environment variables and marked as sensitive in plugin configurations. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection designed to subvert the agent's ethical guidelines or steal data.
- External report
- View on VirusTotal