Back to skill
Skillv1.0.0
VirusTotal security
Aster-Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:25 AM
- Hash
- 543a7760a96ac1b997f8d1b04634793345a51a93c9861fb61cfbc1550b0bf4af
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aster-skill Version: 1.0.0 The skill is a crypto trading bot that executes trades on the Aster exchange based on LLM-analyzed news sentiment. It is classified as suspicious due to a prompt injection vulnerability in 'crypto-news-trader-index.js', where unsanitized news content from external sources (Twitter, news sites) is directly embedded into the LLM prompt, potentially allowing attackers to manipulate trading decisions. Additionally, 'crypto-news-trader-skill.json' contains an unusual MCP server configuration that runs an installation command ('npx clawhub install') rather than a standard service execution command, which is a risky pattern for automated agents.
- External report
- View on VirusTotal