Back to skill
Skillv1.0.0
VirusTotal security
Openclaw Context Optimizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:50 AM
- Hash
- 270b6458b31c850e71fd8d2cfff3cd5f36cb6806a26ab31b38e22163972f42ca
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-context-optimizer Version: 1.0.0 The OpenClaw Context Optimizer skill is designed for a benign purpose: reducing token usage through intelligent context compression. However, it contains a critical vulnerability in its x402 payment verification logic. The `verifyTransactionOnChain` method in `src/x402.js` is explicitly marked as an MVP placeholder that 'trusts reported transaction hashes' and currently accepts any transaction hash longer than 32 characters as valid. This allows any agent to bypass payment verification and gain unauthorized access to the 'Pro tier' (unlimited compressions) without actually paying. This vulnerability is also openly documented in `AGENT-PAYMENTS.md`.
- External report
- View on VirusTotal