Back to skill
Skillv1.0.1
VirusTotal security
HL Privateer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:03 AM
- Hash
- 5bf49faa15962a35e5c66ec5e3ac0109bd4b5c2fa50103658bd512bde02300c8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hl-privateer-fund Version: 1.0.1 This skill is classified as suspicious due to its core functionality involving direct financial transactions (x402 payments on the Base network) and the ability to execute commands on a remote trading service. While these capabilities are explicitly stated as the skill's purpose and are necessary for its function, they inherently carry significant financial risk and the potential for misuse if the agent were compromised or misdirected. Specifically, SKILL.md and x402.md instruct the agent to make payments, requiring access to a wallet and transaction signing capabilities. Additionally, SKILL.md and api.md describe `cmd.exec` capabilities via WebSocket and a `POST /v1/agent/command` endpoint, allowing the agent to send commands to the remote service. Although the provided examples for these commands are benign (e.g., `/status`), the primitive itself is powerful and could be exploited if the remote service allows dangerous commands or if future instructions were to direct the agent to execute harmful commands. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection with a harmful objective within the provided files.
- External report
- View on VirusTotal