Back to skill
Skillv0.1.0
VirusTotal security
Cavos Cli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:51 AM
- Hash
- c3f40c90671669f5f9c0a1774f0e7bb2073d2ae55ae65da50794dd9b2b83feba
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cavos-cli-skill Version: 0.1.0 The skill is classified as suspicious due to its inherent high-risk capabilities, specifically enabling direct interaction with a Starknet wallet for financial transactions (transfers, approvals) and arbitrary contract calls via the `npx @cavos/cli` command in `SKILL.md`. While these operations align with the stated purpose, they carry significant risk of financial loss if the AI agent is compromised or prompted maliciously. Additionally, the reliance on `npx` to download and execute an external package (`@cavos/cli`) introduces a supply chain vulnerability, as the integrity of this external dependency is critical. There is no evidence of intentional malicious prompt injection within `SKILL.md` or other files, nor any attempts at data exfiltration or persistence from the skill bundle itself.
- External report
- View on VirusTotal