Back to skill
Skillv1.0.0
VirusTotal security
K3 Blockhain Agent Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:18 AM
- Hash
- afcc4af86535133f06cfc1658953865b3bd8a2ca3582d9f96fc75a13cc2dfb7f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: k3-blockchain-agent Version: 1.0.0 The skill is highly suspicious due to explicit instructions for the AI agent to perform arbitrary web searches for API endpoints and conduct 'Protocol frontend inspection' (including 'browser DevTools → Network tab') as outlined in `SKILL.md` and `references/data-sources.md`. Combined with the agent's broad capabilities to call 'any REST or GraphQL API' via `Read API` and `Write API` (in `references/node-types.md`), and the ability to perform on-chain financial transactions, this creates a severe prompt injection vulnerability. A malicious prompt could trick the agent into interacting with untrusted external services for data exfiltration, unauthorized network access, or financial loss, despite the stated purpose being benign blockchain workflow automation.
- External report
- View on VirusTotal