Back to skill
Skillv1.0.0
VirusTotal security
YieldVault Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- 9a8a2fd217a78e7a7b8e5a05e38f157d3a06a0ad0c4ba93edde501f72f701ebc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yieldvault-agent Version: 1.0.0 The skill is classified as suspicious due to the high-risk vulnerability of directly using a private key from an environment variable (`WALLET_PRIVATE_KEY`) for signing blockchain transactions in `tx-executor.js` and configured in `config.scheduler.json`. While the documentation (e.g., `FINAL_CHECKLIST.md`, `RESPUESTAS_PREGUNTAS.md`, `SKILL_COMPLETION_REPORT.md`) explicitly acknowledges this as a critical security risk for mainnet and recommends hardware wallet integration, the current implementation presents a significant vulnerability if deployed without these mitigations. There is no evidence of intentional malicious behavior such as data exfiltration or unauthorized command execution; the code's functionality aligns with its stated purpose of autonomous yield farming.
- External report
- View on VirusTotal