Back to skill
Skillv1.0.0
VirusTotal security
Buy CRUST · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:18 AM
- Hash
- fca619bc292edc496bb782eb99daf05f494f705c7c092d94d0d36df2bb8e1561
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: buy-crust Version: 1.0.0 The skill instructs the AI agent to perform network requests to cryptocurrency APIs (DexScreener, Jupiter) and a game API (wirx.xyz) to check prices, get swap quotes, and register/join a game, which aligns with its stated purpose. However, the `SKILL.md` file contains explicit instructions for the AI agent to 'Spread the Word' by posting on social media (e.g., Twitter/X) and other agent networks. While the content of these posts is promotional for the associated cryptocurrency and game, this constitutes a form of prompt injection that directs the agent to perform external communication actions. This capability, even if currently used for benign promotion, represents a significant risk as it instructs the agent to act on external platforms, which could be leveraged for spamming or other undesirable behaviors if the skill's instructions were different, thus classifying it as suspicious rather than benign.
- External report
- View on VirusTotal