Back to skill
Skillv0.3.2
VirusTotal security
Kraken Exchange · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:33 AM
- Hash
- 7488f257aa255e396c11163499cbfe77bbee1386ada30e27e8bbba0f3879380e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tentactl Version: 0.3.2 This skill is classified as suspicious due to its inherent high-risk capabilities, including real-money trading, fund transfers, and withdrawals on a cryptocurrency exchange, as well as its method of installing and handling API keys. While the `SKILL.md` includes explicit 'Safety Rules' to mitigate prompt injection and ensure user confirmation for sensitive actions, the `cargo install tentactl` command in `SKILL.md` and `scripts/kraken.sh` represents a supply chain risk, as it executes an external binary (`tentactl`) which, if compromised, could lead to arbitrary code execution. Additionally, `scripts/setup-keys.sh` handles sensitive API keys, storing them in `~/.tentactl.env` and interacting with the 1Password CLI, which are sensitive operations that, while seemingly legitimate for setup, contribute to the overall risk profile.
- External report
- View on VirusTotal