Back to skill
Skillv1.1.1
VirusTotal security
Erc8004 Register · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:44 AM
- Hash
- 61e805d579259d7ce323b6a669f1030c186de44ae7a1748228696fb5b6297faf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: erc8004-register Version: 1.1.1 The skill is classified as suspicious due to its direct handling of sensitive blockchain wallet credentials (mnemonic/private key) via environment variables, which is a high-risk practice, and the potential for Server-Side Request Forgery (SSRF) in `scripts/register.py`. The `validate_agent_data` function uses `urllib.request.urlopen` to check user-provided image URLs, which could be exploited to probe internal networks or trigger external requests if a malicious URL is supplied. While these capabilities are arguably necessary for a blockchain interaction skill and its validation features, they introduce significant vulnerabilities without clear malicious intent.
- External report
- View on VirusTotal