Back to skill
Skillv0.1.2
VirusTotal security
Send Token · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:50 AM
- Hash
- 91878159f0f49ac29b4b2653e8e1e7217038b9f7fe084a8448f71e733d572143
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: send-token Version: 0.1.2 The skill is classified as suspicious due to the broad `Bash(npx @openant-ai/cli@latest wallet send *)` permission defined in `SKILL.md`. The `*` wildcard allows arbitrary arguments to be passed to the `wallet send` command, which introduces a potential shell injection vulnerability if the underlying `openant-ai/cli` is exploitable or if the agent can be prompted to construct malicious commands. While the `SKILL.md` includes strong safeguards instructing the agent to confirm sensitive actions with the user, the broad permission itself represents a significant risk, even without clear evidence of intentional malicious behavior from the skill author.
- External report
- View on VirusTotal