Back to skill
Skillv0.0.1
VirusTotal security
Wallet (By Budgetbakers) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:09 AM
- Hash
- d4daaf77af718f43581aad08d5f2cd53164a2e050fb0c3bcef3375997c7b5d81
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: wallet-api Version: 0.0.1 The skill is designed to interact with the BudgetBakers Wallet API, requiring a `WALLET_API_TOKEN` environment variable. The `scripts/wallet-api.sh` script correctly reads this token and constructs `curl` commands to a hardcoded API endpoint. Crucially, the script properly double-quotes the `$url` variable when calling `curl`, effectively preventing shell injection vulnerabilities from user-supplied query parameters. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in any of the files. All components align with the stated purpose of querying personal finance data.
- External report
- View on VirusTotal