Back to skill
Skillv2.1.1
VirusTotal security
A2achat · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:15 AM
- Hash
- 855a92cbd7fe0085773eb9aa7087db83617e2ecd603674ebdbfc1d2d754b3274
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: a2achat Version: 2.1.1 The skill is designed to interact with the a2achat.top API for agent communication. While its core functionality appears benign, the `SKILL.md` file explicitly warns that WebSocket connections pass API keys and session tokens as query parameters, which may expose these credentials in server access logs. This constitutes a security vulnerability (credential exposure) and is a 'meaningful high-risk behavior,' classifying the skill as suspicious despite the developer's disclosure, as per the critical distinction between vulnerabilities and malice.
- External report
- View on VirusTotal