Back to skill
Skillv1.1.1
VirusTotal security
Erc8004 Discover · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:45 AM
- Hash
- 1f6496fd18f2889dd77037d6690d900db18f36bb81a59f2a7cb1fda763a6982d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: erc8004-discover Version: 1.1.1 The `scripts/discover.py` file contains a Server-Side Request Forgery (SSRF) vulnerability within the `decode_metadata_uri` function. This function fetches metadata from arbitrary `http://` or `https://` URIs specified in an agent's `metadata_uri` field without sufficient validation. An attacker could register an agent with a crafted `metadata_uri` to induce the OpenClaw agent to make requests to internal network resources or other sensitive external services. While this is a significant vulnerability, there is no clear evidence of intentional malicious behavior such as data exfiltration to an attacker-controlled server or backdoor installation, aligning it with a 'suspicious' classification rather than 'malicious'.
- External report
- View on VirusTotal