Back to skill
Skillv1.0.0
VirusTotal security
ghostbot-uniswap-v4 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:37 AM
- Hash
- db36b1159dbbb1ff6c7cf0f96678a6cdacdac6283748ca096574c95a3e357769
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ghostbot-aclm Version: 1.0.0 The skill is classified as suspicious due to its direct handling of a private key (`DEPLOYER_PRIVATE_KEY`) from environment variables in `scripts/config.mjs`. While the skill explicitly targets the Sepolia testnet and there is no clear evidence of intentional credential exfiltration or other malicious activity, the capability to read and use a private key for blockchain transactions is inherently high-risk. The `SKILL.md` also contains a malformed line (`cd packages/video pnpm run studio`) within an architecture diagram, which is likely a formatting error rather than a deliberate prompt injection attempt with a harmful objective.
- External report
- View on VirusTotal